Privacy Policy

Last updated: February 25, 2026

1. Who We Are

Clawfleet ("we", "our", "us") is a service operated by Seven Hills Software. Clawfleet provides managed hosting for OpenClaw AI assistant instances for individuals and agencies.

For the purposes of the UK and EU General Data Protection Regulation (GDPR), Seven Hills Software is the data controller of your personal data.

Contact: privacy@clawfleet.app

2. Data We Collect

Account data

When you sign up, we collect your email address and, optionally, your name. This is necessary to create and manage your account.

Instance configuration data

When you deploy an OpenClaw instance, we store your configuration choices: the AI model selected, your channel type (e.g. Telegram/Discord), and your API keys. API keys are encrypted at rest using AES-256-GCM via Supabase Vault before storage.

Usage and operational data

We collect aggregated usage metrics for your instances: token counts, cost estimates, model routing decisions, and infrastructure health signals. This data is used to generate your dashboards and billing summaries. It does not include the content of conversations between your users and your AI assistant unless you enable conversation tracing.

Conversation traces (optional)

If you enable the observability features, we collect execution traces including message metadata (timestamps, tool calls, token counts). We do not store the full text of user messages by default. You can disable tracing in your instance settings.

Billing data

Payment information is collected and processed by Stripe. We store only a Stripe customer ID and subscription status — we never store full card numbers.

Technical and log data

We collect standard web server logs including IP addresses, browser type, and pages visited. This data is used for security monitoring and is retained for 30 days.

3. Legal Basis for Processing

Contract performance — processing your account data and instance configurations is necessary to deliver the service you signed up for.
Legitimate interests — security monitoring, fraud prevention, and service improvement. We balance these interests against your rights and they do not override your fundamental freedoms.
Legal obligation — retaining billing records as required by applicable tax law.
Consent — for non-essential analytics cookies (you can withdraw consent at any time via our cookie banner).

4. How We Use Your Data

To provision, operate, and maintain your AI instances
To provide your usage dashboards and cost reports
To process payments and manage subscriptions
To send transactional emails (account creation, trial reminders, deletion confirmation)
To investigate security incidents and prevent abuse
To improve our services (using aggregated, anonymised data)

5. Data Sharing and Third Parties

We do not sell your personal data. We share data only with the following sub-processors necessary to operate the service:

Supabase — database, authentication, and encrypted credential storage (EU region)
Stripe — payment processing
Hetzner Cloud / our cloud provider — Kubernetes infrastructure where your AI instances run
Resend / email provider — transactional email delivery

All sub-processors are bound by data processing agreements and are required to maintain appropriate safeguards.

6. Data Retention

Account data — retained while your account is active and deleted promptly upon account deletion
Instance configurations and API keys — deleted when the instance is deleted or your account is deleted
Usage metrics and traces — retained for 90 days, then automatically purged
Billing records — retained for 7 years as required by law
Web server logs — retained for 30 days

7. Your Rights

Under the GDPR (and UK GDPR), you have the following rights. To exercise any of them, email privacy@clawfleet.app.

Right of access — request a copy of the personal data we hold about you
Right to rectification — ask us to correct inaccurate data
Right to erasure — request deletion of your personal data. You can also delete your account directly from Settings → Danger Zone, which immediately purges all your data
Right to restriction — ask us to pause processing your data in certain circumstances
Right to data portability — request a structured, machine-readable export of data you have provided to us (email us to request this)
Right to object — object to processing based on legitimate interests
Right to withdraw consent — for cookie-based analytics, you can withdraw consent at any time via the cookie banner or our Cookie Policy page

We will respond to all legitimate requests within 30 days. You also have the right to lodge a complaint with your local data protection authority (in the UK: the ICO; in the EU: your national DPA).

8. International Transfers

Our infrastructure is primarily located within the EU/EEA. Where data is transferred outside these regions (e.g. via Stripe's global infrastructure), we ensure appropriate safeguards are in place, including Standard Contractual Clauses where required.

9. Security

We implement industry-standard security measures: TLS encryption in transit, AES-256-GCM encryption at rest for credentials, network isolation between tenants via Kubernetes NetworkPolicy, and regular security scanning. However, no system is 100% secure. If you discover a vulnerability, please report it to security@clawfleet.app.

10. Cookies

We use cookies and similar technologies. See our Cookie Policy for full details. You can manage your cookie preferences at any time using the banner on our site.

11. Children

Clawfleet is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us immediately.

12. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will notify you by email or via an in-app notice at least 14 days before the changes take effect.

13. Contact

For any privacy-related questions or to exercise your rights:
Email: privacy@clawfleet.app
Seven Hills Software, Clawfleet