// LEGAL

Privacy Policy

Last updatedFebruary 2026

At ClawHost, we believe privacy should be straightforward. This policy explains what data we collect, how we use it, and the measures we take to protect it. No legal fog — just clear facts.

Information We Collect

We collect the minimum data necessary to operate the platform and deliver a reliable hosting experience for your AI bots.

// DATA CATEGORIES

ACCOUNT INFOEmail address and display name provided by your OAuth provider (GitHub or Google). We never ask for passwords.

PAYMENT INFOProcessed entirely by Stripe. We never store, process, or have access to your credit card details.

BOT CONFIGURATIONYour Telegram bot token (encrypted at rest) and AI provider selection. Used exclusively for container setup.

USAGE DATAToken consumption counts, bot runtime stats, and credit balance changes. Used for billing and the monitoring dashboard.

How We Use Your Information

Your data is used solely to operate, improve, and communicate about the ClawHost platform. We do not sell data to third parties.

Provide and maintain the hosting service — deploying, running, and monitoring your bots

Process subscription payments and credit purchases through Stripe

Monitor bot health, resource usage, and container status

Improve platform reliability, performance, and feature development

Communicate critical service updates, security notices, and billing alerts

Data Storage & Security

We employ multiple layers of security to keep your data safe, from encryption at rest to strict container isolation.

// SECURITY MEASURES

Database → Data stored in encrypted MongoDB with access controls

Containers → Bot containers isolated via Docker with disabled ICC and resource limits

AI Traffic → Conversations routed through our proxy — not stored long-term

Payments → Stripe handles all payment data (PCI DSS Level 1 compliant)

Transport → All traffic encrypted via TLS — no plain HTTP accepted

Third-Party Services

We integrate with the following third-party services, each operating under their own privacy policies.

Stripe

PAYMENT PROCESSING

Handles subscriptions, credit purchases, and invoicing. PCI DSS compliant.

Anthropic / OpenAI / Google

AI PROVIDERS

Messages processed per their respective data policies. We do not store conversations.

GitHub / Google

OAUTH AUTHENTICATION

We only receive your email and display name. No repository or account access.

Docker Hub

CONTAINER IMAGES

OpenClaw base images pulled for bot deployment. No user data is shared.

AI Conversations

We proxy AI requests between your bot and the selected AI provider. This is a core part of our security and billing architecture — here is exactly what happens with conversation data.

// CONVERSATION DATA HANDLING

Proxied, not stored

Messages pass through our proxy in real-time but are not permanently saved to our databases.

Billing metadata only

Token counts and associated costs are logged for credit deduction and usage dashboards.

Moderation pre-processing

Content moderation runs on messages before they reach the AI provider. Flagged content is blocked, not stored.

Your Rights

You maintain full control over your data. These rights can be exercised at any time through your dashboard or by contacting support.

ACCESSView all data we hold about you, including account details, bot configurations, and usage logs.

DELETIONRequest complete deletion of your account and all associated data.

EXPORTExport your bot configuration and usage data in a machine-readable format.

CANCELLATIONCancel your subscription at any time with no penalty. Your bot runs until the billing period ends.

Data Retention

We retain data only as long as necessary to provide the service and meet our legal obligations.

// RETENTION PERIODS

∞ ACTIVEAccount data retained while your subscription is active.

30 DAYSAccount data deleted 30 days after account closure.

30 DAYSBot containers and configurations preserved 30 days after subscription ends.

90 DAYSToken usage logs retained for 90 days for billing verification and dispute resolution.

Cookies

We use the absolute minimum of cookies required to operate the platform.

Session Cookie → NextAuth JWT for authentication. Expires on logout or session timeout.

No Tracking → We do not use tracking cookies or fingerprinting of any kind.

No Analytics → No third-party analytics scripts. No Google Analytics, no Mixpanel, nothing.

Contact

For any privacy-related questions, data requests, or concerns, reach out to us directly.

support@clawhost.com

We aim to respond to all privacy inquiries within 48 hours. For urgent security concerns, include "URGENT" in the subject line.

This privacy policy may be updated from time to time. We will notify registered users of any material changes via email. Continued use of the platform after changes constitutes acceptance of the updated policy.