OpenClaw
Sign in

Privacy Policy

Last updated: March 24, 2026

1. Scope

This Privacy Policy explains how Oslark ("we", "us", "our") collects, uses, and protects your personal information when you use Managed OpenClaw ("the Service"). This policy applies to the website at openclaw.oslark.com, the management dashboard, and the hosted instance infrastructure.

2. Information We Collect

Account information: When you sign in with Google, we receive your name, email address, and profile photo. We use your email as your account identifier.

Billing information: Payment processing is handled by Stripe. We store your Stripe customer ID and subscription status but do not store credit card numbers or payment details directly.

Usage data: Token consumption and usage statistics are tracked by OpenClaw on your private instance and stay there. We read this data through our on-instance agent when you view your dashboard, but do not collect or store it on our servers.

Instance data: Your agent configurations, system prompts, channel settings, and plugin preferences are stored on your private instance. Conversation content and files you create through your agents are also stored only on your instance.

3. How We Use Your Information

  • To provision and maintain your private instance
  • To process payments and manage your subscription
  • To display AI model usage data tracked by OpenClaw on your instance
  • To monitor instance health and provide automatic recovery
  • To deliver automatic updates to your instance
  • To communicate with you about your account and the Service
  • To respond to support requests

We do not use your data for advertising or profiling. We may occasionally email you about new features or important changes to the Service.

4. Data Storage and Security

Your private instance runs on cloud infrastructure in EU datacenters. Account data is stored in our database, also hosted in the EU.

All communication between the platform and your instance is encrypted with mutual TLS (mTLS) using per-instance certificates.

Each user's instance is fully isolated — there is no multi-tenancy or shared infrastructure between users. Instance firewalls restrict inbound traffic to only platform-managed connections.

5. Third-Party Services

The following third-party services are involved in providing the Service:

  • AI model providers (Anthropic, OpenAI, Google, Meta, DeepSeek, Mistral, xAI): Your instance connects to these providers directly when your agents use AI models. Each provider has its own data handling policies. We are not involved in these communications and have no visibility into them.
  • Stripe: For payment processing. Stripe handles all payment information per their privacy policy.
  • Google: For authentication via OAuth. We receive your name, email, and profile photo from your Google account.
  • Cloud infrastructure provider: For hosting your private instance in EU datacenters.

6. Data Retention and Deletion

Active subscription: Your data is retained for the duration of your subscription.

After cancellation: Your instance is decommissioned at the end of your billing period. Account data (email, subscription history) is retained for legal and accounting purposes.

Deletion requests: You can request complete deletion of your account and all associated data by contacting us. We will process deletion requests within 30 days, subject to legal retention obligations.

7. Your Rights

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your personal data
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to processing of your personal data

To exercise these rights, contact us at [email protected].

8. Cookies

We use cookies strictly for authentication and session management. These include secure session tokens, CSRF protection tokens, and OAuth state cookies. We do not use tracking cookies, analytics cookies, or advertising cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.

10. Contact

If you have questions about this Privacy Policy or how we handle your data, contact us at [email protected].

See also: Terms of Service · Privacy & Security