Privacy Policy

Last updated: February 12, 2026

This Privacy Policy describes how ClawBox ("we", "us", or "our") collects, uses, and protects your personal information when you use the ClawBox platform, website, and services (collectively, the "Service").

By using the Service, you consent to the data practices described in this policy.

1. Information We Collect

1.1 Information You Provide

• Account Information: When you sign up via Google OAuth, we receive your name, email address, and profile picture from Google.
• Payment Information: Payment details (credit card numbers, billing address) are collected and processed by our payment processor, Polar.sh. We do not store your full payment card details on our servers.
• Instance Configuration: Information you provide when setting up your OpenClaw instance, such as your chosen instance name and channel configurations (e.g., Telegram bot tokens).
• API Keys: Third-party API keys you provide (e.g., Anthropic API keys) are stored as environment variables in your container instance. These are encrypted at rest by our infrastructure provider.

1.2 Information Collected Automatically

• Usage Data: We collect information about how you interact with the Service, including pages visited, features used, and actions taken within the dashboard.
• Log Data: Our servers automatically record information such as your IP address, browser type, operating system, referring URLs, and timestamps of requests.
• Instance Metadata: We collect technical metadata about your OpenClaw instances, such as status, resource usage, creation time, and error logs for operational purposes.

1.3 Information We Do NOT Collect

• Conversation Content: We do not access, read, store, or monitor the content of messages or conversations processed through your OpenClaw instance. Messages flow directly between your messaging platform (e.g., Telegram), your OpenClaw instance, and the AI provider (e.g., Anthropic).
• AI Responses: We do not log or store AI-generated responses produced by your OpenClaw instance.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service.
• Create and manage your account.
• Process payments and manage your subscription.
• Deploy, monitor, and manage your OpenClaw instances.
• Communicate with you about your account, subscription, or the Service.
• Detect and prevent fraud, abuse, and security incidents.
• Comply with legal obligations.

3. How We Share Your Information

We do not sell your personal information. We may share your information with:

• Polar.sh (Payment Processor): Your email, name, and payment information are shared with Polar.sh to process subscriptions and payments. Polar.sh acts as our Merchant of Record and is subject to their own privacy policy.
• Supabase (Database & Authentication): Your account information is stored in Supabase, which provides our database and authentication infrastructure.
• Microsoft Azure (Cloud Infrastructure): Your OpenClaw instances run on Azure Container Apps. Instance configuration and metadata are stored within Azure.
• Google (Authentication): We use Google OAuth for authentication. Google's privacy policy governs the data they collect during sign-in.
• Law Enforcement: We may disclose your information if required by law, legal process, or government request, or to protect the rights, safety, or property of ClawBox, our users, or the public.

4. Data Storage and Security

4.1 Data Storage

Your account data is stored in Supabase (hosted in the United States). Your OpenClaw instances run on Microsoft Azure (region selected at deployment). Payment data is stored by Polar.sh and their payment processor, Stripe.

4.2 Security Measures

We implement reasonable security measures to protect your data, including:

• HTTPS encryption for all data in transit.
• Encrypted storage for sensitive data such as API keys.
• Row-level security policies in our database to ensure data isolation.
• OAuth-based authentication (no passwords stored).
• Container isolation for each user's OpenClaw instance.

Despite these measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

5. Data Retention

• Account Data: Retained as long as your account is active. Upon account deletion, your data will be removed within 30 days.
• Instance Data: Deleted immediately when you delete an instance. Container data is permanently destroyed and cannot be recovered.
• Payment Records: Transaction records may be retained as required by law and for accounting purposes, even after account deletion.
• Log Data: Server logs are retained for up to 90 days for operational and security purposes.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data (subject to legal requirements).
• Portability: Request your data in a portable format.
• Objection: Object to the processing of your data in certain circumstances.
• Withdrawal of Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at support@clawbox.cloud.

7. Cookies and Tracking

We use essential cookies required for authentication and session management. We do not use third-party tracking cookies or advertising cookies. Specifically:

• Authentication Cookies: Used to maintain your logged-in session. These are strictly necessary for the Service to function.

We do not use analytics services, advertising networks, or social media tracking pixels.

8. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete such information promptly.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your own, including the United States. By using the Service, you consent to the transfer of your information to these countries. We ensure that appropriate safeguards are in place for such transfers.

10. Third-Party Services

The Service integrates with third-party services, each with their own privacy policies:

• Google Privacy Policy (Authentication)
• Polar.sh (Payment Processing)
• Supabase Privacy Policy (Database & Auth)
• Microsoft Privacy Statement (Azure Infrastructure)
• Anthropic Privacy Policy (AI Provider — used by OpenClaw)

We encourage you to review the privacy policies of these third-party services.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

support@clawbox.cloud