Privacy Policy

Last updated: February 17, 2026

At ClawNest ("we", "us"), we take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your information when you use our managed hosting services for OpenClaw.

By using ClawNest, you agree to the collection and use of information in accordance with this policy. We adhere to the General Data Protection Regulation (GDPR).

1. Information We Collect

Account Data

Your email address and billing details (handled via Stripe) required to create and manage your account.

API Keys

The third-party API keys (e.g., OpenAI, Anthropic) you provide to power your AI assistants.

Sign-In Data

If you sign in via GitHub, Google, or Microsoft (OAuth), we receive your email address, display name, and profile picture from the identity provider.

2. Security of API Keys (Critical)

We understand that your API keys are sensitive credentials. We treat them with the highest level of security:

  • Encryption: Keys are encrypted at rest in our database using industry-standard encryption algorithms.
  • Isolation: Keys are injected into your specific OpenClaw container environments only at runtime.
  • No Usage: ClawNest staff never use your keys for our own purposes. They are strictly used to enable functionality for your AI assistant.

3. Cookies & Local Storage

We use a minimal set of cookies and browser storage. We do not use any analytics or third-party tracking cookies.

  • Session cookie: Used to keep you signed in to the ClawNest dashboard.
  • Color-mode preference: Stored locally to remember your light/dark theme choice.
  • Language preference: Stored locally to remember your selected language.

4. Hosted Data & Logs

We host your OpenClaw instances. This means the configuration data, logs, and memory files of your AI assistants reside on our servers.

  • Location: Our infrastructure is located in the EU (Sweden), ensuring strict data protection laws.
  • Access: We do not actively monitor the content of your AI assistant's conversations unless required by law or to diagnose a critical technical failure.
  • Backups: We retain automated backups for a limited period (e.g., 7-30 days depending on plan) to allow for disaster recovery.

5. Data Retention

  • Account data: Retained while your account is active and deleted within 30 days after account removal.
  • Backups: Retained for 7–30 days depending on your subscription plan.
  • Newsletter: Your email is retained until you unsubscribe.

6. Third-Party Services

We use trusted third-party service providers to operate ClawNest:

  • Cloud Infrastructure: To host the servers (e.g., AWS, Hetzner) located in the EU.
  • Payments: Stripe (we do not store your credit card details on our servers).
  • Email: Brevo (for transactional emails and newsletters).
  • Authentication Providers: GitHub, Google, and Microsoft (via OAuth/OpenID Connect) for account sign-in.
  • Embedded Content: Supademo (interactive product demos embedded on our website).

7. Your Data Rights (GDPR)

You have the right to:

  • Access the personal data we hold about you.
  • Request deletion of your data ("Right to be Forgotten"). Upon account deletion, your AI assistant instances, data, and keys are permanently removed from our active infrastructure.
  • Export your data.

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review this policy periodically to stay informed about how we protect your information.

9. Contact Us

For privacy-related inquiries, please email us at [email protected].