Privacy Policy

1. Introduction

Welcome to SpinClaw. We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website and tell you about your privacy rights.

Our core philosophy is absolute data sovereignty. Because we provision dedicated Virtual Private Servers (VPS) for each customer, your OpenClaw agent's conversation data, prompts, and connected integrations reside entirely on your isolated node. We do not have access to, nor do we log or monitor, the internal operations or chat history of your agent.

2. The Data We Collect About You

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

• Identity Data includes first name, last name, username or similar identifier.
• Contact Data includes email address.
• Financial Data is processed securely through our payment provider (Stripe). We do not store your full credit card details on our servers.
• Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
• Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
• Infrastructure Data includes the IP addresses, statuses, and metadata of the VPS nodes we manage on your behalf via our infrastructure partners (e.g., Hetzner).

3. Data Sovereignty & Your Agent

When you deploy an OpenClaw agent via SpinClaw, a dedicated server is provisioned for you.

• No Shared Databases: Your OpenClaw SQLite database exists only on your dedicated node volume.
• No Conversation Logging: SpinClaw's orchestration layer does not intercept, log, or monitor the messages sent to or from your agent on Telegram, Discord, or WhatsApp.
• Bring Your Own Keys: We pass your API keys (OpenAI, Anthropic, etc.) directly to your dedicated node's environment variables. We do not store or process your AI prompts centrally.

4. How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Where we need to perform the contract we are about to enter into or have entered into with you (e.g., provisioning your server).
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal obligation.

5. Third-Party Service Providers

We may share your data with the following third parties for the purposes set out in this policy:

• Hetzner Online GmbH: We act as an orchestrator to provision servers on Hetzner infrastructure. Your node's IP and basic metadata are managed there.
• Stripe, Inc.: For secure payment processing and subscription management.
• Supabase, Inc.: For our central authentication and basic account management database.

6. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.

7. Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent.

If you wish to exercise any of the rights set out above, please contact us. Because of the nature of our service, deleting your account will also trigger the immediate destruction of your dedicated node and all its contained data.