Privacy Policy

The Short Version

We don't look at your code, conversations, or AI interactions. In local mode, your work stays entirely on your machine. In cloud mode, your sessions run in isolated containers that are destroyed when you're done. We collect only what's needed to run the service.

Local Mode

On your computer (we never see it):

• Your conversations with AI
• Your code and files
• Your API keys and credentials
• Configuration and settings
• Message history and logs

All of this lives in your local EasyClaw/OpenClaw directory and never leaves your computer to reach our servers. We literally cannot access it.

Cloud Mode

When you use EasyClaw Cloud, sessions run in isolated containers on our infrastructure. Here's what we handle:

Account information:

• Email address (from Google sign-in)
• Subscription status and billing details (via Stripe)
• Session metadata (start time, duration, resource usage)

Credentials you provide:

• AI provider API keys are stored encrypted and only injected into your active session containers
• We do not log, read, or use your API keys for any purpose other than passing them to your session

Session data:

• Your session workspace is backed up to private encrypted storage so you can resume later
• Session containers are isolated — no other user or EasyClaw staff can access a running session
• When you delete your account, all session data and backups are permanently removed

Connected Google Services

You may optionally connect Google services (Gmail, Calendar, Drive, and others) to use within your EasyClaw sessions. When you do:

• We request only the permissions (OAuth scopes) you explicitly approve
• Your Google OAuth tokens are stored encrypted and used solely to provide access within your sessions
• We do not read, index, or mine your emails, calendar events, files, or any other Google data
• Tokens are injected into your isolated session container and are not accessible to anyone else
• You can disconnect Google services at any time from your account settings, which immediately revokes our access

EasyClaw acts as a pass-through — your Google data flows between Google's servers and your session container. We do not store, cache, or process your Google data on our side.

What We Collect on This Website

We use Vercel Analytics to collect anonymous usage data like page views and visitor counts. No personal information, no session replays, no screenshots. The EasyClaw desktop application contains no analytics or telemetry.

Your AI Traffic

In local mode, AI requests go directly from your computer to your chosen provider using your own API keys. In cloud mode, AI requests go from your session container to the provider. In both cases, we never intercept, log, or store your AI conversations.

Your AI provider's privacy policies apply to those interactions:

• Anthropic Privacy Policy
• OpenAI Privacy Policy
• Google Privacy Policy

Data Retention

• Account data is retained while your account is active
• Session backups are retained until you delete them or your account
• Encrypted credentials are deleted when you remove them or delete your account
• Infrastructure logs (no personal data) are retained for up to 30 days for debugging

Third-Party Services

• Supabase — authentication and database (privacy policy)
• Stripe — payment processing (privacy policy)
• Vercel — website hosting and analytics (privacy policy)
• Hetzner — cloud infrastructure for sessions (privacy policy)

Changes

We may update this policy. Changes will be reflected here with an updated date. For significant changes, we'll notify you via email or an in-app notice.

Contact

support@easyclaw.app