Book a free strategy call — pick a time that works for you Book Now →

Privacy Policy

Last updated: March 2026 • Effective: March 2026

1. Introduction

This Privacy Policy describes how ManageMyClaw (“we,” “us,” “our”) collects, uses, and protects your personal information when you use our website (managemyclaw.com) and services. ManageMyClaw is a managed OpenClaw deployment and care service.

We’re committed to transparency about data practices. This policy is written to be readable, not just legally compliant. If anything is unclear, email us at managemyclaw@gmail.com.

2. What Data We Collect

2.1 Data You Provide Directly

Data Type Purpose Retention
Account information (name, email address) Account management, billing, communication Duration of your account + 30 days after deletion
Payment information (card details, billing address) Payment processing — handled entirely by Stripe; we don’t store card numbers Handled by Stripe per their retention policy
Agent configuration preferences (workflows, tools, channels) Delivering and configuring your OpenClaw deployment Duration of your account
Support communications (emails, messages) Providing customer support and improving our service 2 years
Intake form responses Configuring your deployment and workflows Duration of your account

2.2 Data Processed Through the Service

When your OpenClaw agent runs, it processes data from your connected accounts (email, calendar, etc.). This data is processed on your infrastructure — your VPS or Mac Mini — not on ManageMyClaw’s servers.

Data Type Purpose Retention
Email content (via Gmail/Outlook integration) Processed by your OpenClaw agent for tasks you’ve configured Transient — not stored by ManageMyClaw
Calendar data Processed by your OpenClaw agent for scheduling tasks Transient — not stored by ManageMyClaw
Third-party API responses Processed by your OpenClaw agent for configured workflows Transient — not stored by ManageMyClaw
LLM prompts and responses Sent to your chosen LLM provider (Anthropic, OpenAI, etc.) Per your LLM provider’s retention policy

Key point: ManageMyClaw configures and maintains your agent. Your data is processed on your infrastructure. We don’t host, store, or have persistent access to the content your agent processes.

2.3 Data Collected Automatically

Data Type Purpose Retention
Usage analytics (pages visited, features used) Understanding how visitors use our website; improving our service Aggregated/anonymized, retained indefinitely
Agent health metrics (uptime, error rates, API usage) Managed Care monitoring and monthly health reports 90 days
Audit logs (agent actions) Debugging, security, and accountability 90 days

3. How We Use Your Data

We use your data for these purposes and no others:

  • Service delivery: Setting up, configuring, and maintaining your OpenClaw deployment.
  • Billing: Processing payments and managing your subscription.
  • Support: Responding to your questions and resolving issues.
  • Monitoring: If you’re on Managed Care, monitoring agent health, uptime, and performance.
  • Improvement: Understanding how our website and service are used so we can make them better.
  • Communication: Sending you service updates, security alerts, and monthly health reports. We don’t send marketing emails unless you opt in.

We don’t sell your data. We don’t share it with advertisers. We don’t use your data to train AI models.

4. How Credentials Are Handled (Composio OAuth)

This is the section most people care about, so we’ll be specific.

ManageMyClaw never sees, stores, or has access to your passwords or raw API tokens for any connected service.

Here’s how authentication works:

  1. You authorize third-party service connections (Gmail, Calendar, Slack, etc.) through Composio, a secure OAuth middleware.
  2. Composio handles the entire OAuth 2.0 flow — token generation, encryption, storage, and refresh.
  3. All tokens are encrypted at rest and in transit within Composio’s vault.
  4. Your OpenClaw agent receives only the API access it needs from Composio to execute the tasks you’ve configured.
  5. You can revoke access to any connected service at any time — through Composio, through the third-party service’s own settings, or through your agent’s kill switch.

Composio is SOC 2 Type 2 compliant and ISO 27001 certified. For details on their data handling, see Composio’s Privacy Policy.

5. Third-Party Services

We use the following third-party services that may process your data:

Service Purpose What Data They Receive
Stripe Payment processing Payment method, billing address, email
Composio OAuth middleware for third-party integrations OAuth tokens, API scopes
Cal.com Call scheduling Name, email, meeting time
Plausible Analytics Privacy-friendly website analytics Anonymized page views (no cookies, no personal data)
LLM providers AI model powering your agent Prompts containing your instructions and context

We select third-party services based on their security practices, privacy commitments, and compliance certifications. We maintain data processing agreements with each subprocessor as required by applicable law.

6. Cookies

ManageMyClaw uses minimal cookies. We use Plausible Analytics, which is a privacy-friendly, cookieless analytics tool. Plausible doesn’t use cookies, doesn’t collect personal data, and is fully GDPR-compliant without requiring a cookie consent banner.

We may use essential cookies for:

  • Session management: Keeping you logged in if you have an account.
  • Payment processing: Required by Stripe during checkout.

We don’t use tracking cookies, advertising cookies, or third-party analytics cookies. There’s no cookie banner because there’s (almost) nothing to consent to.

7. Your Rights

7.1 For All Users

Regardless of where you’re located, you can:

  • Access the personal data we hold about you.
  • Correct inaccurate personal data.
  • Delete your account and associated data.
  • Export your data in a portable format.
  • Opt out of non-essential communications.

To exercise any of these rights, email managemyclaw@gmail.com.

7.2 GDPR Rights (European Economic Area, UK, Switzerland)

If you’re in the EEA, UK, or Switzerland, you have additional rights under the GDPR:

  • Legal basis for processing: We process your data under contract performance (Article 6(1)(b)) for service delivery and legitimate interest (Article 6(1)(f)) for analytics and service improvement.
  • Right to restriction: You can request we restrict processing of your data in certain circumstances.
  • Right to object: You can object to processing based on legitimate interests.
  • Right to lodge a complaint: You can file a complaint with your local data protection authority.
  • Data transfers: If we process your data outside the EEA, we use Standard Contractual Clauses (SCCs) or equivalent safeguards.

We respond to all GDPR requests within 30 days.

7.3 CCPA Rights (California Residents)

If you’re a California resident, the California Consumer Privacy Act (CCPA) gives you:

  • Right to know: What personal information we collect and how we use it (described in this policy).
  • Right to delete: Request deletion of your personal information.
  • Right to opt-out of sale: We don’t sell your personal information. Period.
  • Right to non-discrimination: We won’t treat you differently for exercising your privacy rights.

We respond to all CCPA requests within 45 days.

8. Data Retention

  • Account data: Retained for the duration of your account + 30 days after deletion to allow for account recovery.
  • Payment records: Retained as required by tax and financial regulations (typically 7 years).
  • Support communications: 2 years.
  • Agent health metrics and audit logs: 90 days.
  • Analytics data: Aggregated and anonymized; retained indefinitely.

After the retention period, data is permanently deleted or anonymized.

9. Data Security

We protect your data through:

  • Encryption in transit (TLS 1.2+) and at rest.
  • Access controls limiting who on our team can access customer data.
  • Regular security reviews of our internal systems.
  • Prompt notification if we become aware of a data breach affecting your information (within 72 hours as required by GDPR, or sooner).

Your OpenClaw agent runs on your infrastructure with the security hardening we’ve configured — Docker sandboxing, firewall rules, Composio OAuth, and tool permission allowlists.

10. Children’s Privacy

ManageMyClaw is a business service. We don’t knowingly collect data from anyone under 18. If you believe we’ve inadvertently collected data from a minor, contact managemyclaw@gmail.com and we’ll delete it immediately.

11. Changes to This Policy

We may update this Privacy Policy as our service evolves or as legal requirements change. When we make material changes, we’ll:

  • Update the “Last Updated” date at the top of this page.
  • Notify existing customers via email if the changes affect how we handle their data.

We won’t reduce your rights under this policy without your explicit consent.

12. Contact Us

For privacy questions, data requests, or concerns, email managemyclaw@gmail.com.

We respond to all privacy inquiries within 5 business days, and to formal data subject requests within the timeframes required by applicable law (30 days for GDPR, 45 days for CCPA).

See also: Terms of ServiceRefund Policy