Privacy Policy

Last updated: March 2026

1. Data Controller

RunClaw is the data controller for the personal data described in this policy. Our entity formation is in progress -- this section will be updated with full legal entity details when registration is complete.

For privacy inquiries, contact us at: hello@runclaw.run

This policy applies to all RunClaw services across all setup paths (Hetzner, Vultr, SSH, and managed hosting).

2. What We Collect

RunClaw collects the minimum data necessary to operate the platform:

  • Email address -- for authentication and account communications
  • Stripe customer ID -- for billing management (Stripe stores payment details, not RunClaw)
  • VPS metadata -- server type, region, status, domain, display name, provider type, and provisioning mode
  • System metrics (30-day retention) -- CPU, memory, and disk usage collected by the sidecar agent for your dashboard
  • Security events -- failed SSH attempts and firewall blocks, collected by the sidecar for your security dashboard
  • Anonymized analytics data -- page views, referrer URL, device type, and browser type, collected via Google Analytics only when you give explicit consent through our cookie banner

3. How Credentials and Secrets Are Handled

RunClaw handles different types of credentials differently. This section describes each flow precisely.

Cloud provider tokens (Hetzner, Vultr):

  • Encrypted in your browser using PBKDF2+AES-256-GCM via the WebCrypto API. Stored in browser localStorage.
  • Never transmitted to or stored on RunClaw's servers. RunClaw stores only one-way SHA-256 hashes of tokens for verification.
  • For Hetzner: API calls go directly from your browser to Hetzner's API.
  • For Vultr: because Vultr's API does not support browser CORS, API requests are forwarded through a stateless RunClaw proxy. The token transits server memory during the request but is never stored or logged.

Setup-time secrets:

  • Access gate token: sent to RunClaw during provisioning and stored as an encrypted value. Used for cookie-based access control on your agent's URL.
  • LLM API keys (optional): if you provide them during setup, they are temporarily encrypted in our database, injected into your VPS via cloud-init, then permanently deleted from our database after provisioning completes.

Post-provisioning management:

  • LLM keys and configuration updates made through the dashboard after setup are relayed through the sidecar connection to your VPS. These values pass through RunClaw's servers in transit but are not stored in the database.
  • Logs, terminal output, and workspace files are relayed through the control plane only when you use those dashboard features. RunClaw does not continuously collect or inspect this content.

Managed hosting:

  • Managed instances are provisioned using RunClaw's own cloud provider credentials. RunClaw retains administrative capability on managed instances for operational purposes.
  • A root password is generated per provisioning, injected via cloud-init, and not stored in our database.

4. What We Do NOT Collect

RunClaw does not continuously collect or inspect:

  • Your AI agent conversations or chat history
  • Your agent's memory, context, or learned data
  • Files stored on your VPS (unless you use the workspace feature)
  • Your browsing or usage patterns without your consent (analytics cookies are only set after you explicitly opt in via our cookie banner)
  • Payment card details (handled entirely by Stripe's PCI-compliant infrastructure)

Management features (logs, terminal, workspace, config) can relay content through RunClaw when you use them, but RunClaw does not initiate this collection.

5. Legal Bases for Processing (GDPR Art. 6)

We process personal data based on the following legal grounds under the General Data Protection Regulation:

  • Art. 6(1)(b) -- Contract performance: Account management, VPS provisioning, subscription billing, sidecar connectivity, and fleet management. Processing is necessary to deliver the services you have signed up for.
  • Art. 6(1)(f) -- Legitimate interest: System metrics collection (for your customer dashboard), security event monitoring (for your protection), and fraud prevention. Our legitimate interest does not override your rights -- you can object at any time.
  • Art. 6(1)(a) -- Consent: Optional notification emails (update alerts, security notifications) and analytics cookies (Google Analytics). Notification emails can be disabled from your account settings. Analytics cookies can be declined or revoked at any time via the cookie consent banner.
  • Art. 6(1)(c) -- Legal obligation: Tax and invoicing records retention (up to 10 years per applicable tax law).

6. Where Data Lives

Your data is stored in the following locations:

  • RunClaw platform database -- EU-hosted (Hetzner, Germany). Contains account data, subscription info, and VPS metadata.
  • Your VPS -- located in the region you choose (Hetzner, Vultr, or your own provider). Contains your agent, its data, and all conversations.
  • Stripe -- PCI-compliant payment processing. Stores billing history and payment methods.
  • Cloudflare -- DNS records only. We do not use Cloudflare proxying or analytics.
  • Resend -- transactional email delivery for account notifications.
  • Sentry -- error tracking for platform stability. No VPS data is sent to Sentry.
  • Google -- Google Analytics for anonymized usage analytics. Data is processed by Google under their Privacy Policy. Only active when you consent via our cookie banner.

7. Data Sharing

RunClaw does NOT sell, share, or provide your personal data to third parties, except for the following service providers necessary to operate the platform:

  • Stripe -- payment processing (PCI compliant)
  • Hetzner -- infrastructure provisioning (EU data centers)
  • Vultr -- infrastructure provisioning (global data centers)
  • Cloudflare -- DNS management (no analytics)
  • Resend -- transactional email delivery
  • Google -- anonymized analytics (only when you consent via cookie banner)

We may disclose data to law enforcement only when required by applicable law. When legally permitted, we will notify you of such requests.

8. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

  • Right of Access (Art. 15): View your data through your RunClaw dashboard
  • Right to Rectification (Art. 16): Update your account details in your settings
  • Right to Erasure (Art. 17): Delete your account and all associated data from our systems
  • Right to Restriction (Art. 18): Request restriction of processing of your personal data
  • Right to Data Portability (Art. 20): Export all platform data as JSON from your account settings
  • Right to Object (Art. 21): Object to processing based on legitimate interest
  • Right to Withdraw Consent (Art. 7): Withdraw consent for optional notification emails or analytics cookies at any time. Analytics consent can be revoked via the cookie consent banner.

To exercise any of these rights, contact hello@runclaw.run.

9. Data Retention

We retain your data only as long as necessary for the purposes described in this policy:

  • System metrics -- 30-day automatic retention via TimescaleDB. Older metrics are automatically purged.
  • Security events -- retained while your account is active, deleted upon account deletion.
  • Account data -- deleted from our systems upon your account deletion request.
  • Stripe billing history -- retained by Stripe for up to 10 years per tax and invoicing compliance requirements.
  • Cloudflare DNS records -- removed when your VPS is deprovisioned.

10. Cookies

RunClaw uses a minimal set of cookies, all strictly necessary for the operation of the platform:

  • Session cookie (BetterAuth) -- strictly necessary for authentication. Not used for tracking.
  • VPS gate cookie (openclaw_access) -- access control for VPS instances. Domain-scoped to your VPS subdomain.
  • Captcha cookie (Cloudflare Turnstile) -- anti-abuse during login and signup. Session-scoped.

Analytics cookies (consent-based):

  • Google Analytics (_ga, _ga_*) -- anonymized usage analytics (page views, referrer, device type). These cookies are only set after you explicitly consent via the cookie consent banner shown on your first visit.
  • Consent preference -- your choice is stored in browser localStorage under the key runclaw:cookie-consent. This is not a cookie and is never sent to our servers.

We do not use advertising or third-party tracking cookies. To withdraw analytics consent, click the cookie preferences link in the site footer, or clear the runclaw:cookie-consent key from your browser's localStorage. Google Analytics will immediately stop loading on subsequent page views.

11. Children's Privacy

RunClaw is not directed to children under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us at hello@runclaw.run and we will promptly delete the data.

12. International Transfers

RunClaw's platform data is hosted in the EU (Hetzner, Germany). For users outside the EU, personal data is transferred to EU-based servers. Adequate protection is ensured through Hetzner's EU data center infrastructure and applicable data protection frameworks.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our data practices or legal requirements. When we make material changes, we will notify registered users via email and update the "Last updated" date at the top of this page. Continued use of RunClaw after changes constitutes acceptance of the updated policy.

14. Contact

For privacy inquiries, data access requests, or to exercise any of your GDPR rights, contact us at: hello@runclaw.run