Privacy Policy

Last updated: March 6, 2026

1. Introduction

Datapine S.L. ("Company", "we", "us"), a company registered in Spain, operates the Clawby platform at clawby.io. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and applicable Spanish law.

2. Data Controller

Datapine S.L.
Email: privacy@clawby.io
Website: clawby.io

3. Data We Collect

Account Data

• Email address
• Name (optional)
• Password (hashed, never stored in plain text)
• Subscription plan and billing information

Service Data

• Instance configurations (bot names, settings)
• API keys you provide (Anthropic, Telegram) — stored encrypted on your dedicated server only
• Knowledge base files and workspace content you upload

Technical Data

• IP address and server logs
• Browser type and version
• Pages visited and usage patterns
• Cookies for session management

4. How We Use Your Data

We process your data for the following purposes:

• Service delivery: provisioning and managing your OpenClaw instances
• Account management: authentication, billing, and support
• Communication: service notifications, security alerts, and support responses
• Improvement: analyzing usage patterns to improve the Service
• Legal compliance: fulfilling legal obligations and responding to lawful requests

5. Legal Basis for Processing (GDPR)

• Contract performance (Art. 6(1)(b)): processing necessary to provide the Service
• Legitimate interest (Art. 6(1)(f)): security, fraud prevention, service improvement
• Legal obligation (Art. 6(1)(c)): tax and accounting requirements
• Consent (Art. 6(1)(a)): marketing communications (opt-in only)

6. Data Storage and Security

Your data is stored on servers located in the European Union (Hetzner Cloud, Germany and Finland). We implement appropriate security measures including:

• Encryption of data in transit (TLS) and at rest
• SSH key-based server access (no password authentication)
• Firewall and fail2ban protection on all instances
• API keys stored only on your dedicated server, not in our database
• Regular security updates and monitoring

7. Data Sharing

We do not sell your personal data. We share data only with:

• Hetzner Online GmbH: infrastructure provider for server hosting (EU-based)
• Payment processor: for billing and subscription management
• Law enforcement: when required by law or valid legal process

All third-party processors are bound by data processing agreements compliant with GDPR.

8. Data Retention

• Account data: retained while your account is active, deleted within 30 days of account termination
• Server data: destroyed within 7 days of instance deletion
• Billing records: retained for 5 years as required by Spanish tax law
• Server logs: retained for 90 days for security purposes

9. Your Rights (GDPR)

As a data subject, you have the right to:

• Access: request a copy of your personal data
• Rectification: correct inaccurate or incomplete data
• Erasure: request deletion of your data ("right to be forgotten")
• Restriction: request limitation of processing
• Portability: receive your data in a structured, machine-readable format
• Object: object to processing based on legitimate interest
• Withdraw consent: withdraw consent at any time for consent-based processing

To exercise your rights, contact us at privacy@clawby.io. We will respond within 30 days.

10. Cookies

We use essential cookies for session management and authentication. These are strictly necessary for the Service to function and do not require consent. We do not use tracking or advertising cookies.

11. International Transfers

Your data is processed and stored within the European Economic Area (EEA). In the event of any transfer outside the EEA, we will ensure appropriate safeguards are in place (such as Standard Contractual Clauses).

12. Children

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify registered users of material changes via email. The "Last updated" date at the top indicates the most recent revision.

14. Supervisory Authority

You have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Espanola de Proteccion de Datos — AEPD) at www.aepd.es.

15. Contact

For privacy-related questions or requests:

Datapine S.L.
Email: privacy@clawby.io
Website: clawby.io