Privacy Policy

ManagedClaws is an AI services team based in Vancouver, British Columbia, Canada. We design, deploy, monitor and customize OpenClaw-based AI agents on behalf of our customers. We are the controller of the personal information described in this Policy.

If you have any questions about this Policy or our handling of your personal information, contact us at contact@managedclaws.com.

We collect the following categories of information when you use ManagedClaws:

• Account information: email address, display name, authentication provider (email/password, Google or other supported providers), Firebase user ID (UID), account creation timestamp, and a sequential user number we assign to each account.
• Order and subscription information: templates you purchase, order identifiers, subscription status, plan and pricing, trial periods, coupons applied, and payment status returned by our payment processor.
• AI Agent configuration: the agent templates you select, configuration values you provide (such as model selection, persona, instructions, channels enabled), and any credentials you supply for third-party services (for example LLM API keys, Telegram or WhatsApp connection details, email or calendar tokens).
• Operational and runtime data: instance health, container state, agent activity counts, model token usage, and similar metrics required to operate the service.
• Communications: messages you send to us, including support requests, sales inquiries, and any conversations with our staff or with our public-facing AI agents (e.g., Ruby).
• Technical data: IP address, browser type, device and operating system information, language preferences, referring URLs, request paths, response status, and approximate location derived from network signals.
• Cookies and similar technologies: see Section 6.

We do not knowingly collect special categories of personal information (such as health, biometric, or government-issued identifier data). Please do not provide such information to us or to your AI agent.

We use personal information for the following purposes:

• To create, authenticate, and secure your account.
• To provision, run, monitor, restart, update, and decommission AI agent instances on your behalf.
• To process orders, subscriptions, renewals, refunds, and invoices through our payment processor.
• To deliver customer support, respond to your inquiries, and operate our public-facing AI agents.
• To detect, investigate and prevent fraud, abuse, security incidents, and violations of our Terms of Service.
• To improve the quality, reliability, and security of our services through aggregated analysis.
• To comply with applicable laws and respond to lawful requests from authorities.
• To send service-related notifications (for example, billing receipts, security alerts, material policy changes). We do not send marketing email without your consent.

When you configure an AI agent to access an external system (such as Telegram, WhatsApp, email, calendars, files, or LLM providers), the agent will receive, process, and produce content related to that system in order to follow your instructions.

• We process this content only to operate the agent you configured. We do not sell agent content to third parties and do not use your customer content to train any general-purpose AI model.
• Credentials you provide (such as LLM API keys or messaging tokens) are stored to the extent required to operate your agent and are protected with access controls. Where technically feasible we store them in encrypted storage and never display them in full after submission.
• When your agent calls a third-party LLM provider (for example, an LLM API), that provider receives the input necessary to generate the response and is governed by its own privacy terms.
• Communications routed through messaging platforms (Telegram, WhatsApp, etc.) are subject to the privacy practices and applicable laws of those platforms.

Payments are processed by Stripe, Inc. ("Stripe"). When you pay for a subscription or service, you submit your payment details directly to Stripe; ManagedClaws does not store your full card number, CVC, or bank account number.

We retain order metadata returned by Stripe, including order identifiers, subscription identifiers, currency, amount, status, billing cycle, coupon usage, and the timestamp of payment events. We use this information to fulfil orders, manage subscriptions, comply with tax and accounting obligations, and resolve disputes. Stripe's handling of your payment information is governed by Stripe's privacy notice.

We use a small number of strictly necessary cookies and similar technologies to operate the service:

• An authenticated session cookie that keeps you signed in across pages and protects authenticated routes.
• Functional storage that remembers your language preference and other interface settings.

We do not currently use third-party advertising cookies or cross-site tracking pixels. If we add analytics or marketing cookies in the future, we will update this Policy and, where required by law, request your consent.

To operate the service securely and reliably, we record structured application logs that may include identifiers such as your user ID, order ID, agent ID, instance ID, request path, response status, and error details. We do not log secret values such as API keys, full bearer tokens, or full payment instruments.

Logs are stored in our cloud logging system and are accessible only to authorized personnel for purposes of service operation, debugging, security investigation, and compliance.

We rely on the following categories of service providers, who process personal information on our behalf under appropriate contractual safeguards:

• Google Cloud Platform and Firebase — authentication, database (Firestore), serverless functions, virtual machine hosting, and structured logging.
• Stripe — subscription billing and payment processing.
• LLM providers (such as the model provider you configure for your agent) — generation of model responses based on inputs you or your agent supply.
• Messaging and productivity providers that you choose to connect to your agent (for example Telegram, WhatsApp, email or calendar providers).
• Email delivery and customer support tooling we use to communicate with you.

Personal information may be processed in Canada, the United States, and other regions where our service providers operate. Where required, we rely on appropriate transfer mechanisms (such as standard contractual clauses or equivalent safeguards) to protect personal information transferred internationally.

We retain personal information for as long as your account is active and for a reasonable period afterwards to satisfy the purposes described in this Policy:

• Account and profile information is retained while your account exists. After deletion, we may retain a minimal record (for example, a hashed identifier) to enforce our Terms or comply with legal obligations.
• Order, billing, and tax records are retained for the period required by applicable accounting and tax law (typically several years).
• Operational logs are retained for a limited period sufficient for security, debugging and audit purposes, after which they are deleted or anonymized.
• Backups are retained on a rolling basis and are overwritten or expired according to our backup schedule.

Depending on where you live, you may have the following rights regarding your personal information:

• Access — request a copy of personal information we hold about you.
• Correction — request that inaccurate or incomplete information be corrected.
• Deletion — request that we delete personal information, subject to legal exceptions.
• Withdrawal of consent — withdraw any consent you have previously given.
• Portability — request a copy of certain information in a structured, machine-readable format.
• Objection or restriction — object to or restrict certain processing activities.
• Lodge a complaint — file a complaint with your local data protection authority. In Canada, this is the Office of the Privacy Commissioner of Canada (OPC) or the Office of the Information and Privacy Commissioner for British Columbia.

To exercise any of these rights, contact us at contact@managedclaws.com. We may need to verify your identity before responding.

ManagedClaws is not directed to children. We do not knowingly collect personal information from individuals under the age of 16 (or such other age of digital consent as required in your jurisdiction). If you believe a child has provided personal information to us, please contact us so we can delete it.

We use industry-standard administrative, technical and physical safeguards to protect personal information, including encrypted transport (HTTPS), access controls, server-side authentication, principle of least privilege for staff access, and isolated execution environments for AI agent workloads. No system is completely secure; we cannot guarantee absolute security but will notify affected users of significant security incidents as required by applicable law.

We may update this Policy from time to time. When we make material changes, we will update the Effective Date above and, where appropriate, provide additional notice (for example, by email or through a notice on the service). Your continued use of the service after the new Effective Date constitutes acceptance of the updated Policy.

If you have questions, complaints, or requests regarding this Privacy Policy, please contact us at contact@managedclaws.com. We are based in Vancouver, British Columbia, Canada.