Privacy Policy

This Privacy Policy explains how ZeroToClaw ("we", "us", "our") collects, uses, and protects your personal information when you visit our website or use our services.

1. Data controller

ZeroToClaw is the data controller for the personal information described in this policy. You can reach us at hello@zerotoclaw.ai.

2. Data we collect

Website visitors

• Theme preference — stored in your browser's localStorage. This data never leaves your device.
• Timezone — used client-side to determine your region for cookie consent requirements. This data never leaves your device.
• Cookie consent choice — stored in your browser's localStorage. For visitors in GDPR regions, a consent record (including a hashed IP address, consent version, and timestamp) is sent to our servers for compliance logging. No raw IP addresses are stored.
• Analytics and advertising data — if you accept cookies (or are in a region where consent is not required), Google Analytics (GA4), Google Ads, and Meta Pixel may collect usage data according to their own privacy policies. See our Cookie Policy for details.

Purchasers

• Name and email address — collected by Stripe during checkout and passed to us via AWS EventBridge to send a purchase confirmation email through Amazon SES. We do not store your payment card details.
• Payment information — processed and stored by Stripe. See Stripe's Privacy Policy.

Service customers

Your OpenClaw agent runs on cloud infrastructure operated by ZeroToClaw. While your subscription is active, we store and process the data your agent creates or handles — including agent memory and configuration, conversation history, and any content fetched into the agent from the third-party services you have connected (which may include emails, calendar entries, messages, and records from your business applications). ZeroToClaw staff may access this data to set up, operate, support, and secure your agent. We do not use your agent data to train any general-purpose machine-learning model and do not sell your data. See section 5 for how long we retain this data and our Terms of Service for the customer-facing detail on data handling and offboarding.

3. Legal basis for processing (GDPR)

Where the GDPR applies, we process your data on the following legal bases:

• Consent — for analytics and advertising cookies
• Contract performance — for processing purchase and service delivery data
• Legitimate interest — for consent logging (to demonstrate GDPR compliance)

4. Data processors

We use the following third-party services to process data on our behalf:

• Stripe — payment processing (Privacy Policy)
• Amazon Web Services (AWS) — cloud infrastructure hosting for ZeroToClaw services and customer agents (compute, storage, networking, supporting platform services), email delivery (SES), consent log storage (S3), and event processing (Lambda, EventBridge) (Privacy Policy)
• AI and language-model providers — where your agent calls an AI model, the relevant prompt and response data is transmitted to the upstream provider (e.g. Anthropic, OpenAI). Where you have brought your own API key, your contract with that provider governs. Where you have opted into ZeroToClaw-managed AI credits, ZeroToClaw routes the request through its model proxy under contracts with the upstream providers.
• Third-party integration providers — where your agent reads from or writes to a third-party application you have connected, the relevant request and response data is transmitted to that application and may be routed through an integration provider acting on ZeroToClaw’s behalf.
• Google — analytics and advertising (Privacy Policy)
• Meta — advertising pixel (Privacy Policy)

A current list of ZeroToClaw’s sub-processors is available on request at hello@zerotoclaw.ai.

5. Data retention

• Consent logs — retained for up to 5 years (archived to cold storage after 1 year), then automatically deleted
• Purchase data — retained by Stripe according to their data retention policies
• Customer agent data — the data your agent creates or handles (agent memory, configuration, conversation history, fetched content) is retained on ZeroToClaw infrastructure for as long as your service relationship is active. After cancellation or termination, you have 7 days from when your agent is taken offline to request an export, after which the data is deleted in the ordinary course (subject to retention required by law or for our reasonable record-keeping such as audit logs and billing records). See section 19 of the Terms of Service for the full offboarding process.
• Authorisation tokens — tokens we hold for the third-party services you have connected are deleted or invalidated when you cancel an integration, when you cancel the service, or on termination.

6. International transfers

Our infrastructure is hosted in AWS us-east-1 (Northern Virginia, USA). If you are located outside the United States, your data may be transferred internationally. We rely on the following safeguards:

• AWS participates in the EU-US Data Privacy Framework
• Stripe maintains compliance with international data transfer requirements

7. Your rights under GDPR

If you are in the European Economic Area (EEA) or a jurisdiction with similar privacy rights, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your personal data
• Restriction — request that we limit processing of your data
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interest
• Withdraw consent — at any time, without affecting the lawfulness of prior processing
• Complaint — lodge a complaint with your local data protection supervisory authority

To exercise any of these rights, contact us at hello@zerotoclaw.ai.

8. Your rights under CCPA

If you are a California resident, you have the right to:

• Know — request information about the personal data we collect and how it is used
• Delete — request deletion of your personal data
• Opt out of sale — ZeroToClaw does not sell your personal information

We honour the Global Privacy Control (GPC) signal. If your browser sends a GPC signal, marketing cookies are automatically blocked without requiring further action. You can also manage your preferences via the "Cookie Settings" link on our main site.

9. Children

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us and we will promptly delete it.

10. Related policies

• Cookie Policy — details on cookies and tracking technologies
• Terms of Service — terms governing use of our services

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to active customers. The "Last updated" date at the top of this page reflects the most recent revision.

12. Contact

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at hello@zerotoclaw.ai.