Privacy Policy

This Privacy Policy explains how ZeroToClaw ("we", "us", "our") collects, uses, and protects your personal information when you visit our website or use our services.

1. Data controller

ZeroToClaw is the data controller for the personal information described in this policy. You can reach us at hello@zerotoclaw.ai.

2. Data we collect

Website visitors

• Theme preference — stored in your browser's localStorage. This data never leaves your device.
• Timezone — used client-side to determine your region for cookie consent requirements. This data never leaves your device.
• Cookie consent choice — stored in your browser's localStorage. For visitors in GDPR regions, a consent record (including a hashed IP address, consent version, and timestamp) is sent to our servers for compliance logging. No raw IP addresses are stored.
• Analytics and advertising data — if you accept cookies (or are in a region where consent is not required), Google Analytics (GA4), Google Ads, and Meta Pixel may collect usage data according to their own privacy policies. See our Cookie Policy for details.

Purchasers

• Name and email address — collected by Stripe during checkout and passed to us via AWS EventBridge to send a purchase confirmation email through Amazon SES. We do not store your payment card details.
• Payment information — processed and stored by Stripe. See Stripe's Privacy Policy.

Service customers

Your OpenClaw agent runs on cloud infrastructure operated by ZeroToClaw. While your subscription is active, we store and process the data your agent creates or handles — including agent memory and configuration, conversation history, and any content fetched into the agent from the third-party services you have connected (which may include emails, calendar entries, messages, and records from your business applications). ZeroToClaw staff may access this data to set up, operate, support, and secure your agent. We do not use your agent data to train any general-purpose machine-learning model and do not sell your data. See section 6 for how long we retain this data and our Terms of Service for the customer-facing detail on data handling and offboarding.

Enquiries and bookings

When you use a form on our site — to book a call, request custom tooling, or register interest in a beta — we collect the details you give us. This may include your name, email address, phone number, business size, timezone, and a description of what you want help with. We use this information to respond to you, arrange the call or request you have asked for, and keep a record of the enquiry. Where you have asked us to, or where you would reasonably expect it as a result of your enquiry, we may also use your email address and phone number to send you marketing. See section 3 for how we handle marketing and how to opt out.

3. Direct marketing (email and SMS)

If you give us your contact details through one of our forms, we may send you marketing messages about ZeroToClaw products, features, offers, and useful tips, by email and by SMS.

We handle direct marketing in line with the Australian Spam Act 2003 and the Australian Privacy Principles under the Privacy Act 1988. In practice that means:

• Opting in is your choice — where we offer a marketing opt-in on a form, ticking it is entirely up to you and is never required to book a call or send us a request.
• Every message identifies us — so you always know a message is from ZeroToClaw and how to reach us.
• You can unsubscribe at any time — use the unsubscribe link in any marketing email, or reply STOP to any marketing SMS. We action opt-outs promptly and within the timeframes the Spam Act requires.
• We do not sell your contact details and we do not share them so that other organisations can market to you.

To opt out of all marketing at any time, you can also email us at hello@zerotoclaw.ai.

4. Legal basis for processing (GDPR)

Where the GDPR applies, we process your data on the following legal bases:

• Consent — for analytics and advertising cookies
• Contract performance — for processing purchase and service delivery data
• Legitimate interest — for consent logging (to demonstrate GDPR compliance)

5. Data processors

We use the following third-party services to process data on our behalf:

• Stripe — payment processing (Privacy Policy)
• Amazon Web Services (AWS) — cloud infrastructure hosting for ZeroToClaw services and customer agents (compute, storage, networking, supporting platform services), email delivery (SES), consent log storage (S3), and event processing (Lambda, EventBridge) (Privacy Policy)
• AI and language-model providers — where your agent calls an AI model, the relevant prompt and response data is transmitted to the upstream provider (e.g. Anthropic, OpenAI). Where you have brought your own API key, your contract with that provider governs. Where you have opted into ZeroToClaw-managed AI credits, ZeroToClaw routes the request through its model proxy under contracts with the upstream providers.
• Third-party integration providers — where your agent reads from or writes to a third-party application you have connected, the relevant request and response data is transmitted to that application and may be routed through an integration provider acting on ZeroToClaw’s behalf.
• Google — analytics and advertising (Privacy Policy)
• Meta — advertising pixel (Privacy Policy)
• Brevo (Sendinblue) — email and SMS delivery for transactional and marketing messages (Privacy Policy)

A current list of ZeroToClaw’s sub-processors is available on request at hello@zerotoclaw.ai.

6. Data retention

• Consent logs — retained for up to 5 years (archived to cold storage after 1 year), then automatically deleted
• Purchase data — retained by Stripe according to their data retention policies
• Customer agent data — the data your agent creates or handles (agent memory, configuration, conversation history, fetched content) is retained on ZeroToClaw infrastructure for as long as your service relationship is active. After cancellation or termination, you have 7 days from when your agent is taken offline to request an export, after which the data is deleted in the ordinary course (subject to retention required by law or for our reasonable record-keeping such as audit logs and billing records). See section 19 of the Terms of Service for the full offboarding process.
• Authorisation tokens — tokens we hold for the third-party services you have connected are deleted or invalidated when you cancel an integration, when you cancel the service, or on termination.

7. International transfers

Your agent and the business data it handles run on dedicated infrastructure provisioned in your region. For Australian clients this is AWS Asia Pacific (Sydney, ap-southeast-2); New Zealand and United States clients are hosted in the closest AWS region. Data residency is set per client and your agent data does not cross jurisdictions.

Our public website and certain supporting services (such as consent logging and analytics) run on AWS in other regions, including us-east-1 (Northern Virginia, USA), and some sub-processors are located outside your country. Where data is transferred internationally, we rely on the following safeguards:

• AWS participates in the EU-US Data Privacy Framework
• Stripe maintains compliance with international data transfer requirements

8. Your rights under GDPR

If you are in the European Economic Area (EEA) or a jurisdiction with similar privacy rights, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your personal data
• Restriction — request that we limit processing of your data
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interest
• Withdraw consent — at any time, without affecting the lawfulness of prior processing
• Complaint — lodge a complaint with your local data protection supervisory authority

To exercise any of these rights, contact us at hello@zerotoclaw.ai.

9. Your rights under CCPA

If you are a California resident, you have the right to:

• Know — request information about the personal data we collect and how it is used
• Delete — request deletion of your personal data
• Opt out of sale — ZeroToClaw does not sell your personal information

We honour the Global Privacy Control (GPC) signal. If your browser sends a GPC signal, marketing cookies are automatically blocked without requiring further action. You can also manage your preferences via the "Cookie Settings" link on our main site.

10. Your rights under Australian privacy law

If you are in Australia, the Privacy Act 1988 and the Australian Privacy Principles give you the right to:

• Access — ask for a copy of the personal information we hold about you
• Correction — ask us to correct information that is inaccurate or out of date
• Opt out of direct marketing — ask us to stop sending you marketing at any time (see section 3)
• Complain — raise a privacy concern with us, and if you are not satisfied with our response, with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au

To exercise any of these rights, contact us at hello@zerotoclaw.ai.

11. Children

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us and we will promptly delete it.

12. Related policies

• Cookie Policy — details on cookies and tracking technologies
• Terms of Service — terms governing use of our services

13. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to active customers. The "Last updated" date at the top of this page reflects the most recent revision.

14. Contact

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at hello@zerotoclaw.ai.