Privacy Policy

This Privacy Policy explains how ZeroToClaw ("we", "us", "our") collects, uses, and protects your personal information when you visit our website or use our services.

1. Data controller

ZeroToClaw is the data controller for the personal information described in this policy. You can reach us at hello@zerotoclaw.ai.

2. Data we collect

Website visitors

• Theme preference — stored in your browser's localStorage. This data never leaves your device.
• Timezone — used client-side to determine your region for cookie consent requirements. This data never leaves your device.
• Cookie consent choice — stored in your browser's localStorage. For visitors in GDPR regions, a consent record (including a hashed IP address, consent version, and timestamp) is sent to our servers for compliance logging. No raw IP addresses are stored.
• Analytics and advertising data — if you accept cookies (or are in a region where consent is not required), Google Analytics (GA4), Google Ads, and Meta Pixel may collect usage data according to their own privacy policies. See our Cookie Policy for details.

Purchasers

• Name and email address — collected by Stripe during checkout and passed to us via AWS EventBridge to send a purchase confirmation email through Amazon SES. We do not store your payment card details.
• Payment information — processed and stored by Stripe. See Stripe's Privacy Policy.

Service customers

During deployment and monitoring, we access your VPS and any data processed by your OpenClaw agent (which may include emails, calendar entries, and messages depending on your configured integrations). We access this data solely to deliver the agreed-upon service and do not retain copies beyond what is necessary for service delivery.

3. Legal basis for processing (GDPR)

Where the GDPR applies, we process your data on the following legal bases:

• Consent — for analytics and advertising cookies
• Contract performance — for processing purchase and service delivery data
• Legitimate interest — for consent logging (to demonstrate GDPR compliance)

4. Data processors

We use the following third-party services to process data on our behalf:

• Stripe — payment processing (Privacy Policy)
• Amazon Web Services (AWS) — email delivery (SES), consent log storage (S3), event processing (Lambda, EventBridge) (Privacy Policy)
• Google — analytics and advertising (Privacy Policy)
• Meta — advertising pixel (Privacy Policy)
• Hosting providers (Hetzner, DigitalOcean, etc.) — VPS hosting for service delivery, selected by the customer

5. Data retention

• Consent logs — retained for up to 5 years (archived to cold storage after 1 year), then automatically deleted
• Purchase data — retained by Stripe according to their data retention policies
• Customer VPS data — not retained by ZeroToClaw. All data remains on your server.
• Credentials — deleted or rotated upon completion of deployment (Launch tier) or upon service termination (Monitor tier)

6. International transfers

Our infrastructure is hosted in AWS us-east-1 (Northern Virginia, USA). If you are located outside the United States, your data may be transferred internationally. We rely on the following safeguards:

• AWS participates in the EU-US Data Privacy Framework
• Stripe maintains compliance with international data transfer requirements

7. Your rights under GDPR

If you are in the European Economic Area (EEA) or a jurisdiction with similar privacy rights, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your personal data
• Restriction — request that we limit processing of your data
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interest
• Withdraw consent — at any time, without affecting the lawfulness of prior processing
• Complaint — lodge a complaint with your local data protection supervisory authority

To exercise any of these rights, contact us at hello@zerotoclaw.ai.

8. Your rights under CCPA

If you are a California resident, you have the right to:

• Know — request information about the personal data we collect and how it is used
• Delete — request deletion of your personal data
• Opt out of sale — ZeroToClaw does not sell your personal information

We honour the Global Privacy Control (GPC) signal. If your browser sends a GPC signal, marketing cookies are automatically blocked without requiring further action. You can also manage your preferences via the "Cookie Settings" link on our main site.

9. Children

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us and we will promptly delete it.

10. Related policies

• Cookie Policy — details on cookies and tracking technologies
• Terms of Service — terms governing use of our services

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to active customers. The "Last updated" date at the top of this page reflects the most recent revision.

12. Contact

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at hello@zerotoclaw.ai.