why growaclawHow growaclaw worksUse CasesPricingFAQ
Log inGet Started

Privacy Policy

Last updated: March 24, 2026

1. Introduction

GrowAClaw ("we," "us," or "our") provides managed, dedicated AI agent environments powered by OpenClaw. This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using our services you agree to the practices described here.

2. Information We Collect

Account information

When you create an account we collect your name, email address, and billing details. Payment information is processed directly by Stripe and is never stored on our servers.

Configuration data

We store tenant configuration including plan selection, model preferences, and API keys you provide through Bring Your Own Key (BYOK). API keys are encrypted at rest using AES-256-GCM before storage and are never logged or transmitted in plaintext.

Usage and monitoring data

We collect token usage metrics, health monitoring data (CPU, memory, disk utilization, service status), and audit logs of administrative actions. This data is used to operate, monitor, and improve our service.

Conversation data

Your conversations with your AI agent run entirely on your dedicated private server. We do not access, read, store, or process your conversation content. Conversation data never leaves your environment unless you explicitly configure it to do so (e.g. via messaging channels you connect).

3. How We Use Your Information

  • Provision and operate your dedicated AI environment
  • Process payments and manage your subscription
  • Monitor the health and performance of your server
  • Send operational alerts (service outages, resource thresholds)
  • Provide customer support
  • Improve and develop our services

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

4. Data Security

We implement multiple layers of security to protect your data:

  • Encryption at rest — API keys and credentials are encrypted with AES-256-GCM
  • Encryption in transit — All connections use TLS/SSL; server management uses encrypted SSH tunnels over a private Tailscale VPN
  • Server hardening — Root SSH disabled, UFW firewall with strict allow-list, fail2ban brute-force protection, automatic security updates
  • Isolation — Each customer receives a dedicated VPS; no shared infrastructure between tenants
  • Access controls — Management access is restricted to authenticated connections over our private VPN

While we take commercially reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

5. Third-Party Services

We use the following third-party services to operate:

  • Stripe — Payment processing. Subject to Stripe's Privacy Policy
  • Hetzner Cloud — VPS infrastructure hosting
  • Tailscale — Private VPN for secure server management
  • Resend — Transactional email delivery (alerts, notifications)
  • Anthropic / OpenAI — AI model providers (when using our managed API keys; BYOK customers connect directly to their chosen provider)

Each third-party service processes data under its own privacy policy. We only share the minimum information necessary for each service to function.

6. Data Retention

We retain account and billing data for the duration of your subscription and for a reasonable period afterward to comply with legal obligations. Health monitoring data is retained as a single latest snapshot per tenant. Usage metrics are retained for 12 months. Audit logs are retained for 90 days.

Upon account termination, your dedicated server and all data on it are destroyed. We do not retain copies of your conversation data, files, or workspace contents.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent for optional data processing
  • Object to processing based on legitimate interests

To exercise any of these rights, contact us at privacy@growaclaw.com. We will respond within 30 days.

8. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising pixels. Analytics, if any, are privacy-respecting and do not track individual users across sites.

9. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children. If we learn we have collected data from a child, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website. Continued use of our services after changes constitutes acceptance of the updated policy.

11. Contact

If you have questions about this Privacy Policy or our data practices, contact us at privacy@growaclaw.com.