1. Introduction

This Privacy Policy describes how SupaClaw ("we," "us," or "our") collects, uses, and shares information in connection with your use of our website and services (collectively, the "Service"). SupaClaw is a VPS hosting service that deploys OpenClaw, an open-source AI assistant platform, for its users. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

We collect the following types of information:

Account Information: When you create an account via Google OAuth, we collect your email address, display name, and profile picture as provided by Google.
Payment Information: Payment processing is handled by LemonSqueezy. We do not directly store your credit card numbers or bank account details. LemonSqueezy may collect billing information as described in their own privacy policy.
Google Workspace Tokens: If you connect Google Workspace integrations (e.g., Gmail, Calendar), we store encrypted OAuth tokens to enable the AI assistant to access your authorized Google services on your behalf.
Usage Data: We collect information about how you interact with the Service, including AI credit usage, deployment configurations, and feature usage.
Telegram Bot Tokens: We store your Telegram bot token to enable AI assistant integration with your Telegram bot.

3. How We Use Your Information

We use the information we collect to:

Provision and maintain your dedicated VPS environment
Process payments and manage subscriptions
Provide customer support
Enable AI assistant functionality through connected integrations
Monitor and improve the performance and security of the Service
Comply with legal obligations

4. Data Isolation and Security

Each user receives a fully isolated virtual environment (dedicated VPS). Your AI assistant instance runs on a separate server that is not shared with any other users. We implement industry-standard security measures including encryption at rest and in transit.

This isolation is a core design principle of SupaClaw. Unlike AI tools that run directly on your personal computer with access to all your files, passwords, and applications, SupaClaw's isolated environment ensures that:

Your AI assistant cannot access your personal computer, local files, or installed applications
Other users cannot access your server or data
Even if a security issue occurs, it is contained within the isolated environment and cannot spread to your personal devices
You do not need technical expertise to maintain the security of your AI assistant — we handle server hardening, updates, and access control on your behalf

Some advanced OpenClaw features that require direct access to local systems are intentionally restricted in SupaClaw to maintain this security boundary.

We use Supabase for authentication and primary data storage. All sensitive credentials, including Google Workspace tokens and Telegram bot tokens, are stored in encrypted form.

5. User Responsibility and Data Input

SupaClaw is not responsible for any data leaks, exposure, or misuse caused by your own actions, including but not limited to sharing sensitive information with the AI assistant.

In particular, SupaClaw bears no responsibility for any personal information leaks or damages resulting from the user's own direct commands or instructions to the AI assistant. For example, if you instruct the AI to send, share, or publish your personal information to external services or third parties, any resulting exposure is solely your responsibility. The AI assistant executes actions based on your commands, and the consequences of those commands rest with you.

You should NOT share the following types of information with the AI assistant:

Social Security Numbers (SSN) or national ID numbers
Passwords or security credentials
Bank account numbers or financial PINs
Credit card numbers
Any other highly sensitive personal information that could be used for identity theft or fraud

While we take reasonable measures to secure your VPS environment, the AI model processes your inputs to generate responses, and we cannot guarantee the absolute security of data you voluntarily share with the AI.

6. Third-Party Services

Our Service integrates with the following third-party services, each governed by their own privacy policies:

Supabase: Authentication and data storage
LemonSqueezy: Payment processing and subscription management
Google OAuth: Account authentication
Telegram: Bot messaging integration
Kimi K2.5 (Moonshot AI): AI model provider

7. Cookies

We use essential cookies for authentication sessions and maintaining your login state. These cookies are strictly necessary for the Service to function and cannot be disabled. We do not use tracking cookies or advertising cookies.

8. Data Retention

We retain your personal data for as long as your subscription is active. Upon cancellation of your subscription, we will retain your data for an additional 30 days to allow for reactivation. After this 30-day period, your data, including your VPS environment and all associated data, will be permanently deleted.

You may request early deletion of your data at any time by contacting us or using the account deletion feature in your dashboard settings.

9. Your Rights

You have the right to:

Access the personal data we hold about you
Request correction of inaccurate personal data
Request deletion of your personal data
Export your data in a portable format
Withdraw consent for optional data processing

10. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us so we can take steps to remove such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of the Service after such changes constitutes your acceptance of the revised Privacy Policy.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us at: harris.supaleads@gmail.com