Privacy Policy

Last updated: March 2, 2026

This Privacy Policy describes how KiwiClaw ("we", "us", "our") collects, uses, stores, and protects your personal information when you use our website at kiwiclaw.app and our managed OpenClaw hosting platform (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Account Information

When you create a KiwiClaw account, we collect:

  • Email address
  • Name (as provided during signup)
  • Authentication credentials (managed by Clerk, our authentication provider)
  • Profile information you choose to provide

Billing Information

When you subscribe to a paid plan, we collect billing information through Stripe, our payment processor:

  • Payment method details (credit/debit card information is stored by Stripe, not by us)
  • Billing address
  • Transaction history

Usage Data

We automatically collect information about how you use the Service:

  • Agent conversation history and messages
  • LLM token usage metrics
  • Skills installed and used
  • Channel integrations configured
  • Feature usage patterns

Technical Data

We automatically collect technical information when you access the Service:

  • IP address
  • Browser type and version
  • Device information
  • Operating system
  • Referring URLs
  • Pages visited and time spent

API Keys (BYOK Users)

If you use the BYOK plan, you provide your own API keys for LLM providers. These keys are encrypted with AES-256-GCM before storage and are used solely to route requests to your chosen provider.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process transactions and manage your subscription
  • Route LLM requests and enforce usage caps
  • Send service-related communications (account notifications, security alerts, billing updates)
  • Provide customer support
  • Monitor and analyze usage trends to improve the Service
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

3. Data Storage and Security

Your data is stored on the following infrastructure:

  • Database: Neon (PostgreSQL) — US region by default, EU available for Enterprise
  • Compute: Fly.io — per-tenant isolated virtual machines
  • Cache: Upstash (Redis) — usage metrics and rate limiting
  • Authentication: Clerk — identity and session management
  • Payments: Stripe — payment processing and billing
  • CDN/DNS: Cloudflare — content delivery and DNS

All data is encrypted in transit using TLS 1.3. Sensitive data (including API keys) is encrypted at rest using AES-256-GCM. We follow industry best practices for access control, logging, and incident response.

4. Data Sharing

We do not sell your personal information. We share data only in these circumstances:

  • Service providers: We share data with the infrastructure providers listed above, solely for the purpose of operating the Service
  • LLM providers: Conversation content is sent to LLM providers (Moonshot for Auto model, Anthropic for MAX model) to generate agent responses. BYOK users' content is sent to their chosen provider
  • Legal requirements: We may disclose information if required by law, legal process, or government request
  • Business transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred
  • With your consent: We may share information with third parties when you explicitly authorize us to do so

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. When you delete your account:

  • Account information is deleted within 30 days
  • Conversation history is deleted within 30 days
  • API keys are immediately and permanently deleted
  • Billing records are retained for 7 years as required by tax law
  • Anonymized usage analytics may be retained indefinitely

6. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your personal data
  • Portability: Request a machine-readable copy of your data
  • Objection: Object to processing of your personal data
  • Restriction: Request restriction of processing

To exercise any of these rights, contact us at hi@kiwiclaw.app. We will respond within 30 days.

7. Cookies and Tracking

We use the following tracking technologies:

  • Essential cookies: Session management and authentication (Clerk)
  • Analytics: Google Analytics 4 (GA4) to understand site usage. You can opt out using browser extensions or privacy settings
  • Payment cookies: Stripe uses cookies for fraud prevention

We do not use advertising cookies or sell data to advertisers.

8. International Data Transfers

Our Service is primarily operated from the United States. If you access the Service from outside the US, your data may be transferred to and processed in the US. Enterprise customers can choose EU data residency to keep all data within the European Union.

9. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected data from a child under 16, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will send an email notification.

11. Contact

If you have questions about this Privacy Policy or our data practices, contact us at:

For data protection inquiries in the EU, you may also contact your local supervisory authority.