Privacy Policy

1. Who We Are

ChatClaw is operated by Sumera Labs ("we", "us", "our"). ChatClaw is a web dashboard that lets users connect and interact with their self-hosted OpenClaw AI agent from any device. We act as a relay between your browser and your own agent — we do not operate the AI agent itself.

For privacy enquiries, contact us at: chatclaw.support@sumeralabs.com

2. Data We Collect

We do not collect payment card data, location data, or device identifiers. We do not run advertising trackers or sell your data to third parties.

3. Legal Basis for Processing

We process your data under the Contract legal basis (GDPR Art. 6(1)(b)) — processing is necessary to provide the service you signed up for. Storing your email, agent configuration, and conversation history is what makes the ChatClaw dashboard work. We do not rely on consent for core service data.

If we add optional analytics or marketing emails in future, we will ask for your explicit consent separately and this policy will be updated.

4. How We Store Your Data

Your data is stored in Supabase (our database provider). Supabase is SOC 2 Type II certified and encrypts all data at rest (AES-256) and in transit (TLS 1.2+). Supabase acts as our data processor under a signed Data Processing Agreement.

Storage region: [US East / EU Frankfurt — update to match your Supabase project region]. Conversation messages are stored as plaintext rows in the database and are accessible to authorised ChatClaw infrastructure personnel. This is the same approach taken by products like Intercom and Slack. We plan to offer application-level encryption as a future Pro-tier feature.

5. Data Retention

• Conversation messages: retained for 12 months from creation, then deleted
• Account data (email, bots, tasks): retained until you delete your account
• After account deletion, all data is permanently removed within 30 days

6. Third Parties

We share data only with infrastructure providers that process it on our behalf:

• Supabase — database and authentication. Privacy policy: supabase.com/privacy
• Google — OAuth sign-in only. We receive your email address and Google account ID. Google's privacy policy applies to the OAuth flow.

We do not sell, rent, or share your data with advertisers or data brokers.

7. Cookies

ChatClaw uses only session cookies set by Supabase authentication to keep you signed in. These are strictly necessary for the service to function and are exempt from cookie consent requirements under ePrivacy rules. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

8. Your Rights

Under GDPR (and equivalent laws in the UK, Canada, Brazil, and other jurisdictions), you have the following rights:

• Access — request a copy of the data we hold about you
• Correction — ask us to fix inaccurate data
• Erasure — ask us to delete your account and all associated data
• Portability — receive your data in a machine-readable format (JSON)
• Objection — object to processing in specific circumstances
• Restriction — ask us to limit how we use your data while a dispute is resolved

To exercise any right, email chatclaw.support@sumeralabs.com. We will respond within 30 days. Account deletion is currently handled manually via email — we are building a self-serve delete flow in the dashboard.

9. Security

We implement appropriate technical and organisational measures to protect your data, including: TLS encryption in transit, AES-256 encryption at rest (via Supabase), row-level security policies on all database tables, and JWT-based API authentication. Despite these measures, no internet transmission is completely secure — if you become aware of a security issue, please report it to chatclaw.support@sumeralabs.com.

10. Changes to This Policy

We may update this policy as the service evolves. For material changes, we will notify you by email or via an in-app notice before the change takes effect. Continued use of ChatClaw after the effective date constitutes acceptance of the updated policy.