Privacy Policy

Last updated: 2026-05-24 Effective: 2026-05-24

OpenClaw is operated by Faizyar Industries LLC ("we", "us"). This policy explains exactly what we collect, why, and what we never touch. It is written to match what the code actually does — when the code changes, this policy is updated in the same PR.

What we collect

Data	Why	Stored where	Linked to you
Email address (Apple Sign-In relay supported)	Account identity, support replies	Postgres on Railway	Yes
Apple user ID	Sign-in only — never shared	Postgres	Yes
Subscription state from Apple Server Notifications	Billing reconciliation	Postgres	Yes
Chat messages	Sent to the LLM provider you're using; brief 30-day operational retention for abuse / safety review	Postgres + provider	Yes
Apple Health data (if you connect it)	Optional context attached to chat messages you opt in to	Stays on your device unless your message needs it	Yes
Crash diagnostics (Sentry)	Diagnose app crashes	Sentry (3rd party)	Pseudonymous user id only
Product events (PostHog)	Understand which features get used	PostHog (3rd party)	Pseudonymous user id only
Device push token	Notify you when long tasks finish	Postgres	Yes

You can opt out of crash + product analytics via Settings → Help → Opt out of crash + product analytics.

You can opt out of automatic iOS context attachment via Settings → Help → Auto-attach iOS context.

What we never collect

• Photos, contacts, calendar entries, reminders, or location are NEVER uploaded as bulk data. The OS-granted permissions allow the agent to read what you specifically ask about. Photos are sent only when you attach them via the composer.
• Microphone audio NEVER leaves your device. Dictation runs on Apple's on-device Speech framework.
• We do NOT use IDFA / ASIdentifierManager. We do NOT track you across third-party apps or websites.
• We do NOT sell or share your data with data brokers.
• We do NOT train models on your conversations.

How long we keep it

Data	Retention
Account record	Until you delete your account
Chat messages	30 days operational, then permanently dropped via the daily retention sweep (LifecycleJobService)
Crash reports	90 days at Sentry
Product events	12 months at PostHog
Device push tokens	Until you sign out or uninstall
Subscription history	7 years (tax/financial records)

Subprocessors

We share the strict minimum data with:

Subprocessor	Purpose	Data
Railway (Postgres + control-plane hosting)	Backend infra	All persistent state
Fly.io	Per-user agent runtime	Pairing token + user id; no chat content stored at rest
DeepSeek	Default LLM	Chat messages routed via our proxy
Google AI (Gemini)	Optional BYOK LLM	Your messages, only when you connect your own key
Apple (Sign-In, StoreKit, Push Notifications)	iOS infrastructure	What Apple needs to deliver these services
Sentry	Crash reports	Stack traces, OS version
PostHog	Product analytics	Event names, bucketed counts

Your rights

• Access / export: Request your data via [email protected]. We reply within 30 days.
• Deletion: Settings → Profile → Delete account. This cancels your Fly machine, drops your DB rows, and removes you from third-party systems within 30 days.
• Correction: Email us — we'll fix any account-level data you point out.
• EU/UK residents: GDPR/UK-GDPR rights apply. The controller is Faizyar Industries LLC; for objections under Article 21, email [email protected].
• California residents: CCPA / CPRA rights apply. We do not sell your data.

Contact

[email protected]