Privacy Policy

deployaClaw ("we", "us", "our") operates the deployaclaw.com website and the deployaClaw platform. This Privacy Policy explains how we collect, use, and protect your information when you use our services.

By using deployaClaw, you agree to the collection and use of information in accordance with this policy.

Account Information

• Email address and name (via Google OAuth sign-in)
• Subscription and billing information (processed by our payment provider)

Service Data

• Agent configuration settings (model selection, bot tokens, system prompts)
• VPS instance metadata (status, IP address, provider region)
• Usage metrics (API token counts, request logs, cost tracking)
• Health check and monitoring data

Data We Do NOT Collect

• Your AI conversations — messages between you and your AI agent stay on your dedicated VPS and are never transmitted to our control plane
• Your AI provider API keys in plaintext — keys are encrypted with AES-256-GCM before storage and are only decrypted on your dedicated VPS

• Provision and manage your dedicated VPS infrastructure
• Process payments and manage your subscription
• Monitor VPS health and perform auto-recovery when needed
• Enforce daily budget limits and send usage alerts
• Provide customer support and troubleshoot issues
• Improve the reliability and performance of our platform

deployaClaw operates on a Bring Your Own Key model. You provide your own API keys for AI providers (Anthropic, OpenAI, Google, etc.). This means:

• Your API keys are encrypted with AES-256-GCM and stored securely
• Keys are only decrypted and used on your isolated, dedicated VPS
• We never use your keys to make API calls on our behalf
• You maintain full control of your AI provider spend and usage
• You are subject to the privacy policies of your chosen AI providers for any data processed through their APIs

Each customer receives a dedicated, isolated VPS. Your agent, conversations, vector database, and credentials run in containers on your own server—not shared infrastructure.

• Containers run with security hardening: dropped capabilities, read-only root filesystem, no-new-privileges
• Network egress is filtered through a proxy with domain allowlists
• VPS firewalls restrict inbound traffic to ports 22 and 443 only

We use the following third-party services:

• Hetzner / Vultr — VPS infrastructure providers
• Convex — backend database and serverless functions
• Google OAuth — authentication
• Google Analytics — website usage analytics
• Telegram — messaging channel for your AI agent

Each third-party service has its own privacy policy. We encourage you to review them.

We retain your account and service data for as long as your account is active. Upon subscription cancellation:

• Your VPS and all data on it (conversations, credentials, vector data) are destroyed
• Account records (email, billing history) are retained for legal and accounting purposes
• Usage logs and audit trails are retained for 90 days after account closure

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Export your agent configuration data

To exercise these rights, contact us at the email below.

We take security seriously. Our measures include AES-256-GCM encryption for sensitive credentials, container-level security hardening, network egress filtering, automated health monitoring with incident response, and audit logging of administrative actions.

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date at the top of this page.

If you have questions about this Privacy Policy, please contact us at privacy@deployaclaw.com.