Privacy Policy

When you use BiClaw, we collect:

• Account information: Email address and timezone (provided during signup).
• Business data credentials: API keys and access tokens for connected platforms (Shopify, Stripe, Google Analytics, etc.). These are stored encrypted in your isolated instance.
• Chat conversations: Messages exchanged with your BiClaw assistant, stored in your private instance.
• Usage data: Session counts, token usage, and feature usage for billing and service improvement.

• To provide the BiClaw service: connecting to your business tools, generating morning briefs, answering questions about your data.
• To process payments via Stripe.
• To send you service-related communications (trial reminders, brief delivery).
• To improve the service based on aggregated, anonymized usage patterns.

BiClaw provides per-user data isolation. Each user runs their own dedicated OpenClaw instance in a separate Docker container. Your API keys, business data, conversation history, and connected sources are never shared with other users or accessible from other instances.

• Account data (email, plan, billing) is stored in a PostgreSQL database hosted on Neon (US East).
• Business data credentials are stored in your isolated OpenClaw instance on our VPS infrastructure (Hetzner, US Ashburn).
• Chat conversations are stored in your OpenClaw instance memory and workspace.
• Payment data is processed by Stripe. We do not store credit card numbers.

We use the following third-party services:

• Stripe for payment processing.
• Anthropic (Claude) and OpenAI for AI language model inference. Your queries are sent to these providers for processing.
• Neon for database hosting.
• Vercel for web application hosting.
• Hetzner for VPS infrastructure.

• Account data is retained for the duration of your subscription.
• Upon cancellation, your OpenClaw instance and all associated data (credentials, conversations, business data) are deleted within 30 days.
• Billing records are retained as required by law.

You have the right to:

• Access the data we hold about you.
• Request deletion of your account and all associated data.
• Export your data.
• Revoke API key access at any time by updating credentials in your connected platforms.

To exercise these rights, email privacy@biclaw.app.

We take security seriously. All data is encrypted in transit (TLS 1.3). Per-user instances run in isolated Docker containers with restricted capabilities. API keys are stored with filesystem-level access controls. We do not share your data with third parties except as described above for service provision.

We may update this policy from time to time. We will notify you of material changes via email or an in-app notice. Continued use of the service after changes constitutes acceptance.

For privacy questions, contact us at privacy@biclaw.app.