ClawPilot Privacy Policy

Effective Date: March 9, 2026 Last Updated: March 9, 2026

The ClawPilot team ("we", "us", or "our") takes personal information and data security seriously. This Privacy Policy explains how we collect, use, store, share, and protect information when you use ClawPilot iOS / Android apps and related services, and what rights you may exercise.

1. Scope

This Policy applies to the ClawPilot app and its related backend capabilities, including bootstrap, installation reporting, Gateway binding, notification configuration, subscription entitlement handling, voice upload presigning, and hosting of legal pages.

This Policy does not apply to independently operated parties such as your self-hosted OpenClaw Gateway, third-party model services, third-party object storage services, Apple App Store, or Android distribution channels. Their own terms and privacy rules apply to their processing activities.

2. Information We Collect

We process information only to the extent necessary to provide core functionality, including:

• Anonymous identifiers and installation information: such as external_user_token, installation_id, platform, app version, OS version, device model, locale, and timezone, used to identify an anonymous account and installation on the same device.

• Gateway binding information: such as gatewayClientId, Gateway URL, Gateway label, webhook URL, and webhook token generated by our service, used for binding, callback authentication, and configuration sync.

• Subscription and entitlement information: such as transaction identifiers, original transaction identifiers, product identifiers, transaction environment, purchase time, expiry time, revocation time, appAccountToken, and Apple server notification payloads, used to validate transactions and refresh entitlement state.

• Notification pipeline and device information: such as notification settings, notification time window, push channel identifiers, push identifiers (for example APNs device token or Android push client id), delivery status, and error details, used for notification setup, device registration, troubleshooting, and auditing.

• Android Mainland China push information: if you accept the push-related privacy consent in the Mainland China Android build and also allow notifications at the OS level, the app initializes the Getui push service and processes the device identifiers, push client id, app package information, and related notification settings required for push delivery. If you decline that consent, the app remains usable, but push notifications are unavailable.

• Session title generation and voice upload information: when you trigger automatic session title generation, the first user message and assistant reply are sent to the configured title-generation model service. When you use voice upload, we process the file type, size, and file name, and upload the file through presigned storage URLs.

• Local cache and device permissions: the app stores Gateway configuration, session cache, and media cache on your device. When you actively use related features, it may request permissions such as local network, photos, camera, microphone, and notifications.

Note: ClawPilot's core chat flow communicates directly between the app and your configured Gateway. Under the current architecture, our backend is not the default relay for regular chat content.

3. How We Use Information

• To initialize anonymous accounts, manage installations, and identify client sessions.
• To support Gateway binding, configuration sync, webhook validation, and task notification handling.
• To process Apple in-app purchase transactions, maintain entitlement snapshots, and provide subscription status.
• To initialize push services, register devices, maintain notification channels, and troubleshoot delivery issues in the Mainland China Android build.
• To generate session titles, issue voice upload credentials, and control upload size and rate limits.
• To maintain system stability, security, observability, troubleshooting, and auditing.
• To comply with legal and regulatory obligations.

4. Sharing and Disclosure

Except in the following cases, we do not sell or provide your information to unrelated third parties:

• Service providers that process data within the scope necessary to provide functionality, such as cloud, database, and object storage providers.
• We require such service providers, through contracts, data processing agreements, or equivalent mechanisms, to implement data protection measures and security obligations no less protective than those described in this Policy.
• Necessary data flows related to Apple App Store transaction verification and notification reconciliation.
• In the Mainland China Android push scenario, information necessary for push delivery may be provided to the Getui push service.
• Third-party capabilities that you actively trigger, such as title-generation model services.
• Disclosure required by laws, regulations, regulators, courts, or administrative authorities.
• Necessary disclosure in emergencies to protect significant lawful rights and interests of users or the public.

5. Storage and Retention

• We retain data based on business necessity and apply measures such as access control, authentication, and minimized writes.
• Local device data is stored in secure system storage and the app sandbox. You may clear cache or delete your account within the app.
• When you request account deletion, we delete or de-identify data directly linked to that anonymous identifier, while retaining necessary transaction audit records where permitted by law.
• If laws or regulations require otherwise, data will be retained for the legally required period.

6. Your Rights

Subject to applicable laws and regulations, you may:

• Learn about the rules and scope of our processing.
• Request correction, deletion, or restriction of processing of your information.
• Withdraw device permissions such as camera, photos, microphone, or notifications.
• Decline push-related privacy consent in the Mainland China Android build. If you decline, the app remains usable, but push notifications are unavailable.
• Submit an account deletion request via Settings - Account & Data - Delete Account.
• Contact us with privacy questions, complaints, or data security inquiries.

7. Protection of Minors

ClawPilot is primarily intended for users with full civil capacity. If you are a minor, please read and use this service with your guardian, and let your guardian decide whether to accept this Policy.

8. Policy Updates

We may update this Policy due to product changes, legal requirements, or regulatory requests. Updated versions will be published in the app or on legal pages on our website with the latest update date. If an update materially affects your rights, we will provide reasonable notice.

9. Contact Us

If you have any questions, suggestions, or complaints about this Policy, please contact us at:

Email: [email protected]

We will respond as soon as reasonably practicable after receiving your request.