Privacy Policy

Our Commitment to Your Privacy

At ClawdHost, we believe privacy is fundamental. We built our service so that your conversations stay on your dedicated VPS — we do not access, read, or store your conversations. While we maintain a management channel for service operations, it is never used to access your chat data. This privacy policy explains how we collect, use, store, and protect your data when you use our service.

1. Data Collection

We only collect information that is necessary to provide our VPS hosting service. Here is what we collect:

• ●Account Information — Email address, name (optional), and authentication data stored securely via Supabase Auth.
• ●API Keys — Your LLM provider API keys (e.g., Anthropic, OpenAI) and messaging platform tokens that you voluntarily provide.
• ●Instance Configuration Data — VPS IP address, region, status, and configuration settings necessary to manage your service.
• ●Billing Information — Payment data processed securely through our third-party payment processor, Dodo Payments.

2. Data Usage

We use your collected data for the following purposes:

• ●Service Provisioning — To create, configure, and manage your VPS instance.
• ●Authentication — To verify your identity and provide secure access to your account.
• ●Payment Processing — To process subscriptions and issue refunds when applicable.
• ●Communication — To send you service updates, billing notifications, and respond to support requests.
• ●Service Improvement — To analyze usage patterns and improve our service reliability and performance.
• ●Infrastructure Management — To perform service updates, restarts, and configuration changes on your VPS instance through our authenticated management channel.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Data Storage and Security

We protect your data with industry-standard security measures and store it as follows:

• ●Encryption — All sensitive data (API keys, tokens) is encrypted at rest using AES-256 encryption before storage.
• ●Database Storage — Account data is stored in Supabase's secure database infrastructure.
• ●VPS Isolation — Each customer receives their own VPS with complete isolation from other users' data.
• ●Network Security — Gateway services bind to localhost only, preventing unauthorized external access to your services.
• ●Limited Operational Access — We maintain a secure, authenticated management channel to your VPS solely for service operations (updates, restarts, configuration changes). This channel uses HMAC-signed requests and is not used to access your conversations, chat history, or AI responses.

4. What We DON’T Access or Store

While we maintain operational access to your VPS for service management, we never use it to access the following:

• ✓Chat conversations — Your messages stay on your VPS and are never sent to or read by our servers.
• ✓AI responses — All LLM API calls go directly from your instance to your chosen provider.
• ✓Bot memory — Your bot’s memory and session files stay on your VPS and are not accessed by us.
• ✓VPS credentials — We don’t retain root SSH credentials after provisioning. Our management channel is limited to service operations only.

5. How Your Data Flows

When you use ClawdHost, your data flows like this:

1. You send a message on your chosen platform (WhatsApp, Telegram, Discord, Slack).
2. The platform sends your message directly to your Clawdbot instance.
3. Your instance makes an API call directly to your LLM provider (Anthropic, OpenAI, etc.).
4. The LLM provider responds directly to your instance.
5. Your instance sends the response back to you.

ClawdHost infrastructure is never in the path of your conversations.

6. VPS Management Access

To provide and maintain your service, we operate an authenticated management channel on your VPS instance. This is used for:

• ●Service Updates — Applying software updates, patches, and configuration changes to keep your instance running smoothly.
• ●Service Operations — Restarting services, managing channels, and performing health checks.

Security of the management channel:

• ●All requests are cryptographically signed (HMAC-SHA256) with a per-instance secret.
• ●We do not use this channel to access, monitor, or log your conversations, chat history, bot memory, or AI responses.

7. Third-Party Services

We use the following third-party services:

• ●Supabase — Authentication and database hosting.
• ●Dodo Payments — Payment processing.
• ●Hetzner Cloud — VPS infrastructure.

Each of these services has their own privacy policies and data handling practices.

8. Data Retention and Deletion

We retain your account and instance data while your subscription is active. If you cancel your subscription or request a refund, your VPS and all associated data are deleted within 24 hours. You may request account deletion at any time by contacting support@clawdhost.net.

9. Google API Services and User Data

Our application may integrate with Google API Services. This section explains how we access, use, store, and share Google user data:

Google User Data We Access

When you connect your Google account to our service, we may access the following data:

• ●Authentication Data — Email address and profile information used for account creation and sign-in.

How We Use Google User Data

We use Google user data for the following purposes:

• ●Account Management — To create and manage your user account.
• ●Authentication — To verify your identity and provide secure access.
• ●Service Configuration — To configure your VPS instance based on your preferences.

Storage of Google User Data

Google user data is stored as follows:

• ●Secure Database — Your Google account information is stored securely in our Supabase database.
• ●Encryption — All sensitive data is encrypted at rest using AES-256 encryption.
• ●OAuth Tokens — Google OAuth tokens are stored securely and used only for authorized API calls.

Sharing of Google User Data

We do not sell, rent, or share your Google user data with third parties for their marketing purposes. We may share data only:

• ●With Service Providers — With Supabase for authentication and database hosting, and Dodo Payments for payment processing.
• ●As Required by Law — When required to comply with legal obligations or protect our rights.

User Control and Deletion

You can revoke our application's access to your Google data at any time through your Google Account settings. If you delete your account with us, we will delete your Google user data from our systems within 24 hours.

10. Your Privacy Rights

You have the right to:

• ●Access your personal data
• ●Correct inaccurate data
• ●Delete your account and all associated data
• ●Export your data
• ●Opt-out of marketing communications

To exercise these rights, contact us at support@clawdhost.net.

11. Children’s Privacy

Our service is not intended for children under 13. We do not knowingly collect information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that information.