Data & Privacy

What data we store

OneClickClaw collects only the data necessary to provide the hosting service. Here is a clear breakdown:

• Account information: Your name and email address (from Google OAuth). Used for login, billing communication, and support.
• Server metadata: Server name, tier, status, and deployment timestamps. Used to manage your VPS and display dashboard information.
• Billing information: Subscription status, plan type, and payment history. Payment card details are handled entirely by Stripe and never touch our servers.
• Event logs: Deployment events, configuration changes, reboots, and support interactions. Used for troubleshooting and the Event Viewer on your dashboard.

What we don't store

Equally important is what OneClickClaw does not store on our platform:

• AI conversations: All messages between your users and your agent flow directly between your server and your AI provider. We have zero access to conversation content.
• API keys: Your AI provider keys are stored only on your dedicated VPS, encrypted with Fernet (AES-128-CBC + HMAC-SHA256). They never exist on our platform servers.
• Message content: We do not intercept, log, or analyze any messages passing through your agent.

Website analytics and cookies

The OneClickClaw marketing site (oneclickclaw.io) uses a small, clearly listed set of cookies. Strictly necessary cookies keep you signed in and protect the site from bots (Cloudflare Turnstile). Optional cookies power our AI support chatbot, remember your UI preferences, and (only with your explicit opt-in) Google Analytics 4 for aggregate visit statistics.

Google Analytics 4 is loaded only after you toggle it on in the cookie banner. If you choose "Essential Only" or ignore the banner, no GA4 script is injected and no GA cookies are set. When enabled, GA4 is configured with IP anonymisation and we never link analytics data to advertising profiles. We do not run any advertising or remarketing tags on the site, and we do not sell analytics data to third parties.

You can change your choice at any time by clearing site data for oneclickclaw.io (Browser Settings > Site data > Clear) and re-answering the cookie banner. We bump the banner version whenever the categories change so you are re-prompted automatically. The authenticated dashboard surface (/dashboard, /deploy, /oc-panel-9f4e) does not run GA4 at all.

Data location

Your dedicated VPS (where your OpenClaw agent, AI provider key, and customer conversations live) runs in a datacenter in Denmark (DK-DC1), operated by our infrastructure partner Webdock. That data stays in the EU and never leaves EU jurisdiction.

Our central platform database (account records, billing metadata, deployment state) is hosted on Neon, and a small subset of platform services run on Replit. Both providers are based in the United States and we rely on EU Standard Contractual Clauses (SCCs) for those transfers. See the Subprocessors table below for the full list and locations.

Data retention

We retain your data according to the following schedule:

Encryption standards

• In transit: All connections use TLS encryption. Communication between your browser and the dashboard, between our platform and your VPS, and between your VPS and your AI provider are all encrypted.
• At rest: Sensitive fields (API keys, OAuth tokens) are encrypted using Fernet symmetric encryption (AES-128-CBC + HMAC-SHA256). Standard account data is stored in a secured database with access controls.

For details about your rights over this data, see GDPR Compliance.