Privacy Policy

ClawChart ("we", "us", "our") operates the website at https://clawchart.xyz. We provide a browser-based tool for visualizing and auditing OpenClaw agent configurations.

Because ClawChart processes configuration data entirely in your browser, the following data is never transmitted to or stored on our servers:

• Your openclaw.json configuration file (free visualizer only — never leaves your browser)
• Your agent names, channel configurations, or skill lists (free visualizer only)
• Any API keys or secrets that may appear in your config (free visualizer only)
• Your shareable graph URLs (these are URL hash fragments, which browsers never send to servers)

3.1 Analytics

We use privacy-respecting analytics (such as Vercel Analytics or Plausible) to understand aggregate traffic patterns — page views, referrers, and device types. This data is anonymized and not linked to individual users. We do not use Google Analytics or sell analytics data to third parties.

3.2 VPS Deployment Data

When you use 1-Click Launch to deploy to a VPS, we collect the following to provision and manage your server:

• Your openclaw.json configuration (transmitted securely via HTTPS for deployment only)
• API keys and tokens you provide (encrypted with AES-256-GCM, never stored in plain text)
• Your selected server tier and region
• Payment information processed by Stripe (we never see your card number)

This data is necessary to provision your VPS and configure your OpenClaw agents. API keys are decrypted only at deployment time and injected directly into your server's environment variables.

3.3 Server Logs

Our hosting provider (Vercel) automatically collects standard server logs including IP addresses, request paths, and timestamps. These logs are retained for a limited period for security and debugging purposes and are not used for advertising.

ClawChart uses browser localStorage to persist your preferences (such as UI state) between sessions. This data stays on your device and is never transmitted to us.

We do not use tracking cookies or third-party advertising cookies. Stripe may set cookies during the checkout flow for fraud prevention — these are governed by Stripe's cookie policy.

The limited data we collect is used solely to:

• Operate and improve the Service
• Process and manage Pro subscriptions
• Detect and prevent abuse or security incidents
• Understand aggregate usage patterns to prioritize features

We do not sell, rent, or share your personal data with third parties for marketing purposes.

ClawChart integrates with the following third-party services:

• Vercel — hosting and edge network. Vercel's privacy policy: vercel.com/legal/privacy-policy
• Stripe — payment processing for VPS deployments. Stripe's privacy policy: stripe.com/privacy
• Hetzner Cloud — VPS hosting infrastructure. Your deployed agents run on Hetzner servers. Hetzner's privacy policy: hetzner.com/legal/privacy-policy
• ClawHub — skills catalog data is fetched at build time and cached statically. No user data is sent to ClawHub.

Since we do not store your configuration data for the free visualizer features, there is nothing to retain or delete for those features.

For VPS deployments: Your configuration and API keys are stored on your provisioned Hetzner VPS for as long as your subscription is active. If you cancel your VPS or fail to renew, all data on the server is permanently deleted. We do not retain copies of your configuration or API keys after cancellation.

Transaction records (payment confirmation, transaction ID, and receipt email if provided) are retained for as long as required for legal and accounting purposes. You may request deletion of your personal data by contacting us.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data ("right to be forgotten")
• Object to or restrict processing of your data
• Data portability

To exercise any of these rights, please contact us via hello@clawchart.xyz. We will respond within 30 days.

ClawChart is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

We implement reasonable technical and organizational measures to protect the limited personal data we hold. However, no method of transmission over the internet or electronic storage is 100% secure.

For VPS deployments, API keys and sensitive credentials are encrypted with AES-256-GCM during transmission and only decrypted at deployment time on your provisioned server. They are never logged, stored in plain text on our systems, or accessible to ClawChart staff.

Because your configuration data for the free visualizer never leaves your browser, the primary security risk for that feature lies in your own device and browser security — not in our systems.

We may update this Privacy Policy from time to time. We will update the "Last updated" date at the top of this page. For material changes, we will provide notice on the site. Continued use of the Service after changes constitutes acceptance of the updated policy.

If you have questions or concerns about this Privacy Policy or our data practices, please reach out via the project's contact information listed on the site.