OpenClaw Data Privacy: Where Your Data Lives and Who Can Access It
Your AI agent processes sensitive information: conversations, files, emails, credentials. Where does that data go? Who can access it? How long is it retained?
This guide answers the privacy questions that matter for OpenClaw deployments.
What Data Does OpenClaw Process?
AI agents touch more data than you might realize.
Conversation Data
| Data Type | Examples |
|---|---|
| User prompts | "Send an email to...", "Summarize this document..." |
| Agent responses | Generated text, summaries, analysis |
| Context | Previous messages in conversation |
| Metadata | Timestamps, session IDs, channel info |
Connected Account Data
| Source | Data Accessed |
|---|---|
| Messages, attachments, contacts | |
| Calendar | Events, attendees, descriptions |
| Slack/Discord | Messages, channels, user info |
| File systems | Documents, code, configurations |
System Data
| Data Type | Examples |
|---|---|
| Credentials | API keys, OAuth tokens, passwords |
| Configuration | Agent settings, policies, preferences |
| Logs | Action history, errors, debugging info |
| Metrics | Usage stats, performance data |
Data Flow: Where Does It Go?
Self-Hosted Data Flow
┌─────────────────────────────────────┐
│ Your Server │
│ ┌─────────────────────────────┐ │
User Input ────────►│ │ OpenClaw Agent │ │
│ │ │ │
│ │ Conversations: Local disk │ │
│ │ Credentials: ~/.openclaw/ │ │
│ │ Files: Workspace folder │ │
│ └──────────┬──────────────────┘ │
│ │ │
└─────────────┼───────────────────────┘
│
▼
LLM Provider (Anthropic/OpenAI)
- Prompts sent for processing
- Responses returned
Data locations:
- Conversations: Stored on your server (often plaintext)
- Credentials:
~/.openclaw/openclaw.json(plaintext by default) - Files: Your workspace directory
- Logs: Server filesystem (if configured)
Who can access:
- Anyone with server access
- Anyone who finds exposed dashboard
- LLM provider (sees prompts)
Clawctl Data Flow
┌─────────────────────────────────────┐
│ Clawctl Cloud │
│ ┌─────────────────────────────┐ │
User Input ────────►│ │ Your Isolated Tenant │ │
│ │ │ │ │
│ │ │ Conversations: Encrypted │ │
│ │ │ Credentials: Secure vault │ │
│ │ │ Logs: Encrypted storage │ │
│ │ └──────────┬──────────────────┘ │
│ │ │ │
│ └─────────────┼───────────────────────┘
│ │
│ ▼
│ LLM Provider (Anthropic/OpenAI)
│ - Prompts sent for processing
│ - Responses returned
│
└──► Gateway Auth required for all access
Data locations:
- Conversations: Encrypted in Clawctl storage
- Credentials: Encrypted vault, injected at runtime
- Logs: Encrypted audit storage
- Tenant isolation: Infrastructure-level separation
Who can access:
- You (after gateway authentication)
- Your team (with appropriate permissions)
- LLM provider (sees prompts—same as self-hosted)
- Clawctl: Cannot access encrypted customer data
Third-Party Data Sharing
LLM Providers
Both self-hosted and managed OpenClaw send prompts to LLM providers:
| Provider | Data Sent | Retention | Training Use |
|---|---|---|---|
| Anthropic | Prompts, context | Temporary | Not used for training |
| OpenAI | Prompts, context | 30 days (API) | Not used for training (API) |
Important: Review each provider's data usage policies. API access typically has different (better) privacy terms than consumer products.
What's Sent to LLM Providers
- Your prompts (what you ask the agent)
- Context (conversation history)
- Tool call descriptions
- Response requests
What's NOT Sent
- Your credentials (API keys for Slack, etc.)
- Files (unless you ask the agent to summarize them)
- System configuration
Data Storage Comparison
Self-Hosted Storage
| Data | Storage | Encryption | Access Control |
|---|---|---|---|
| Conversations | Local disk | None (default) | File permissions |
| Credentials | JSON file | None | File permissions |
| Logs | Local disk | None | File permissions |
| Files | Workspace | None | File permissions |
Risks:
- Single point of failure
- No encryption by default
- Easy to accidentally expose
- Backups may leak data
Clawctl Storage
| Data | Storage | Encryption | Access Control |
|---|---|---|---|
| Conversations | Clawctl DB | AES-256-GCM | Tenant isolation |
| Credentials | Secure vault | AES-256-GCM | Runtime injection only |
| Logs | Audit storage | AES-256-GCM | Role-based access |
| Files | Tenant storage | AES-256-GCM | Tenant isolation |
Protections:
- Encryption at rest
- Encryption in transit (TLS 1.3)
- Tenant isolation
- Access logging
GDPR Considerations
If you process EU personal data, GDPR applies to your OpenClaw deployment.
Key GDPR Requirements
| Requirement | Self-Hosted | Clawctl |
|---|---|---|
| Lawful basis | Your responsibility | Your responsibility |
| Data minimization | Your configuration | Your configuration |
| Storage limitation | Your implementation | Configurable retention |
| Right to access | Build export capability | Export via dashboard/API |
| Right to erasure | Build deletion capability | Delete via dashboard/API |
| Data security | Your implementation | Built-in encryption |
| Breach notification | Your process | Incident response included |
GDPR Best Practices
- Document your lawful basis for processing personal data with AI agents
- Minimize data retention — Don't keep data longer than needed
- Implement deletion — Be able to delete user data on request
- Audit access — Know who accessed what data
- Assess LLM providers — Review their GDPR compliance
Data Processing Agreement
For managed hosting, ensure you have a DPA in place. Clawctl provides standard DPA for Business customers.
Data Retention
Retention Recommendations
| Data Type | Recommended Retention |
|---|---|
| Active conversations | Duration of use |
| Audit logs | 30-90 days (compliance-dependent) |
| Credentials | Until rotated/revoked |
| Archived data | As required by policy |
Clawctl Retention by Plan
| Plan | Audit Log Retention |
|---|---|
| Starter | 7 days |
| Team | 30 days |
| Business | 90 days (customizable) |
Implementing Retention (Self-Hosted)
# Example: Delete logs older than 30 days
find /var/log/openclaw -mtime +30 -delete
# Automate with cron
0 0 * * * find /var/log/openclaw -mtime +30 -delete
Data Deletion
Right to Erasure
Users may request deletion of their data. Be prepared to:
- Identify all data related to the user
- Delete from all storage locations
- Verify deletion is complete
- Document the deletion for compliance
Deletion in Clawctl
# Delete specific conversation
clawctl data delete --conversation conv_123
# Delete all data for a user
clawctl data delete --user user@example.com
# Export before deletion (for records)
clawctl data export --user user@example.com --output backup.json
Deletion Challenges
- Backups: Data may exist in backups
- Logs: Personal data may appear in logs
- Third parties: Data sent to LLM providers
- Derived data: Summaries, analysis based on original data
Document your deletion process and its limitations.
Privacy Checklist
Self-Hosted
- Encrypt credentials at rest
- Implement access controls on config files
- Configure log retention/deletion
- Document data flows for compliance
- Review LLM provider privacy policies
- Implement data export capability
- Implement data deletion capability
- Regular security audits
Managed (Clawctl)
- Encryption at rest (handled)
- Tenant isolation (handled)
- Access logging (handled)
- Review Clawctl privacy policy
- Review LLM provider privacy policies
- Configure appropriate retention
- Document your data processing basis
- Establish deletion procedures
Frequently Asked Questions
Where does OpenClaw store my data?
Self-hosted: On your server, typically in ~/.openclaw/ and your workspace directory. Managed (Clawctl): In your isolated tenant with encryption at rest.
Can Clawctl see my conversations?
No. Your data is encrypted with keys Clawctl cannot access. We can see metadata (usage stats, timestamps) but not content.
Is OpenClaw GDPR compliant?
OpenClaw is a tool—compliance depends on how you deploy and configure it. Self-hosted requires you to implement GDPR controls. Clawctl provides the technical controls; you're responsible for lawful basis and processes.
What data is sent to Anthropic/OpenAI?
Your prompts and conversation context. Not your credentials, configuration, or files (unless you explicitly include them in prompts).
How long is my data retained?
Self-hosted: Until you delete it. Clawctl: Based on your plan (7-90 days for audit logs). Credentials persist until you rotate them.
Can I delete all my data?
Self-hosted: Delete your workspace and config directories. Clawctl: Use the dashboard or CLI to delete your data. Account deletion removes all tenant data.
Summary
| Aspect | Self-Hosted | Clawctl |
|---|---|---|
| Data location | Your server | Clawctl cloud (isolated tenant) |
| Encryption | You implement | Built-in (AES-256-GCM) |
| Access control | File permissions | Gateway auth + RBAC |
| Audit trail | You implement | Automatic |
| GDPR readiness | You build | Tools provided |
| Data deletion | You implement | Dashboard/CLI |
Deploy with data protection → | Enterprise compliance → | Privacy policy →