Privacy Policy
Last Updated: January 26, 2026
EZClaw ("we," "us," or "our") operates a Telegram bot service that provisions dedicated cloud servers on Hetzner Cloud infrastructure. This Privacy Policy describes how we collect, use, store, and share your information when you use our services. By using EZClaw, you acknowledge and accept the practices described in this policy.
1. Information We Collect
1.1 Telegram User Data
When you interact with our Telegram bot, we automatically collect and store:
- Telegram User ID - Your unique Telegram identifier
- Telegram Username - Your public Telegram username (if set)
- Message History - All messages exchanged between you and our bot, including commands, responses, and general communications
- Timestamps - When you created your account and when you were last active
- Registration Status - Whether you have completed registration
1.2 Payment Information
When you subscribe to our services, we collect:
- Stripe Customer ID - A unique identifier linking you to our payment processor
- Subscription Details - Your billing type (weekly/monthly), plan tier, and subscription status
- Payment History - Records of successful and failed payments processed through Stripe
We do not store your credit card numbers, CVV codes, or complete payment card details. All payment processing is handled securely by Stripe.
1.3 Server Instance Data
For each server instance we provision for you, we store:
- Instance ID - Unique identifier for your server
- Instance Name - The name assigned to your instance
- Subdomain - Your unique subdomain (e.g., username-abc123.ezclaw.io)
- Hetzner Server ID - The identifier of your server on Hetzner Cloud
- IPv4 Address - Your server's public IP address
- Cloudflare Tunnel ID - Identifier for your secure tunnel connection
- Server Status - Current state (pending, provisioning, active, warning, deleted)
- Tier Information - Your selected plan (Basic, Standard, Pro)
- Creation and Update Timestamps
1.4 Authentication Tokens and Credentials
We generate and store various tokens for your service:
- Settings Tokens - Temporary tokens (30-minute validity) for accessing your settings panel
- ClawdBot Tokens - Authentication tokens for your ClawdBot instance
- Keyring Passwords - Encrypted passwords for secure credential storage on your server
- Tunnel Tokens - Tokens for Cloudflare tunnel authentication
1.5 Technical Data
We may collect:
- Webhook Event IDs - For preventing duplicate payment processing
- Health Status - Server health monitoring data
- Provisioning Timestamps - When server setup began and completed
2. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Data Used |
|---|---|
| Providing our services | Telegram ID, server instance data, authentication tokens |
| Processing payments | Stripe customer ID, subscription details |
| Provisioning servers | Instance configuration, Hetzner server details, Cloudflare tunnel data |
| Customer support | Message history, account information |
| Service notifications | Telegram ID, username |
| Marketing our products | Telegram ID, username, message history |
| Fraud prevention | Payment data, webhook events |
3. Marketing and Promotional Communications
Important: By using EZClaw, you consent to receiving marketing and promotional messages from us via Telegram. We may send you:
- Information about new features, services, and updates
- Promotional offers and discounts
- Announcements about our other products and services (including but not limited to findclout.com, replyguy.work, and other affiliated products)
- Tips, guides, and educational content related to our services
- Surveys and feedback requests
We will directly market our other products and services to you through Telegram messages. While you may request to reduce the frequency of promotional messages by contacting us, complete opt-out of all communications may not be possible while maintaining an active account, as some messages are essential for service delivery.
4. Data Sharing and Third Parties
4.1 We Will NOT Sell Your Data
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
4.2 Third-Party Service Providers
We share necessary data with the following third-party services to operate our platform:
| Service | Purpose | Data Shared |
|---|---|---|
| Telegram | Bot platform and messaging | Messages, user ID, username |
| Stripe | Payment processing | Customer ID, payment amounts, billing metadata |
| Hetzner Cloud | Server infrastructure | Server configuration, instance labels |
| Cloudflare | DNS, tunnels, and security | Subdomain, tunnel configuration |
Each of these services has their own privacy policies governing their use of your data:
4.3 Legal Requirements
We may disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to:
- Comply with legal obligations
- Protect our rights, property, or safety
- Investigate potential violations of our terms
- Respond to lawful requests from public authorities
5. Data Retention
We retain your data according to the following schedule:
| Data Type | Retention Period |
|---|---|
| User account data | Indefinitely while account is active; may be retained after deletion for legal/business purposes |
| Message history | Indefinitely for customer support and service improvement |
| Payment records | As required by financial regulations (typically 7+ years) |
| Settings tokens | 30 minutes (automatically deleted after expiry) |
| Webhook events | 7 days |
| Deleted instance data | May be retained in database records indefinitely |
| Server logs | Variable based on operational needs |
We reserve the right to retain any data for longer periods if required for legal compliance, dispute resolution, or enforcement of our agreements.
6. Cookies and Tracking Technologies
Our web interfaces (settings pages, admin panel) may use:
- Session Cookies - Required for authentication and maintaining your login state on the settings panel
- ClawdBot Session Cookies - Used for authenticating access to your desktop instance (8-hour session duration)
These cookies are essential for service functionality. We do not currently use third-party analytics or advertising cookies on our web interfaces.
Your provisioned server instances may set their own cookies for the desktop interface functionality.
7. Data Security
We implement various security measures to protect your data, including:
- Database encryption and access controls
- HTTPS/TLS encryption for data in transit
- JWT-based authentication with RS256 signatures
- Secure token generation using cryptographic methods
- Cloudflare tunnels for secure server access (no open ports)
- Firewall rules blocking all direct inbound traffic to provisioned servers
Disclaimer: Despite our security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data. We are not liable for any data breaches, unauthorized access, data leaks, security incidents, or any resulting damages. You use our services at your own risk.
8. International Data Transfers
Your data may be processed and stored in various locations worldwide, including:
- Germany - Hetzner Cloud servers (default datacenter: Nuremberg)
- United States - Stripe payment processing, Cloudflare services
- Various locations - Telegram infrastructure
By using our services, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence. We do not guarantee compliance with any specific international data transfer frameworks (such as EU-US Privacy Shield or Standard Contractual Clauses).
9. Your Rights
Depending on your jurisdiction, you may have certain rights regarding your personal data. However, please note that these rights are limited in the context of our service:
9.1 What You Can Do
- Access - You can request information about the data we hold about you
- Correction - You can request correction of inaccurate data
- Account Deletion - You can request deletion of your account (subject to limitations below)
9.2 Limitations
- We may retain certain data even after account deletion for legal compliance, fraud prevention, and dispute resolution
- Message history may be retained for customer support purposes
- Payment records must be retained as required by financial regulations
- We may deny requests that are unreasonable, repetitive, or would require disproportionate effort
- We do not guarantee response times for data requests
To exercise any of these rights, contact us via Telegram at the handles listed in the Contact section.
10. Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY LAW, EZCLAW AND ITS OPERATORS, AFFILIATES, AND SERVICE PROVIDERS SHALL NOT BE LIABLE FOR:
- Any data breaches, unauthorized access, or security incidents
- Loss, corruption, or unauthorized disclosure of your data
- Actions of third-party service providers (Telegram, Stripe, Hetzner, Cloudflare)
- Service interruptions, downtime, or data loss on provisioned servers
- Any direct, indirect, incidental, consequential, or punitive damages arising from the use of our services or any data processing activities
- Any damages resulting from your reliance on our security measures
You acknowledge that you use our services at your own risk and that we provide no warranties regarding data security or privacy protection beyond what is explicitly stated in this policy.
11. Children's Privacy
Our services are not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us immediately.
12. Changes to This Policy
We reserve the right to modify this Privacy Policy at any time without prior notice. Changes become effective immediately upon posting. We may, but are not obligated to, notify you of material changes via Telegram.
Your continued use of our services after any changes constitutes acceptance of the modified policy. We encourage you to review this policy periodically.
13. Contact Us
If you have questions about this Privacy Policy or our data practices, you can reach us via Telegram:
You can also message our bot directly: @openclawdbot
14. Governing Law
This Privacy Policy shall be governed by and construed in accordance with applicable laws, without regard to conflicts of law principles. Any disputes arising from this policy or your use of our services shall be resolved through binding arbitration or in the courts of a jurisdiction of our choosing.