Privacy Policy

Last updated: February 23, 2026

1. Who We Are

Clawlient is operated by Usto AI LLC ("we," "us," "our"). We provide a platform for deploying and managing AI-powered chatbots on messaging platforms such as Telegram and Discord.

Contact: shsobirov.dev@gmail.com

2. Information We Collect

Account Information

When you sign up via Google or GitHub OAuth, we receive and store:

  • Name
  • Email address
  • Profile picture URL
  • OAuth provider identifier

Payment Information

Payments are processed by Stripe. We do not store credit card numbers or bank details. Stripe provides us with a customer ID and subscription status. See Stripe's Privacy Policy.

Bot Configuration

When you create a bot, we store:

  • Bot name and configuration settings
  • LLM provider and model selection
  • System prompts you write
  • API keys for LLM providers (encrypted at rest with AES-256-GCM)
  • Messaging platform tokens (encrypted at rest with AES-256-GCM)

Usage Data

We collect basic server logs including IP addresses, request timestamps, and error information for operational purposes. We do not use third-party analytics or tracking services.

3. How We Use Your Information

  • To create and manage your account
  • To provision, deploy, and operate your chatbots
  • To process payments and manage your subscription
  • To monitor bot health and perform auto-restarts
  • To communicate with you about your account (e.g., billing issues, bot crashes)
  • To improve and maintain the platform

4. Data Storage & Security

Your data is stored on servers operated by Hetzner Online GmbH, located in the European Union (Helsinki, Finland and Nuremberg, Germany). All sensitive credentials (API keys, bot tokens) are encrypted at rest using AES-256-GCM.

All connections use HTTPS/TLS. SSH key-based authentication is used for server-to-server communication. No passwords are stored.

5. Chat Messages

Clawlient does not store or log the messages your bot processes. Messages are sent directly from the messaging platform to your bot's LLM provider (e.g., Anthropic, OpenAI, Google) in real-time and are not retained by us. The LLM provider's own privacy policy governs how they handle that data.

6. Data Sharing

We do not sell your personal information. We share data only with:

  • Stripe — for payment processing
  • Hetzner — infrastructure provider (server hosting)
  • Google / GitHub — for OAuth authentication
  • Resend — for transactional email delivery (bot crash alerts, billing notifications)
  • Your chosen LLM provider — your API key is used to make requests on your behalf

7. Data Retention

We retain your account data for as long as your account is active. When you delete your account, we permanently delete your user record, bot configurations, and encrypted credentials. Bot VPS resources are destroyed. Stripe may retain billing records per their own policies.

8. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access — You can view your data in the dashboard or use the "Export My Data" feature on the billing page to download a machine-readable copy.
  • Right to erasure — You can permanently delete your account and all associated data using the "Delete Account" button on the billing page.
  • Right to data portability — The "Export My Data" feature provides your data in JSON format for easy transfer.
  • Right to rectification — Contact us to correct any inaccurate personal data.
  • Right to restrict processing — Contact us if you wish to restrict how we process your data.
  • Right to object — You may object to processing based on legitimate interests by contacting us.

Legal basis for processing: We process your data based on (a) contract performance — to provide the Clawlient service you signed up for, (b) legitimate interest — to maintain platform security and improve the service, and (c) consent — where you have explicitly opted in (e.g., marketing communications, if any).

Data controller: Usto AI LLC is the data controller for all personal data collected through Clawlient.

International data transfers: While our servers are located in the EU, Usto AI LLC is based in the United States. Any data transfers outside the EEA are conducted in compliance with GDPR requirements, using appropriate safeguards such as Standard Contractual Clauses (SCCs).

Supervisory authority: If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence or place of work.

For any data requests, contact us at shsobirov.dev@gmail.com. We will respond to GDPR requests within 30 days.

9. Cookies

We use essential cookies only for authentication session management (NextAuth.js session token). We do not use advertising, analytics, or tracking cookies.

10. Children

Clawlient is not intended for use by individuals under the age of 13. We do not knowingly collect information from children.

11. Changes to This Policy

We may update this policy from time to time. We will notify registered users of significant changes via email. The "Last updated" date at the top indicates when this policy was last revised.

12. Contact

If you have questions about this Privacy Policy, contact us at shsobirov.dev@gmail.com.