Privacy Policy

1. Scope of This Policy

This Privacy Policy explains how Opxia collects, uses, discloses, stores, and protects information when you visit the OpxiaClaw website, sign in, create an assistant, connect Telegram, or otherwise use the Service. It does not apply to websites, apps, AI model providers, payment providers, Telegram, Google, OpenClaw, or other third-party services that we do not operate.

2. Information You Provide

• Account information: when you sign in with Google, we receive and store basic account details such as your email address, name, profile image, and an internal user ID.
• Assistant setup information: when you create an assistant, we collect configuration details such as assistant name, your display name, timezone, profile description, personality template, optional personality instructions, and tasks or preferences you provide.
• Telegram connection information: we collect the Telegram bot token you provide so your assistant can connect to Telegram. The token is sent to the orchestrator and injected into your assistant container environment. We do not store the Telegram bot token in the web application database.
• AI/API configuration: OpxiaClaw may use Opxia-managed provider keys or, where the product gives you that option, OpenAI, Google, ElevenLabs, model, voice, search, and image-generation configuration you provide. User-provided API keys are sent to the orchestrator and injected into the assistant container environment. We do not store user-provided API keys in the web application database.
• Pairing and support information: we process Telegram pairing codes, support emails, feedback, and any information you choose to send us.
• Payment information: if paid plans are enabled, payment details are processed by our payment providers. We do not intend to store full card numbers or full payment credentials on our own servers.

3. Information Collected Automatically

• Log and technical data such as IP address, browser type, device type, operating system, referring pages, timestamps, request metadata, error logs, and security events.
• Usage data such as pages visited, features used, assistant lifecycle events, onboarding progress, status checks, and interactions needed to operate and improve the Service.
• Approximate location inferred from IP address. We do not collect precise GPS location through the website.
• Cookie and session data used for authentication, account security, preferences, and service operation.

4. Agent, Workspace, and Conversation Data

OpxiaClaw runs a managed OpenClaw environment for each assistant. Your assistant workspace may include rendered configuration files, memory/state files, pairing state, logs, and other data produced by OpenClaw or related tools. Telegram messages and assistant responses may be processed by Telegram, OpenClaw, AI model providers, and Opxia-managed infrastructure as necessary to provide the Service.

• We do not claim ownership of your prompts, instructions, Telegram content, or assistant outputs.
• We do not use your private content to train Opxia-owned foundation models.
• Operational logs may contain limited message or error context depending on the behavior of OpenClaw, Telegram, model providers, and your assistant configuration.
• You should avoid submitting highly sensitive information unless it is necessary for your use case and you understand the third-party services involved.

5. Information from Third Parties

We may receive information from third parties that help us provide the Service, including Google for authentication, Telegram for bot connectivity, AI model providers for model usage, infrastructure providers for hosting and logs, analytics providers, email/support providers, and payment processors for billing status.

6. How We Use Information

• Create, authenticate, and manage your account.
• Provision, run, monitor, troubleshoot, pair, and delete managed assistant containers.
• Connect your assistant to Telegram and AI model providers.
• Store non-secret assistant configuration so your dashboard and assistant lifecycle can function.
• Provide customer support, respond to requests, and send service communications.
• Improve reliability, security, performance, onboarding, and product experience.
• Detect, prevent, and investigate abuse, fraud, unauthorized access, policy violations, and security incidents.
• Comply with legal, tax, accounting, regulatory, dispute-resolution, and enforcement obligations.

7. Legal Bases for EEA/UK Users

If you are in the European Economic Area or the United Kingdom, we process personal data under legal bases that may include performance of a contract, legitimate interests, legal obligations, and consent where required. Legitimate interests include operating and securing the Service, preventing abuse, improving the product, and communicating with users about service-related matters.

8. How We Share Information

• Service providers and subprocessors: we share information with vendors that help us operate OpxiaClaw, such as hosting, container infrastructure, authentication, AI model access, Telegram connectivity, analytics, email, support, security, and payment providers.
• Third-party integrations you choose: when you connect Telegram or use an AI model provider, information needed for that integration is sent to the relevant provider.
• Legal and safety reasons: we may disclose information if required by law, court order, government request, or if we believe disclosure is necessary to protect rights, property, safety, security, or prevent misuse.
• Business transfers: if Opxia is involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction subject to applicable law.
• With your consent: we may share information for other purposes if you ask us to or give consent.

9. Key Third-Party Services

OpxiaClaw may rely on third-party services such as Google for sign-in, Telegram for messaging, OpenAI or other AI model providers for model processing, cloud infrastructure providers for hosting, and payment providers if billing is enabled. These providers process information under their own terms and privacy policies as well as any agreements we have with them.

10. No Sale of Personal Information

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We also do not share your private assistant content with advertisers.

11. Cookies and Similar Technologies

We use cookies and similar technologies to keep you signed in, secure your session, remember preferences, understand product usage, measure performance, and protect the Service. You can control cookies through your browser settings, but disabling cookies may cause authentication or other parts of the Service to stop working properly.

12. Data Security

We use reasonable technical and organizational safeguards designed to protect personal information, including access controls, authentication, private-network communication between services, isolated assistant containers, secret-handling practices, and security monitoring. However, no internet service, cloud system, AI workflow, or method of electronic storage can be guaranteed to be completely secure.

13. Data Retention

• Account data is generally retained while your account remains active and as needed for legal, security, accounting, support, or dispute-resolution purposes.
• Assistant dashboard records are retained while your assistant exists. When you delete an assistant, we remove its dashboard record and deprovision its isolated runtime environment, including the associated container.
• When you delete an assistant, the assistant workspace associated with that isolated environment, including files, memory, pairing state, and local logs, is deleted from active infrastructure.
• Telegram bot tokens and optional user-provided API keys are not stored in the web application database. They are injected into the assistant runtime only so the assistant can operate, and they are removed when the isolated runtime environment is deprovisioned.
• Separate security logs, backups, and support records may be retained for limited periods where needed for security, abuse prevention, legal compliance, dispute resolution, or service integrity.
• When data is no longer needed, we delete, anonymize, or securely retain it until deletion is feasible.

14. Your Privacy Rights

Depending on your location and applicable law, you may have rights to access, correct, update, delete, export, restrict, or object to processing of your personal data. Where processing is based on consent, you may withdraw consent at any time. To exercise rights, contact contact@opxia.com. We may need to verify your identity before acting on a request.

15. India Privacy and Data Protection

Opxia is based in India. We aim to handle personal data in accordance with applicable Indian laws, including the Information Technology Act, 2000, applicable rules, and the Digital Personal Data Protection Act, 2023 as and when its provisions apply to us. Indian users may contact us at contact@opxia.com for access, correction, grievance, or deletion-related requests.

16. EEA/UK and California Rights

If you are in the EEA or UK, you may have GDPR/UK GDPR rights and may lodge a complaint with your local supervisory authority. If you are a California resident, you may have rights under California privacy laws, including access, deletion, correction, and opt-out rights where applicable. We will not discriminate against you for exercising legally available privacy rights.

17. International Data Transfers

Because OpxiaClaw is an online global service, your information may be transferred to, stored in, and processed in India and other countries where Opxia, our infrastructure, or our service providers operate. These countries may have data protection laws different from those in your jurisdiction. Where required, we use appropriate safeguards for international transfers.

18. Children

OpxiaClaw is not intended for children under 18, and we do not knowingly collect personal information from children under 18. If you believe a child has provided us personal information, contact us so we can take appropriate action.

19. Third-Party Links and Services

The Service may link to or integrate with third-party websites, apps, APIs, models, bots, and services. We are not responsible for the privacy practices of third parties. Please review their privacy policies before providing information to them.

20. Do Not Track

There is no consistent industry standard for browser-based Do Not Track signals, so we do not currently respond to them unless a recognized standard requires otherwise.

21. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or the Service. If we make material changes, we may notify you through the Service, by email, or by another reasonable method. The updated policy will be effective when posted or when otherwise stated.

22. Contact

For privacy questions, requests, or grievances, contact Opxia at contact@opxia.com.