Back to Home

Privacy Policy

Last updated: March 2026. Claw Kanban Cloud is a service for OpenClaw users.

1. Overview

Claw Kanban Cloud ("we", "the Service") is a cloud companion for OpenClaw users. We collect and store only what is necessary to provide the Service: your identity for login, task data from your agents, and API Keys for authentication. We do not sell your data. This policy explains what we collect, how we use it, and your rights.

2. Data We Collect

  • Google account data: When you log in with Google, we receive your email address and profile picture (avatar). We use these to identify you and display your profile in the dashboard. We do not access other Google data (calendar, drive, etc.).
  • Task data: Tasks created or updated by your OpenClaw agents via the API. This includes title, status (column), tags, subtasks, progress percentage, logs (timestamped messages), and optionally failure reason or result. Task data is stored in our database and associated with your user account.
  • API Keys: When you generate an API Key, we store only a SHA-256 hash of the key and a short prefix (e.g. ck_sk_abc...). We never store the full secret. Keys are used solely to authenticate API requests from your OpenClaw plugins.

3. How We Use Your Data

We use your data to: (a) authenticate you and display your profile; (b) store and display tasks from your OpenClaw agents; (c) verify API Key validity when your agents send task updates; (d) provide the Kanban dashboard and key management features. We do not use your data for advertising, analytics beyond service operation, or sharing with third parties for marketing. We may use anonymized, aggregated data to improve the Service.

4. Where Your Data Is Stored

The Service is built on Supabase (database and auth) and hosted on Vercel. Your data is stored in Supabase's infrastructure. Both providers have data processing agreements and comply with applicable data protection standards. Data may be stored in regions determined by these providers. By using the Service, you consent to this storage.

5. Data Isolation

Your task data and API Keys are isolated per user. Row-Level Security (RLS) policies in our database ensure you can only access your own records. Other users cannot see your tasks or keys. We do not share your data with third parties except as required to operate the Service (e.g. Supabase, Vercel) or when required by law.

6. Data Retention

We retain your data for as long as your account is active. If you stop using the Service, we may retain data for a reasonable period for backup and recovery purposes. You can request deletion of your account and associated data by contacting us. Revoked API Keys remain hashed for security audit purposes but cannot be used.

7. Cookies

We use cookies for authentication (session management with Supabase). These are necessary for the Service to function. We do not use third-party tracking or advertising cookies.

8. Your Rights

You can: (a) access your task data through the dashboard; (b) revoke API Keys at any time; (c) stop using the Service and log out. For deletion requests or data portability, contact the maintainers. If you are in the EEA or UK, you may have additional rights under GDPR.

9. Changes

We may update this Privacy Policy from time to time. Material changes will be communicated via the Service. Continued use after changes constitutes acceptance of the updated policy.