Privacy Policy

Email address. Collected at registration to identify your account, send transactional messages (password resets, billing receipts, account notices), and communicate important service updates.

Password hash. Your password is hashed using bcrypt before storage. We never store, transmit, or log your plaintext password. The bcrypt hash is a one-way cryptographic transformation that cannot be reversed to recover the original password.

Backup metadata. When you back up your OpenClaw configuration, we record metadata including backup timestamps, backup size, number of backups performed, storage consumed, and the version identifier of each backup. This metadata is necessary for enforcing plan limits, displaying backup history, and providing the Service.

Google Sign-In. If you register or log in using Google Sign-In, we receive your Google user ID and profile name from Google. We use this information solely to create and authenticate your MemoryClaw account. We do not access your Google contacts, Gmail, Drive, or any other Google service data.

Device information. We collect device identifiers used during authentication to manage authorized sessions and detect unauthorized access attempts.

Server logs. Our servers automatically record limited information about each request, including IP address, timestamp, request method, endpoint path, and HTTP status code. These logs are used exclusively for security monitoring, debugging, and abuse prevention.

Rate limiting data. IP addresses are temporarily tracked in volatile server memory for the purpose of enforcing API rate limits and preventing abuse. This data is not persisted to any database or long-term storage and is automatically discarded when the rate limit window expires or the server process restarts.

Payment information. If you subscribe to a paid tier, payment is processed entirely by Stripe. We do not receive or store your full credit card number, CVV, or billing address. Stripe provides us with a limited set of billing details (last four digits, card brand, expiration date, and billing email) to display subscription status and manage your subscription.

Neural Memory data. If you use the Neural Memory features (engrams, recall, threads, cortex), we additionally collect and store the following per-engram data on your behalf:

• Encrypted memory blobs. Engram content is encrypted client-side using AES-256-GCM before transmission. We store only the resulting ciphertext. We cannot read these blobs.
• Blind-index tags. HMAC-SHA256 hashes of normalized search terms, used to enable equality search over encrypted content. We cannot reverse these tags to recover the original terms without your client-side key.
• Pre-computed embedding vectors (currently disabled). The schema permits 4096-dimensional float arrays derived from your engram content for semantic similarity recall. As of April 2026 the official MemoryClaw CLI does not generate or transmit embeddings — every engram is stored as ciphertext + blind-index tags only. The server logs a warning if any client (a third-party integration or a future CLI build) ever uploads a non-null embedding so we can review the privacy implications before that becomes the default. If we re-enable embeddings, they will ship as opt-in and the model-inversion caveat below will apply at that point. Until then, only the data classes listed above are persisted for engrams.
• DAG metadata. Parent engram hashes, creation timestamps, and branch (thread) labels used to reconstruct the engram dependency graph.
• Agent identifiers. Free-form agent IDs (chosen by you or your tooling) attached to each engram for filtering and attribution.
• Confidence scores and node types. Numerical confidence values and structural type labels (e.g. fact, observation, hypothesis) used by recall ranking and conflict detection.
• Cryptographic salt. A random byte string generated client-side on first use of Neural Memory. The salt is combined with your passphrase (which we never see) to derive your encryption key. The salt is not secret by design — the underlying key-derivation algorithm assumes the salt may be publicly known — but it is required, alongside your passphrase, to reproduce your encryption key on a different machine or after losing your local configuration. We persist the salt server-side under your account so the CLI can recover it during initialization. Storing the salt does not weaken the zero-knowledge guarantee: only your passphrase, which we never see, can unlock your data.
• Memory activity log. Each time you create, consolidate, or clear an engram, we append an opaque event to your account's activity log: the event timestamp, the claw (agent) identifier, the content hash of the affected engram, and the encrypted blob size in bytes. No plaintext, no tags, and no engram contents are recorded in the activity log. Used to power your Memory Activity heatmap and our internal usage analytics. Wiped on account deletion alongside all other Neural Memory data.

MemoryClaw is built on a zero-knowledge architecture. This means there are categories of data that we structurally cannot access, even if compelled by legal process or in the event of a server breach:

• Your encryption passphrase. Your passphrase is never transmitted to our servers. It is used exclusively on your local device to derive the encryption key. If you lose your passphrase, we cannot recover it or your data.
• Unencrypted backup contents. All backup data is encrypted client-side using AES-256-GCM before it leaves your device. We store only the resulting encrypted blobs. We cannot read, inspect, decrypt, or otherwise access the contents of your backups.
• Your plaintext password. We store only the bcrypt hash of your password. The hashing is performed server-side upon receipt, and the plaintext value is never written to disk, logged, or retained in memory beyond the authentication request lifecycle.

This design ensures that a compromise of our infrastructure does not expose your sensitive configuration data or credentials.

Important caveat for Neural Memory users. Engram blob content is end-to-end encrypted with AES-256-GCM client-side; we cannot decrypt it. The official CLI does not currently generate or upload embedding vectors (see Section 1) — if and when we add encrypted-similarity-search, embeddings will ship as opt-in with the model-inversion considerations clearly documented. Blind-index (HMAC-SHA256) tags are stored alongside ciphertext to enable equality lookups; without your client-side key, these tags cannot be reversed to plaintext, but they do leak whether two engrams reference the same normalized term. DAG metadata (parent hashes, agent IDs, thread labels, timestamps, blob sizes) is also visible to us by necessity — used for ordering, plan-quota enforcement, and rendering the engram graph in your dashboard.

We use the information we collect strictly for the following purposes:

• Service operation. To provide, maintain, and improve the Service, including authenticating your identity, authorizing access, enforcing plan limits (backup counts, storage quotas), and delivering your encrypted backups on demand.
• Billing and subscriptions. To process payments, manage subscription lifecycle (upgrades, downgrades, cancellations), and issue receipts through Stripe.
• Transactional communications. To send essential emails including a one-time welcome email upon registration, account verification, email change verification, password resets, billing receipts, plan change confirmations, and data deletion notices. We do not send marketing emails, newsletters, or promotional content.
• Security and abuse prevention. To detect and prevent fraud, unauthorized access, API abuse, and other security incidents through rate limiting, log analysis, and anomaly detection.
• Legal compliance. To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

We do NOT sell, rent, lease, or trade your personal information to any third party. We do not use your encrypted backup data for any purpose other than storing it and returning it to you upon authenticated request.

Memory operations. When you use the Neural Memory features, we perform the following operations on the data described in Section 1:

• Storage. Encrypted blobs, blind-index tags, and DAG metadata are persisted to our infrastructure (Firestore subcollections and Cloud Storage) so you can later recall them. Embedding vectors are not currently uploaded — see Section 1.
• Blind-index search. Equality lookups over encrypted engrams are performed by matching against the HMAC tags you uploaded, never against plaintext.
• Conflict detection and resolution. When a recall surfaces engrams whose content or claims diverge, our service flags them for client-side resolution; we do not adjudicate plaintext content.
• Consolidation. Periodic structural maintenance of the engram graph (re-linking, pruning superseded engrams) operates only on metadata and ciphertext references — never on plaintext.

The MemoryClaw server never calls a Large Language Model on your behalf and never sees engram plaintext during any of these operations.

We share limited information with third-party service providers solely to operate the Service. Our providers may change over time (for example, we may switch infrastructure, email delivery, or payment processors). When we make material changes to the third parties that process your personal information, we will update this section and, where required, provide notice as described in Section 12.

Current providers include:

• Stripe — processes all payment transactions for paid subscriptions. Stripe receives your payment details directly; we never handle or store full card numbers. Stripe's handling of your payment data is governed by the Stripe Privacy Policy.
• Google Cloud Platform (GCP) — Cloud Storage — stores your encrypted backup blobs. Cloud Storage provides infrastructure-level encryption at rest on top of the client-side encryption already applied to your data.
• Google Cloud Platform (GCP) — Firestore — stores account information, backup metadata, and subscription records. Data is encrypted at rest by Google Cloud.
• Google — provides authentication via Google Sign-In (OAuth 2.0). When you choose to sign in with Google, Google transmits your user ID, profile name, and profile picture URL to us. We store this information to create and authenticate your MemoryClaw account and to display your profile picture within the Service. Google's handling of your data is governed by the Google Privacy Policy.
• Cloudflare — provides bot detection via Cloudflare Turnstile on login and registration forms. Turnstile may collect browser telemetry and interaction data to distinguish human users from automated bots. No personal information is shared with Cloudflare beyond what is necessary for this verification. Cloudflare's handling of your data is governed by the Cloudflare Privacy Policy.
• Gmail (Google) — processes transactional emails (password resets, account notices) via SMTP relay. Email content is transmitted through Google's infrastructure for delivery. Google's handling of this data is governed by the Google Privacy Policy.
• Namecheap Private Email — hosts our contact email inbox (info@memoryclaw.ai). Inbound messages you send to this address are stored and processed by Namecheap's email infrastructure. Namecheap's handling of this data is governed by the Namecheap Privacy Policy.

We do not sell, share, or transfer your encrypted user data — engram blobs, backup blobs, blind-index tags, threads, account records — to advertising networks, data brokers, or any other commercial third party. Your encrypted backups and Neural Memory data exist only to be served back to you (or to your authenticated agents acting under your account). Public marketing pages on memoryclaw.ai use industry-standard, page-level web measurement (page views, referrer, conversion events) that is independent of, and never joined to, the encrypted user data described in Section 1.

We may disclose account information if required by law, subpoena, court order, or valid legal process, but only to the minimum extent necessary.

Active accounts. We retain your account information and encrypted backup data for as long as your account remains active. Your data persists across billing cycles and plan changes.

Inactive free accounts. If a free-tier account has had no backup activity for an extended period, we may schedule it for deletion. Before any deletion occurs, we will send advance notice to your registered email address, giving you the opportunity to log in and retain your account. Current inactivity and notice periods are listed in the FAQ.

Account deletion. You may delete your account at any time from your dashboard settings or by contacting us. Account deletion is immediate and irreversible. When you delete your account:

• Your encrypted backup blobs are permanently removed from Google Cloud Storage.
• Your account information (email, hashed password) is permanently erased from our database.
• All backup metadata and usage records associated with your account are deleted.
• Because of our zero-knowledge architecture, we cannot restore any data once deleted.

Claw deletion metadata. When a claw (device) is deleted, minimal metadata markers are retained for rate limiting and re-registration prevention. These markers contain no backup data or personal content. They persist until account deletion, at which point all user data is permanently removed.

Server logs. Retained for as long as reasonably necessary for security monitoring, debugging, and abuse prevention. Log retention periods may vary based on infrastructure configuration.

Stripe billing records. Payment and invoice records processed by Stripe are retained by Stripe in accordance with their own retention policy and applicable tax and financial regulations. We do not control Stripe's retention schedule.

Neural Memory data retention. Engrams and related Neural Memory metadata are retained according to your current plan tier. Specific retention durations may change as we evolve the Service; the current values are listed on the pricing page and in the FAQ. We will provide reasonable advance notice before any change reduces the retention you currently receive.

On account deletion, all Neural Memory data — including memory_nodes, memory_edges, memory_threads, memory_usage records, memory_events activity log, the cryptographic salt persisted under your account, and any associated Google Cloud Storage blobs — is cascade-deleted immediately along with your account and is unrecoverable.

You may also at any time use the "Clear Neural Memory" control in your dashboard to permanently and irreversibly remove every engram, edge, thread, and encrypted memory blob from your account without deleting the account itself. This wipes the live memory graph and the associated server-side storage; your monthly usage counters and your activity log are preserved (so a clear does not reset rate limits or erase the audit trail). The cleared content cannot be recovered by you or by us.

localStorage. We use browser localStorage to persist your session authentication token, your email address, user identifier, and claw selection preference. This data remains on your device and is not transmitted to third parties.

Essential first-party cookies. We may set a small number of essential first-party cookies required for the Service to function correctly, such as beta gate access verification.

No cross-site profiling, no retargeting, no fingerprinting. We do not engage in cross-site behavioral profiling, fingerprinting, or retargeting based on your encrypted user data (engrams, backups, account records). The MemoryClaw Service itself (dashboard, CLI, encrypted Neural Memory + backup APIs) sets no third-party tracking cookies.

Marketing-page measurement. Our public marketing pages on memoryclaw.ai may include industry-standard, page-level web measurement and conversion-tracking scripts (page views, referrer, signup conversion events) so we can understand site usage and the effectiveness of acquisition channels. These scripts are scoped to the marketing pages, are independent of the encrypted user data described in Section 1, and never read or transmit your engram contents, backup contents, blind-index tags, or other Service-stored data.

CLI local storage. The MemoryClaw CLI plugin stores data locally on your device in the ~/.config/memoryclaw/ directory. This includes authentication credentials, device configuration, your encryption passphrase (stored in encrypted form), and local settings. This data is cleared when you run memoryclaw logout from the CLI. Note that deleting your account from the website does not automatically remove CLI local storage — you must run memoryclaw logout separately to clear local data from your device.

You can configure your browser to reject cookies or clear localStorage, but doing so may require you to re-authenticate and may affect Service functionality.

Regardless of your location, we extend the following rights to all MemoryClaw users. These rights are consistent with the requirements of the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA):

• Right to access. You can request a copy of all personal information we hold about your account.
• Right to correction. You can update your email address and other account information through your dashboard at any time.
• Right to deletion. You can delete your account and all associated data from your dashboard settings. Deletion is immediate and irreversible.
• Right to data portability. You can export your encrypted backup data at any time using the memoryclaw pull --file CLI command, which downloads and decrypts your backup to a local file you control. A dedicated Neural Memory data export (engrams, threads, edges) is coming soon; in the meantime you may request a manual export by emailing info@memoryclaw.ai.
• Right to erasure. Deleting your account from the dashboard cascade-deletes all Neural Memory data (memory_nodes, memory_edges, memory_threads, memory_usage, memory_events, the cryptographic salt persisted under your account, and any GCS blobs) immediately and irreversibly, in addition to your account record and encrypted backup blobs. You may also use the "Clear Neural Memory" control to wipe Neural Memory data without deleting your account.
• Right to object and restrict. You can object to or request restriction of certain processing activities by contacting us.
• Right to withdraw consent. Where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing performed before the withdrawal.

To exercise any of these rights, use the relevant options in your dashboard settings or contact us at info@memoryclaw.ai. We will acknowledge your request within 5 business days and respond substantively within 30 days.

Additional region-specific rights are detailed in Section 14 below.

We implement multiple layers of security to protect your data:

• HTTPS everywhere. All communication between your device and our servers is encrypted in transit using TLS. Unencrypted HTTP requests are rejected.
• Client-side AES-256-GCM encryption. Your backup data is encrypted on your device before transmission using AES-256-GCM, an authenticated encryption standard. The encryption key is derived from your passphrase, which never leaves your device.
• bcrypt password hashing. Account passwords are hashed using bcrypt with a per-user salt, making brute-force and rainbow table attacks computationally infeasible.
• Token-based session authentication. Authentication sessions are managed via signed, server-validated tokens. Tokens are validated on every request and rejected when expired or invalidated. Specific session duration may change as we tune the Service; password change and explicit logout always invalidate active sessions immediately.
• Rate limiting. API endpoints are protected by rate limiting to prevent brute-force attacks, credential stuffing, and denial-of-service attempts.
• Least privilege access. Internal systems follow the principle of least privilege. Service components have access only to the specific resources they require. Database credentials and encryption keys are managed through environment-scoped secrets.

While we take extensive measures to protect your data, no system is perfectly secure. We encourage you to use a strong, unique passphrase and to keep your CLI and dependencies up to date.

MemoryClaw is not intended for use by anyone under the age of 13 (or the applicable minimum age in your jurisdiction — see Section 14 for region-specific details). We do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA).

If we become aware that we have inadvertently collected personal information from a child under 13 (or below the applicable minimum age in your jurisdiction — see Section 14 for region-specific details), we will take immediate steps to delete the account and all associated data. If you believe a child under 13 has created a MemoryClaw account, please contact us at info@memoryclaw.ai so we can take appropriate action.

MemoryClaw is operated from and data may be stored in the United States. If you access the Service from outside the United States, you understand and consent to the transfer, processing, and storage of your information in the United States.

The United States may not provide the same level of data protection as your home jurisdiction. By using the Service, you acknowledge this and consent to such transfers. We apply the same security and privacy protections described in this policy regardless of where you are located.

For information about the specific legal mechanisms we use for cross-border transfers, see the region-specific disclosures in Section 14.

MemoryClaw does not engage in cross-site behavioral profiling of users and does not sell, share, or transfer your encrypted user data (engrams, backups, account records) to advertising networks or data brokers. The MemoryClaw Service itself — the dashboard, the CLI, and the encrypted Neural Memory + backup APIs — uses no behavioral tracking; only strictly necessary cookies and local storage as described in Section 6.

Our public marketing pages on memoryclaw.ai may include industry-standard, page-level web measurement (page views, referrer, conversion events). This measurement is independent of, and never joined to, the encrypted user data described in Section 1. Because we do not engage in cross-site behavioral profiling, we do not currently honor Do Not Track (DNT) browser signals as a separate control. Users who wish to opt out of marketing-page measurement can configure their browser to block third-party scripts or cookies before navigating the site.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you by email to your registered address or by posting a prominent notice on the Service at least 14 days before the changes take effect.

We may also make non-material updates (such as clarifications, formatting changes, or updates to reflect provider changes) without prior notice. The "Last updated" date at the top of this page indicates when this policy was most recently revised.

Your continued use of the Service after the effective date of a revised policy constitutes your acceptance of the updated terms. If you do not agree with the changes, you should discontinue use and delete your account before the updated policy takes effect.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, you can reach us through the following channels:

For all inquiries — privacy, security, or general support — email us at info@memoryclaw.ai.

We aim to acknowledge all inquiries within 5 business days and provide a substantive response within 30 days.

The following subsections provide additional disclosures required by specific regional privacy laws. These supplements apply in addition to, and do not replace, the rest of this Privacy Policy.

This subsection applies if you are located in the European Economic Area (EEA). It supplements the information above with disclosures required by the General Data Protection Regulation (EU) 2016/679 ("GDPR").

Data controller. The data controller for purposes of the GDPR is NGSRV, LLC (owner and operator of MemoryClaw). You may contact us regarding data protection matters at info@memoryclaw.ai.

Data Protection Officer. We have not appointed a Data Protection Officer, as we do not meet the thresholds set out in Article 37 of the GDPR (we do not carry out large-scale systematic monitoring of individuals, nor do we process special categories of data at scale).

Legal basis for processing. We process your personal data on the following legal bases:

• Performance of a contract (Article 6(1)(b)): Account creation, authentication, encrypted backup storage and retrieval, payment processing, and transactional emails are necessary to perform the contract between you and MemoryClaw.
• Legitimate interests (Article 6(1)(f)): Server logging, security monitoring, rate limiting, and abuse prevention are carried out on the basis of our legitimate interest in protecting the Service and its users. These activities are proportionate and do not override your fundamental rights.
• Legal obligation (Article 6(1)(c)): We may process data to comply with applicable tax, financial reporting, or law enforcement obligations.

Retention periods.

Additional GDPR rights. In addition to the rights listed in Section 7, EEA users have the right to:

• Data portability. Receive your personal data in a structured, commonly used, machine-readable format (JSON). You can also use memoryclaw pull --file to export your encrypted backups at any time.
• Erasure (Article 17). Request deletion of your personal data on any of the grounds set out in Article 17 of the GDPR. Account deletion through the dashboard fulfils this right immediately.
• Restriction of processing. Request that we restrict certain processing activities while a concern is being resolved.
• Lodge a complaint. You have the right to lodge a complaint with a supervisory authority in the EEA Member State of your habitual residence or place of work. A list of supervisory authorities is available on the EDPB website.

International transfers. Your data is transferred to and stored in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the primary legal mechanism for these transfers. Where applicable, we also rely on the EU-U.S. Data Privacy Framework for transfers to certified U.S. organizations.

ePrivacy. The MemoryClaw Service (dashboard, CLI, and encrypted Neural Memory + backup APIs) uses only strictly necessary cookies and local storage as described in Section 6 — no consent is required for these under the ePrivacy Directive. Our public marketing pages on memoryclaw.ai may include industry-standard measurement and conversion-tracking scripts that set cookies; users in the EEA and UK who wish to decline these can configure their browser to block third-party cookies before navigating the marketing site. We are evaluating a granular cookie-consent banner for the EEA / UK marketing-page experience as part of an ongoing privacy-program review.

Children. In the EEA, the minimum age for consenting to data processing in relation to information society services is 16 years (or a lower age set by individual Member States, but never below 13). If you are below the applicable age in your Member State, a parent or guardian must provide consent on your behalf.

Response times. We will respond to GDPR rights requests within 30 days of receipt. If a request is particularly complex, we may extend this period by up to 2 additional months, in which case we will inform you of the extension and the reasons for the delay within the initial 30-day period.

This subsection applies if you are located in the United Kingdom. It supplements the information above with disclosures required by the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018.

Data controller. The data controller is NGSRV, LLC (owner and operator of MemoryClaw). For data protection inquiries, contact info@memoryclaw.ai.

Legal bases. We process your personal data under the UK GDPR on the same legal bases described in Section 14A above: performance of a contract, legitimate interests, and legal obligation.

Your rights. UK users enjoy the same data protection rights as described in Section 7 and Section 14A, including the rights to access, rectification, erasure, restriction, portability, and objection.

Complaints. If you believe we have not handled your data in accordance with the law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). You can file a complaint at https://ico.org.uk/make-a-complaint/.

International transfers. Your data is transferred to the United States. We rely on the UK Addendum to the EU Standard Contractual Clauses or the International Data Transfer Agreement (IDTA) as the legal mechanism for these transfers. Where applicable, we also rely on the UK Extension to the EU-U.S. Data Privacy Framework.

Children. In the United Kingdom, the minimum age for consenting to data processing in relation to information society services is 13 years under the Data Protection Act 2018.

This subsection applies if you are a California resident. It supplements the information above with disclosures required by the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 ("CCPA").

Categories of personal information collected. In the preceding 12 months, we have collected the following categories of personal information:

• Identifiers: Email address, IP address, device identifiers.
• Internet or other electronic network activity information: Server logs, API request data, timestamps, HTTP status codes.
• Commercial information: Subscription plan, payment status, and billing details processed by Stripe (last four digits of card, card brand, expiration).

Sale and sharing of personal information. We do NOT sell your personal information. We do NOT share your personal information for cross-context behavioral advertising. We have not sold or shared personal information in the preceding 12 months.

Your CCPA rights. As a California resident, you have the following rights under the CCPA:

• Right to Know. You can request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete. You can request the deletion of personal information we have collected from you, subject to certain legal exceptions. Account deletion via the dashboard fulfils this right immediately.
• Right to Correct. You can request that we correct inaccurate personal information we hold about you.
• Right to Opt-Out of Sale/Sharing. Not applicable — we do not sell or share personal information.
• Right to Limit Use of Sensitive Personal Information. Not applicable — we do not collect sensitive personal information as defined by the CCPA.
• Right to Non-Discrimination. We will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing, quality of service, or access levels as a result of exercising your privacy rights.

How to submit a request. You may submit a CCPA request by emailing info@memoryclaw.ai with the subject line "CCPA Request." We will verify your identity by confirming your registered email address. We will acknowledge your request and respond within 45 days of receipt. If we require additional time, we will notify you of the extension (up to an additional 45 days).

Authorized agents. You may designate an authorized agent to submit a CCPA request on your behalf. We will require the authorized agent to provide written proof of authorization (such as a signed letter or power of attorney) and may require you to verify your identity directly with us before processing the request.

Financial incentive programs. We do not offer any financial incentive programs related to the collection, retention, or sale of personal information.