GDPR Compliance
Our commitment to protecting your data under GDPR.
Last updated: March 10, 2026
1. Our Commitment
OpenClawManage is committed to complying with the General Data Protection Regulation (GDPR). We respect your privacy and are transparent about how we handle your personal data. This page outlines how we meet GDPR requirements.
2. Lawful Basis for Processing
We process your personal data under the following lawful bases:
- Contractual necessity — to provide the hosting services you have purchased
- Legitimate interest — to improve our services, ensure security, and prevent fraud
- Consent — for optional communications such as marketing emails
- Legal obligation — to comply with tax, accounting, and regulatory requirements
3. Your Rights Under GDPR
As a data subject, you have the following rights:
Right of Access
You can request a copy of all personal data we hold about you.
Right to Rectification
You can request correction of inaccurate or incomplete personal data.
Right to Erasure
You can request deletion of your personal data ("right to be forgotten").
Right to Data Portability
You can request your data in a structured, machine-readable format.
Right to Restrict Processing
You can request that we limit how we use your personal data.
Right to Object
You can object to processing based on legitimate interest or direct marketing.
Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time.
4. Data We Process
| Data Category | Purpose | Retention |
|---|---|---|
| Account info (name, email) | Service delivery | Until account deletion + 30 days |
| Payment records | Billing & legal compliance | 7 years (tax requirements) |
| Support tickets | Customer support | Until account deletion |
| Instance usage data | Service monitoring | 90 days rolling |
5. Data Protection Measures
- All data transmitted via SSL/TLS encryption
- Passwords stored using bcrypt hashing
- Database access restricted and monitored
- Regular security audits and updates
- Isolated customer instances for data separation
6. Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users within 72 hours and report the breach to the relevant supervisory authority as required by GDPR.
7. Exercising Your Rights
To exercise any of your GDPR rights, please contact us. We will respond to your request within 30 days. You may also lodge a complaint with your local data protection authority.