Privacy Policy

Effective date: March 11, 2025 · Last updated: March 11, 2025

1. Introduction

RunLobster, Inc. (“RunLobster”, “we”, “us”, “our”) operates the RunLobster platform at runlobster.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using the Service you consent to the practices described in this policy.

2. Information We Collect

2.1 Information You Provide

  • Account information. Name, email address, and authentication provider details (Google, GitHub, or email/password) when you create an account.
  • Billing information. Payment details are collected and processed by Stripe. We store your Stripe customer ID, subscription status, and plan details but never store full credit card numbers.
  • Agent configuration. System prompts, agent names, and configuration preferences you set for your OpenClaw instance.
  • Messages and content. Messages you send through the web chat interface and any data your agent processes through connected channels.
  • API keys. If you use Bring Your Own Key (BYOK), we store your third-party LLM API keys in encrypted form.
  • Support communications. Any messages you send to us via email or other support channels.

2.2 Information Collected Automatically

  • Usage data. Pages visited, features used, buttons clicked, and general interaction patterns via PostHog analytics.
  • Device information. Browser type, operating system, and device type.
  • Log data. IP addresses, access times, and referring URLs recorded in server logs.
  • Cookies. We use essential cookies for authentication and session management, and analytics cookies for product improvement.
  • Advertising data. Google Ads click identifiers (gclid) for conversion attribution.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service.
  • Process transactions and manage your subscription.
  • Provision and manage your OpenClaw container and connected channels.
  • Send transactional emails (account confirmations, billing receipts, service alerts).
  • Respond to your support requests.
  • Analyze usage patterns to improve the Service.
  • Detect, prevent, and address abuse, fraud, and security issues.
  • Measure advertising effectiveness and attribute conversions.
  • Comply with legal obligations.

4. How We Share Your Information

We do not sell your personal information. We share information only in these circumstances:

  • Service providers. We share data with third-party providers that help us operate the Service, including Supabase (database and authentication), Stripe (payment processing), PostHog (analytics), Vercel (hosting), and LLM providers (when processing your agent's requests).
  • Connected platforms. When you connect channels (Slack, Telegram, Discord, WhatsApp) or integrations (via Composio), data is shared with those platforms as necessary to provide the integration.
  • Legal requirements. We may disclose information if required by law, regulation, legal process, or governmental request.
  • Business transfers. In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.
  • With your consent. We may share information for any other purpose with your explicit consent.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Chat messages and agent interaction data are retained for the duration of your subscription. Upon account deletion, we delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing agreements). Anonymized and aggregated data that cannot identify you may be retained indefinitely for analytics.

6. Data Security

We implement industry-standard security measures to protect your information, including: encryption in transit (TLS/HTTPS), encryption at rest for sensitive data such as API keys, access controls limiting employee access to personal data, and regular security reviews. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Cookies & Tracking

We use the following types of cookies and tracking technologies:

  • Essential cookies. Required for authentication, session management, and core functionality. These cannot be disabled.
  • Analytics cookies. PostHog cookies that help us understand how users interact with the Service. You may opt out by using your browser's Do Not Track setting or a privacy-focused browser.
  • Advertising cookies. Google Ads cookies used for conversion tracking and advertising attribution. These can be managed through your browser settings.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access. Request a copy of the personal information we hold about you.
  • Correction. Request correction of inaccurate personal information.
  • Deletion. Request deletion of your personal information. You can delete your account from the dashboard settings at any time.
  • Portability. Request a copy of your data in a portable format.
  • Opt-out. Opt out of marketing communications and certain data processing activities.
  • Restriction. Request that we restrict processing of your personal information under certain conditions.

To exercise any of these rights, contact us at support@runlobster.com. We will respond within 30 days.

9. California Privacy Rights (CCPA)

If you are a California resident, you have the right to: know what personal information we collect and how it is used; request deletion of your personal information; opt out of the sale of personal information (we do not sell personal information); and not be discriminated against for exercising your privacy rights. To exercise these rights, contact us at support@runlobster.com.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States where our servers are located. By using the Service, you consent to such transfers. We take steps to ensure that your data is treated securely and in accordance with this Privacy Policy.

11. Children's Privacy

The Service is not directed to children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will take steps to delete it.

12. AI & Data Processing

When you interact with your OpenClaw agent, your messages are sent to third-party LLM providers (such as Anthropic, OpenAI, or Google) for processing. These providers may process your data according to their own privacy policies. We do not use your conversations or content to train any AI models. If you use BYOK (Bring Your Own Key), your API key is transmitted directly to the selected provider and is subject to that provider's terms.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. We encourage you to review this policy periodically. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

14. Contact

If you have questions or concerns about this Privacy Policy or our data practices, contact us at support@runlobster.com.