ClawClientX Privacy Policy

A client app for the OpenClaw self-hosted AI gateway.

Effective date: May 31, 2026
Developer: bidbuddyai (Chase Tinsley)
Application: ClawClientX com.bidbuddyai.clawclientx
Platforms: iOS, Android, Windows, macOS Tauri 2 + React

ClawClientX is built to talk to a server you run. The developer operates no backend, runs no account system, and receives none of your data. In plain terms: your conversations, files, and credentials live on your device and on the OpenClaw gateway you control, not with us.

Summary

No developer server. We operate no backend and cannot see your chats, files, settings, or credentials.
No analytics, telemetry, ads, or crash reporting. The app contains no tracking or usage-collection software of any kind.
Your gateway is the destination. Chat content, attachments, voice text, photos, and (only with your permission) device data flow between your device and your own OpenClaw server.
One exception to "your server only": when you browse the optional ClawHub skill catalog, the app contacts three third-party services (ClawHub, a Convex backend, and a VirusTotal link) to show skill listings and malware-scan results. Details below.
Credentials are stored locally and unencrypted. Your gateway token, device pairing tokens, and device signing key are saved in your device's local app storage in plain text. They are never sent to the developer. Please read the security section.

1. Who we are

ClawClientX is developed and published by bidbuddyai (Chase Tinsley) ("we," "us," "the developer"). ClawClientX ("the app") is a client application for OpenClaw, a self-hosted AI gateway. The app is distributed for iOS, Android, Windows, and macOS, and is built with Tauri 2 and React.

We are the author of the app software. We are not the operator of any server that processes your conversations. There is no "ClawClientX account," no sign-up with us, and no developer-hosted database, cloud, or API that your activity passes through.

2. How ClawClientX works (and why that matters for privacy)

ClawClientX is a thin client to a server you own. You point the app at your own OpenClaw gateway by entering its address (for example wss://your-server.local), then authenticate with a password or token and approve the device through OpenClaw's device-pairing flow. From that point on, the app's interactive features, including chat, sessions, skills, model selection, cron jobs, hooks, configuration, and node commands, communicate over an encrypted WebSocket connection directly with your gateway.

Because the gateway is infrastructure you run and control, the privacy of the data you process through it (your chats, the AI models you use, the files you send) is governed by how you have configured and secured that server. This policy covers what the ClawClientX app does. It does not and cannot govern what your OpenClaw server, the AI models it routes to, or any skills you install on it do with your data. You should review the practices of your own gateway and any model providers it connects to.

3. What the developer collects: nothing

We have verified against the app's source code that the developer collects no personal data. Specifically, the app contains:

No first-party backend or API. There is no developer-operated server for the app to send your data to.
No analytics or usage tracking. There is no Google Analytics, Firebase, Segment, Mixpanel, Amplitude, PostHog, Datadog, or similar. The app sends no usage pings or event data anywhere.
No crash or error reporting. There is no Crashlytics, Sentry, Bugsnag, or similar. Runtime and connection errors are shown only in the app's own interface and local console; nothing about errors leaves your device.
No advertising, ad SDKs, advertising identifiers, or device fingerprinting.
No third-party tracking SDKs. The app's libraries are user-interface and runtime components only; none "phone home."

The app does keep one purely local counter: it counts how many messages you have sent so it can occasionally prompt you to leave an app-store review. That count lives only in your device's local storage and is never transmitted anywhere.

4. Data you send to your own gateway

When you use the app, the following information travels between your device and the OpenClaw gateway you have connected to. It does not pass through the developer:

Your gateway address and credentials. Your server URL, and the password or token plus a device signature used to authenticate, are sent to your gateway during connection. Credentials are sent only to the host you configured.
Chat messages and AI responses for your sessions, sent and streamed over the WebSocket connection.
Files and images you attach or paste into chat. These are read into memory and sent inline within your chat message to your gateway.
In-chat camera photos you capture, when you use the camera feature, sent to your gateway as part of the conversation.
Media you view. When chat content references an image or video hosted on your gateway, the app fetches it from your gateway's media endpoint. Before attaching your bearer token to that request, the app verifies that the media host exactly matches your configured server, so your token is never sent to a different host.
Device data, only if you enable "node" mode. ClawClientX can act as a paired node that runs commands your gateway requests. Node mode is off until you turn it on. Once you turn it on, some commands are enabled by default (including device info and clipboard read) while the most sensitive ones stay off until you enable them. Depending on which commands are active, the following may be read on demand and sent to your gateway: clipboard text, basic device info (browser/OS user-agent, language, CPU core count, touch-point count), GPS location, and battery/memory status. See Device permissions for exactly which commands are on by default, including the important note that clipboard read and device info are enabled by default once node mode is on.

All of the above is governed by your gateway and your configuration, not by us. We never receive a copy.

5. Third-party services: the ClawHub skill catalog

Please read The ClawHub skill browser is the one part of the app that contacts servers other than your own gateway. It does so only when you choose to use that feature.

ClawClientX includes an optional browser for the public ClawHub skill registry. When, and only when, you open the ClawHub skill browser or type in its search box, the app makes requests to the following third parties, which are not operated by you and not operated by the developer:

Service	What is sent	When it happens
ClawHub registry `clawhub.ai`	Your search-box text and the skill identifiers (slugs) you view. No login or token is sent.	When you open the ClawHub skill list, run a search, or open a skill's detail page.
Convex backend `wry-manatee-359.convex.cloud`	A skill's identifier (slug) and the skill file's SHA-256 hash, used to retrieve VirusTotal malware-scan verdicts for that skill.	When you open a ClawHub skill's detail view.
VirusTotal `virustotal.com`	Nothing automatically. The app builds a clickable link to the scan results for a skill's file hash.	Only if you click that link, which opens in your system browser.

These requests carry only what is described above (search terms, skill slugs, and file hashes). They do not include your chat content, your gateway address, your credentials, or any account identifier. If you never open the ClawHub skill browser, the app makes no requests to these services.

Note that installing a skill does not generate third-party traffic from the app: an install instruction is sent to your own gateway, which performs the installation server-side.

The app also contains static help links to docs.openclaw.ai. These open in your system browser only when you click them, and the only information involved is the web address itself. Your use of any third-party site is subject to that site's own privacy practices, which we do not control.

6. Data stored on your device

ClawClientX stores certain information locally so the app remembers your setup between launches. This data stays in your device's local app storage. It is not sent to the developer. It includes:

Connection credentials (sensitive): your gateway authentication token or password.
Device pairing tokens (sensitive): per-server tokens issued during OpenClaw device pairing.
Your device signing key (sensitive): an Ed25519 private key, its public key, and a device identifier, used to sign your device's connection handshakes.
Settings and preferences: theme, color palette and accent, button and radius styling, optional logo URL, your saved server profiles (name, server URL, authentication mode, device name, node settings), the active profile, pinned and collapsed session groupings, sidebar state, panel and canvas widths, and feature toggles such as thinking mode, fast mode, streaming on/off, and notifications on/off.
Per-profile interface state: pinned sessions and collapsed session groups for each profile.
Local entitlement state: your Pro/trial status and related records. This is stored only on your device and is never transmitted.
The local review-prompt counter described above (a message count only).

The sensitive items above are important. Please see the security section.

7. What is not persisted

The app deliberately keeps the following in memory only, so it is not written to the persisted settings store and is gone when the app closes:

Your chat sessions list and message content. These are not saved to the persisted store; they are re-fetched from your gateway when you reconnect.
Streaming text, tool-call state, subagent state, approval prompts, and queued messages.
Files and images you attach or paste. They are held in memory and sent in your chat message, not written to the persisted store.
Camera photos and geolocation results. Produced on demand and sent to your gateway; not stored locally by the app.
Voice audio and transcripts. Speech-to-text and text-to-speech run entirely on your device through your platform's built-in Web Speech capabilities. The app does not save your audio or transcripts and does not send them to any third-party speech cloud.

One clarification about credentials. Your gateway token is excluded from the app's main persisted settings blob, and the app actively removes any legacy copy of the token from that blob. However, this does not make the token ephemeral: it is instead stored separately in your device's local app storage (in plain text, as described in the next section). In short, your credentials are kept on your device between launches; they are simply held outside the main settings blob. They are never sent to the developer.

8. Security of stored credentials

Important security notice The current version of ClawClientX stores your gateway token, device pairing tokens, and device signing private key in your device's local app storage in plain text (unencrypted). These secrets never leave your device and are never sent to the developer, but they are not encrypted at rest in this release.

What this means for you:

Anyone with access to your unlocked device, or to the app's local storage on that device, could read these values. Treat your device's own lock screen, disk encryption, and account security as the primary protection for these secrets.
Because your device signing key and tokens grant access to your OpenClaw gateway, you should protect the device accordingly and, if a device is lost or compromised, rotate or revoke the relevant tokens and re-pair from your gateway.
You can remove these stored secrets at any time by clearing the app's local data or uninstalling the app (see Deleting your data).

Connections to your gateway use a WebSocket transport. The app accepts either an encrypted wss:// (TLS) address or a plain, unencrypted ws:// address for your gateway. If you configure a ws:// address, traffic between the app and your gateway is not encrypted in transit. We strongly recommend a wss:// address so that data in transit between the app and your server is protected. The security of the server itself, and of the network between your device and it, is under your control.

We may move these secrets into operating-system secure storage (such as a system keyring or secure enclave) in a future release. Any such change will be reflected in an updated version of this policy.

9. Device permissions

ClawClientX requests device permissions only to support specific features, and only when you use them. Where the platform shows a permission prompt, you may decline it; the related feature simply will not function.

Features that may request a permission at the moment you use them

Camera — to take an in-chat photo to include in a conversation.
Microphone and speech recognition — for voice input (speech-to-text), which runs on your device.
Location — only if you enable the node location command, to provide your device's GPS position to your own gateway on request.
Clipboard — to read or write clipboard text, used by paste and by node clipboard commands.
Notifications — to show notifications you have enabled.
Battery/memory status — to report device status to your gateway when the corresponding node command is enabled.

Node command permission model

When you enable "node" mode, your device can run a defined set of commands requested by your paired gateway. Sensitive commands are off by default and must be turned on by you: location, camera, photos access, and reading notifications are all disabled by default. The following are enabled by default once node mode is on: device status, device info (which returns user-agent, language, CPU core count, and touch-point count), showing notifications, clipboard read, clipboard write, and canvas commands.

Note Clipboard read is enabled by default once node mode is turned on. That means a gateway you have paired could read your device clipboard text by default. If you do not want this, disable the clipboard command in the node settings or do not enable node mode.

Desktop (Windows and macOS)

On desktop, the app declares only the following native capabilities: read and write clipboard text, open http/https links in your system browser, and show notifications.

Mobile (iOS and Android)

On mobile, camera, microphone, location, and notification access are requested by the operating system at the time you first use the related feature, and you may grant or deny them through your device's standard permission prompts. Each platform's app-store privacy disclosures (Apple App Privacy and Google Play Data Safety) accompany the app listing and describe the permissions for that build.

10. Purchases and ClawClientX Pro

ClawClientX currently ships free. There are no live in-app purchases or subscriptions. A "ClawClientX Pro" entitlement layer exists in the app, but billing is disabled in this release, and the Pro/trial status is tracked only locally on your device and never transmitted.

If paid features are introduced in the future, purchases would be processed by the platform's own store (for example, the Apple App Store or Google Play). In that case, the relevant app store, not the developer, would handle your payment information under its own privacy policy, and this policy would be updated to describe what, if anything, the app receives.

11. Children's privacy

ClawClientX is a developer and power-user tool intended for a general adult audience. It is not directed to children, and we do not knowingly collect personal information from children. Because the developer operates no backend and collects no data, we hold no personal information about any user, including children. If you are a parent or guardian and believe a child has used the app on your device, you can remove all locally stored data by clearing the app's data or uninstalling it. Your gateway is separately under your control.

12. Deleting your data

Because the developer stores none of your data, there is nothing for us to delete and no request to make of us. You control deletion entirely:

Clear local app data: resetting or clearing the app's local data, or signing out / removing a server profile within the app, removes the corresponding stored settings and credentials from your device.
Uninstall the app: uninstalling ClawClientX removes the app's local storage, including your saved credentials, device signing key, profiles, and preferences, from that device.
Revoke device access at your gateway: to invalidate a paired device, revoke or rotate its token from your OpenClaw server.
Conversation history: your chat sessions and messages live on your gateway, not in the app's persisted store. Delete them through your gateway.

13. Your choices and rights

Privacy and data-protection laws in some regions (for example, the GDPR in the European Economic Area and the United Kingdom, and the CCPA/CPRA in California) give individuals rights over their personal data, such as the rights to access, correct, delete, or port it. These rights are exercised against the party that controls or processes the data.

For ClawClientX specifically, the developer is not a controller or processor of your personal data, because the developer holds none. Data you process lives on your own device and on the OpenClaw gateway you operate, so you are able to exercise these rights directly by managing that data yourself, as described in Deleting your data. For data held on your gateway or processed by AI model providers your gateway connects to, direct your requests to those parties. We do not sell or share personal data, because we do not collect any.

14. Changes to this policy

We may update this Privacy Policy to reflect changes in the app or for legal, operational, or clarity reasons. When we do, we will revise the "Effective date" at the top of this page and post the updated policy at the same location. Material changes, such as the introduction of any data collection or a change to how credentials are stored, will be described in the updated policy. Your continued use of the app after an update takes effect constitutes acceptance of the revised policy.

15. Contact

Questions about this policy or the app's privacy practices can be sent to:

bidbuddyai (Chase Tinsley)
Email: support@bidbuddyai.com