OmaClaw Privacy Policy

Last updated: 2026-03-03 Operator / Controller: Yakumon Inc. / 株式会社ヤクモン Address: 〒150-0043 東京都渋谷区道玄坂1丁目10番8号渋谷道玄坂東急ビル2F-C Contact: contact@yakumon.com

1. Who we are

OmaClaw is an online service operated by Yakumon Inc. (“Yakumon,” “we,” “us,” or “our”) through the domain omaclaw.app. OmaClaw provides managed OpenClaw-based coding and AI-assisted terminal environments.

If you have questions about this Privacy Policy or would like to make a privacy-related request, please contact us at contact@yakumon.com.

2. Scope

This Privacy Policy applies to OmaClaw websites, applications, APIs, support communications, billing workflows, and related services that link to or reference this Privacy Policy.

3. Information we collect

We may collect the following categories of information.

3.1 Account and authentication information

• email address;
• internal user ID;
• authentication and session metadata;
• sign-in, sign-out, and security event records; and
• IP address and user agent associated with authentication and security events.

3.2 Billing and order information

• Lemon Squeezy order identifiers;
• purchased credit pack information;
• payment status, refunds, chargebacks, and tax-related metadata; and
• wallet balances and wallet ledger records.

3.3 AI usage information

To provide AI-assisted functionality, we may process prompts, responses, and related context transiently during request handling. We are designed not to retain separate raw prompt/response logs after processing completes.

We may retain limited metadata such as:

• model selection;
• token usage and cost metadata; and
• request and routing metadata needed to provide the service and account for usage.

3.4 Workspace and brain files

We may store user-controlled files and persistent workspace memory, including:

• AGENTS.md
• SOUL.md
• USER.md
• IDENTITY.md
• MEMORY.md
• memory/*.md

These files may include content that you create directly and, where you enable integrations, content derived from or synchronized with connected third-party services.

3.5 Encrypted state snapshots

To support environment restore, we may store encrypted snapshots of your OmaClaw/OpenClaw state, including encrypted snapshots of ~/.openclaw.

Those encrypted snapshots may contain user content, prompts, responses, conversation state, integration state, credentials you choose to store in the environment, configuration, and other restorable data maintained inside your user environment.

3.6 Connected third-party service information

If you connect third-party services or provide credentials, we may process information associated with those integrations, such as:

• connection metadata;
• granted scopes or permissions;
• service identifiers;
• encrypted or otherwise protected credentials or tokens, to the extent used by the environment or restore state; and
• content, messages, files, settings, or other data that become accessible through the permissions you grant.

3.7 Support and operational information

• support requests and correspondence;
• abuse-prevention, rate-limit, incident, and audit metadata; and
• limited service health and operational telemetry.

4. How we collect information

We collect information:

• directly from you when you sign up, configure, or use OmaClaw;
• automatically when you use the service;
• from payment events and order records provided by Lemon Squeezy;
• from infrastructure, storage, communications, and AI providers involved in delivering the service; and
• from third-party services that you choose to connect or authorize for use with OmaClaw.

5. How we use information

We use information to:

• create and manage accounts;
• authenticate users and secure sessions;
• provide managed terminal and AI-assisted environments;
• restore user workspaces and user state when restore features are enabled;
• measure usage and deduct prepaid credits;
• carry out user-authorized integrations and requested operations against connected services;
• prevent fraud, abuse, and unauthorized access;
• provide support and troubleshoot incidents;
• comply with legal, accounting, tax, and payment obligations; and
• enforce our Terms of Service and protect the service and other users.

6. AI processing, agent behavior, and our data-handling posture

6.1 Strict routing posture

OmaClaw is designed to operate with a strict provider-routing posture. We intend to configure our AI routing to:

• avoid providers or endpoints that train on prompts;
• require zero data retention (ZDR) endpoints where available and required by our configuration; and
• avoid permissive fallback behavior that could route traffic to providers or endpoints that do not meet our configured privacy requirements.

6.2 No separate raw prompt/response logs

We are designed not to retain separate raw prompt/response logs after processing completes.

6.3 Important limitation: persistent user state may still contain user content

Even if we do not retain separate raw prompt/response logs, your prompts, responses, or conversation context may still appear inside user-controlled files, connected-service state, or encrypted state snapshots if the underlying OmaClaw/OpenClaw environment stores them as part of your workspace or restorable state. In that case, the content is retained only as part of those encrypted artifacts and not as a separate prompt/response logging system.

6.4 Connected-service operations may affect external resources

If you connect third-party services, authorize OAuth scopes, upload credentials, or otherwise make external systems available to OmaClaw, OmaClaw, OpenClaw, and underlying agents may process data accessible under those permissions and may issue operations on your behalf.

Depending on the permissions you grant, those operations may include reading, creating, editing, sending, deleting, sharing, publishing, revoking, or otherwise changing data, messages, files, settings, secrets, or resources in connected services.

6.5 Human access

As an operational rule, we do not intentionally review the substance of your prompts, responses, workspace files, integration content, or snapshots except where reasonably necessary to:

• provide requested support;
• investigate abuse, fraud, or security incidents;
• comply with legal obligations; or
• protect the service and other users.

7. Legal bases (for users in the EEA, UK, or Switzerland)

Where applicable, we rely on one or more of the following legal bases:

• performance of a contract;
• legitimate interests, such as service security, abuse prevention, and service operation;
• compliance with legal obligations; and
• consent, where required by law.

8. Sharing and disclosures

We may share information with the following categories of recipients as necessary to provide OmaClaw:

• Fly.io for compute, networking, and infrastructure hosting;
• Cloudflare R2 for object storage;
• OpenRouter and selected downstream AI model providers for AI inference;
• connected third-party services that you choose to authorize or use through OmaClaw;
• Lemon Squeezy for payments, tax handling, refunds, and chargebacks as merchant of record;
• service providers that help us with email delivery, monitoring, security, and support, if and when used; and
• legal or regulatory authorities when required by law.

We do not sell your personal information.

9. International data transfers

OmaClaw may process data in multiple regions. Our primary control-plane region may be in the United States, and session workers may run in additional regions in order to provide the service. Data may therefore be transferred to and processed in countries other than your own.

Where required, we will use appropriate safeguards for cross-border transfers.

10. Retention

10.1 Account deletion

If you delete your account, we will remove your user content and encrypted snapshots from active systems without undue delay after deletion is processed, subject to the exceptions below.

10.2 No separate raw prompt/response log retention

We do not intend to keep separate raw prompt/response logs after processing completes.

10.3 Latest snapshot only

While your account is active, we intend to keep only the latest encrypted restore snapshot needed to provide restore functionality.

10.4 Legal, billing, fraud, and backup exceptions

Even if user content is removed from active systems, we may retain limited information for:

• legal compliance;
• accounting and tax obligations;
• fraud prevention;
• chargeback and payment dispute handling; and
• short-lived backup or disaster recovery rotation.

11. Security

We use administrative, technical, and organizational measures designed to protect information. These may include:

• encrypted state snapshots;
• per-workspace encryption keys or equivalent isolation controls;
• exact-key pre-signed URL access rather than broad bucket access for workers;
• restrictions intended to prevent workers from listing unrelated objects; and
• access control, audit logging, and incident response processes.

No security measure is perfect, and we cannot guarantee absolute security.

12. Cookies and similar technologies

OmaClaw is intended to use essential cookies only, such as cookies required for authentication, session management, security, and abuse prevention.

We do not intend to use advertising cookies or cross-site tracking cookies at launch.

13. Children

OmaClaw is intended only for users who are 18 years of age or older. We do not knowingly provide the service to anyone under 18.

14. Your rights

Depending on your location, you may have rights to request access, correction, deletion, portability, objection, restriction, or withdrawal of consent.

You may submit privacy-related requests to contact@yakumon.com. We may need to verify your identity before processing certain requests.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last updated” date and may provide additional notice where required by law.

16. Contact

For privacy questions or requests, contact: contact@yakumon.com