Data residency and storage
Last updated Mar 31, 2026
MultiClaw stores data in two places: your local machine and MultiClaw Cloud. Workflow recordings, API keys, and app configuration stay on your machine. Workspace metadata, agent definitions, and audit logs sync to the cloud when you connect to a workspace.
What stays local
This data stays on your machine and doesn't sync to MultiClaw Cloud:
- Workflow recordings: stored in
~/.openclaw/ - API keys: stored in
~/.openclaw/openclaw.json - App configuration: stored in
~/.openclaw/openclaw.json - Desktop app binary and cache: stored on your local filesystem
- Crash logs: stored locally and not transmitted to MultiClaw Cloud
What syncs to MultiClaw Cloud
When you connect to a workspace, this data syncs to the cloud:
- Workspace metadata: workspace name, member list, agent names, and settings
- Agent and skill definitions: stored locally in
~/.openclaw/and synced to enable team sharing and backup - Audit logs: a record of agent actions and approvals
- Usage events: a record of workspace activity used for operational monitoring
Conversation content
Where your conversation transcripts are stored depends on whether you're connected to a workspace.
If you are not connected to a workspace, all transcripts stay on your machine. Nothing syncs to the cloud.
If you are connected to a workspace, transcripts sync to MultiClaw Cloud. To keep conversation content local, don't connect to a workspace.
Cloud region and infrastructure
MultiClaw Cloud runs on AWS in the ap-southeast-2 region (Sydney, Australia). All cloud-synced workspace data and cloud desktops are hosted in this region.
For cross-border data transfers, MultiClaw relies on Standard Contractual Clauses (SCCs) for EU data subjects and the UK International Data Transfer Agreement (UK IDTA) for UK data subjects. See the Privacy Policy for details.
If your organisation processes personal data through MultiClaw and your users include EU or UK data subjects, you're entitled to a Data Processing Agreement (DPA) under GDPR Article 28 and UK GDPR. See Data Processing Agreement for how to request one.
If your organisation has specific data residency requirements beyond the current region, contact legal@multiclaw.io to discuss your needs.
Encryption at rest
Local files in ~/.openclaw/ — including config, conversations, and agent definitions — are stored as plain JSON, protected by OS file permissions. MultiClaw Cloud encrypts workspace data at rest using AWS-managed encryption keys, with additional AES-256 application-layer encryption for sensitive values like API keys.
See Data encryption for the full encryption model and how to protect local files with full-disk encryption.
Third-party data processing
When an agent runs a task, your prompts and task context are sent to the LLM provider you've configured (such as OpenAI, Anthropic, or Google). Those providers process data under their own terms of service and privacy policies. MultiClaw does not use your conversation content for model training.
For a list of third-party services that process data on MultiClaw's behalf, see Subprocessors and third parties.
Data retention
MultiClaw keeps cloud-synced data only as long as it's needed. The key retention periods are:
| Data | Retained for |
|---|---|
| Account data (name, email) | While your account is active; deleted within 30 days of account closure |
| Workspace and team data | While the workspace subscription is active; deleted within 30 days of cancellation |
| Server logs (IP, user agent) | 90 days |
| Synced conversations | Until you delete them or close your account |
| Audit logs | 1 year |
Local data — including workflow recordings, agent definitions, and config files — stays on your machine until you delete it. MultiClaw does not manage retention of local files.
See the Privacy Policy for the full retention schedule.
Delete cloud-synced data
You can delete individual conversations from the desktop app at any time. To request deletion of all your personal data from MultiClaw Cloud, email privacy@multiclaw.io.
After you close your account, you have 30 days to export your data before deletion begins. See Data portability and export for export options.
Related articles
Data encryption
MultiClaw Cloud encrypts credentials and API keys with AES-256 and secures all traffic with TLS; local files are plain JSON protected only by OS file permissions.
Privacy policy
A plain-language summary of what data MultiClaw collects, how it is used, and how to exercise your privacy rights.
Data processing agreement
How to request a DPA, what it covers, and when it is required.