[{"data":1,"prerenderedAt":1408},["ShallowReactive",2],{"help-category-\u002Fsecurity-privacy\u002Fdata-residency-and-storage":3,"help-article-\u002Fsecurity-privacy\u002Fdata-residency-and-storage":4,"related-articles-\u002Fsecurity-privacy\u002Fdata-residency-and-storage":325},[],{"id":5,"title":6,"body":7,"category":307,"description":308,"draft":309,"extension":310,"meta":311,"navigation":312,"order":313,"path":314,"relatedArticles":315,"seo":319,"slug":320,"stem":321,"updatedAt":322,"__hash__":323,"excerpt":308,"searchText":324},"help\u002Fhelp\u002Fsecurity-privacy\u002F05.data-residency-and-storage.md","Data residency and storage",{"type":8,"value":9,"toc":295},"minimark",[10,19,24,27,68,72,75,104,108,111,118,124,128,139,148,156,168,172,178,186,190,193,201,205,208,267,270,276,280,287],[11,12,13,14,18],"p",{},"MultiClaw stores data in two places: your local machine and ",[15,16,17],"strong",{},"MultiClaw Cloud",". Workflow recordings, API keys, and app configuration stay on your machine. Workspace metadata, agent definitions, and audit logs sync to the cloud when you connect to a workspace.",[20,21,23],"h2",{"id":22},"what-stays-local","What stays local",[11,25,26],{},"This data stays on your machine and doesn't sync to MultiClaw Cloud:",[28,29,30,41,49,56,62],"ul",{},[31,32,33,36,37],"li",{},[15,34,35],{},"Workflow recordings",": stored in ",[38,39,40],"code",{},"~\u002F.openclaw\u002F",[31,42,43,36,46],{},[15,44,45],{},"API keys",[38,47,48],{},"~\u002F.openclaw\u002Fopenclaw.json",[31,50,51,36,54],{},[15,52,53],{},"App configuration",[38,55,48],{},[31,57,58,61],{},[15,59,60],{},"Desktop app binary and cache",": stored on your local filesystem",[31,63,64,67],{},[15,65,66],{},"Crash logs",": stored locally and not transmitted to MultiClaw Cloud",[20,69,71],{"id":70},"what-syncs-to-multiclaw-cloud","What syncs to MultiClaw Cloud",[11,73,74],{},"When you connect to a workspace, this data syncs to the cloud:",[28,76,77,83,92,98],{},[31,78,79,82],{},[15,80,81],{},"Workspace metadata",": workspace name, member list, agent names, and settings",[31,84,85,88,89,91],{},[15,86,87],{},"Agent and skill definitions",": stored locally in ",[38,90,40],{}," and synced to enable team sharing and backup",[31,93,94,97],{},[15,95,96],{},"Audit logs",": a record of agent actions and approvals",[31,99,100,103],{},[15,101,102],{},"Usage events",": a record of workspace activity used for operational monitoring",[20,105,107],{"id":106},"conversation-content","Conversation content",[11,109,110],{},"Where your conversation transcripts are stored depends on whether you're connected to a workspace.",[11,112,113,114,117],{},"If you are ",[15,115,116],{},"not connected to a workspace",", all transcripts stay on your machine. Nothing syncs to the cloud.",[11,119,113,120,123],{},[15,121,122],{},"connected to a workspace",", transcripts sync to MultiClaw Cloud. To keep conversation content local, don't connect to a workspace.",[20,125,127],{"id":126},"cloud-region-and-infrastructure","Cloud region and infrastructure",[11,129,130,131,134,135,138],{},"MultiClaw Cloud runs on ",[15,132,133],{},"AWS"," in the ",[15,136,137],{},"ap-southeast-2"," region (Sydney, Australia). All cloud-synced workspace data and cloud desktops are hosted in this region.",[11,140,141,142,147],{},"For cross-border data transfers, MultiClaw relies on Standard Contractual Clauses (SCCs) for EU data subjects and the UK International Data Transfer Agreement (UK IDTA) for UK data subjects. See the ",[143,144,146],"a",{"href":145},"\u002Fhelp\u002Flegal-compliance\u002Fprivacy-policy","Privacy Policy"," for details.",[11,149,150,151,155],{},"If your organisation processes personal data through MultiClaw and your users include EU or UK data subjects, you're entitled to a Data Processing Agreement (DPA) under GDPR Article 28 and UK GDPR. See ",[143,152,154],{"href":153},"\u002Fhelp\u002Flegal-compliance\u002Fdata-processing-agreement","Data Processing Agreement"," for how to request one.",[157,158,160],"callout",{"type":159},"note",[11,161,162,163,167],{},"If your organisation has specific data residency requirements beyond the current region, contact ",[143,164,166],{"href":165},"mailto:legal@multiclaw.io","legal@multiclaw.io"," to discuss your needs.",[20,169,171],{"id":170},"encryption-at-rest","Encryption at rest",[11,173,174,175,177],{},"Local files in ",[38,176,40],{}," — including config, conversations, and agent definitions — are stored as plain JSON, protected by OS file permissions. MultiClaw Cloud encrypts workspace data at rest using AWS-managed encryption keys, with additional AES-256 application-layer encryption for sensitive values like API keys.",[11,179,180,181,185],{},"See ",[143,182,184],{"href":183},"\u002Fhelp\u002Fsecurity-privacy\u002Fdata-encryption","Data encryption"," for the full encryption model and how to protect local files with full-disk encryption.",[20,187,189],{"id":188},"third-party-data-processing","Third-party data processing",[11,191,192],{},"When an agent runs a task, your prompts and task context are sent to the LLM provider you've configured (such as OpenAI, Anthropic, or Google). Those providers process data under their own terms of service and privacy policies. MultiClaw does not use your conversation content for model training.",[11,194,195,196,200],{},"For a list of third-party services that process data on MultiClaw's behalf, see ",[143,197,199],{"href":198},"\u002Fhelp\u002Flegal-compliance\u002Fsubprocessors-and-third-parties","Subprocessors and third parties",".",[20,202,204],{"id":203},"data-retention","Data retention",[11,206,207],{},"MultiClaw keeps cloud-synced data only as long as it's needed. The key retention periods are:",[209,210,211,224],"table",{},[212,213,214],"thead",{},[215,216,217,221],"tr",{},[218,219,220],"th",{},"Data",[218,222,223],{},"Retained for",[225,226,227,236,244,252,260],"tbody",{},[215,228,229,233],{},[230,231,232],"td",{},"Account data (name, email)",[230,234,235],{},"While your account is active; deleted within 30 days of account closure",[215,237,238,241],{},[230,239,240],{},"Workspace and team data",[230,242,243],{},"While the workspace subscription is active; deleted within 30 days of cancellation",[215,245,246,249],{},[230,247,248],{},"Server logs (IP, user agent)",[230,250,251],{},"90 days",[215,253,254,257],{},[230,255,256],{},"Synced conversations",[230,258,259],{},"Until you delete them or close your account",[215,261,262,264],{},[230,263,96],{},[230,265,266],{},"1 year",[11,268,269],{},"Local data — including workflow recordings, agent definitions, and config files — stays on your machine until you delete it. MultiClaw does not manage retention of local files.",[11,271,272,273,275],{},"See the ",[143,274,146],{"href":145}," for the full retention schedule.",[20,277,279],{"id":278},"delete-cloud-synced-data","Delete cloud-synced data",[11,281,282,283,200],{},"You can delete individual conversations from the desktop app at any time. To request deletion of all your personal data from MultiClaw Cloud, email ",[143,284,286],{"href":285},"mailto:privacy@multiclaw.io","privacy@multiclaw.io",[11,288,289,290,294],{},"After you close your account, you have 30 days to export your data before deletion begins. See ",[143,291,293],{"href":292},"\u002Fhelp\u002Flegal-compliance\u002Fdata-portability-and-export","Data portability and export"," for export options.",{"title":296,"searchDepth":297,"depth":297,"links":298},"",2,[299,300,301,302,303,304,305,306],{"id":22,"depth":297,"text":23},{"id":70,"depth":297,"text":71},{"id":106,"depth":297,"text":107},{"id":126,"depth":297,"text":127},{"id":170,"depth":297,"text":171},{"id":188,"depth":297,"text":189},{"id":203,"depth":297,"text":204},{"id":278,"depth":297,"text":279},"security-privacy","Workflow recordings and API keys stay local. Workspace data syncs to MultiClaw Cloud on AWS when you connect.",false,"md",{},true,5,"\u002Fsecurity-privacy\u002Fdata-residency-and-storage",[316,317,318],"security-privacy\u002Fdata-encryption","legal-compliance\u002Fprivacy-policy","legal-compliance\u002Fdata-processing-agreement",{"title":6,"description":308},"data-residency-and-storage","help\u002Fsecurity-privacy\u002F05.data-residency-and-storage","2026-03-31","c80Kwl2mnNM_vd7HyxaMSi1UvbDq6XVGGnv6JUBwhQI","Data residency and storage Workflow recordings and API keys stay local. Workspace data syncs to MultiClaw Cloud on AWS when you connect.",[326,743,1130],{"id":327,"title":184,"body":328,"category":307,"description":729,"draft":309,"extension":310,"meta":730,"navigation":312,"order":731,"path":732,"relatedArticles":733,"seo":738,"slug":739,"stem":740,"updatedAt":322,"__hash__":741,"excerpt":729,"searchText":742},"help\u002Fhelp\u002Fsecurity-privacy\u002F04.data-encryption.md",{"type":8,"value":329,"toc":714},[330,333,337,342,390,395,436,438,443,453,456,462,465,475,478,482,485,553,557,560,563,566,570,573,604,608,611,679,683,696,702,708],[11,331,332],{},"MultiClaw encrypts credentials and API keys stored in MultiClaw Cloud and secures all external traffic in transit with TLS. Your local OpenClaw config file, conversation history, and agent definitions are stored as plain text on your device, protected only by OS file permissions.",[20,334,336],{"id":335},"protection-overview","Protection overview",[11,338,339],{},[15,340,341],{},"On your device:",[209,343,344,353],{},[212,345,346],{},[215,347,348,350],{},[218,349,220],{},[218,351,352],{},"Protection at rest",[225,354,355,365,373,383],{},[215,356,357,362],{},[230,358,359,360],{},"API keys and credentials in ",[38,361,48],{},[230,363,364],{},"Not encrypted (plain JSON, OS file permissions)",[215,366,367,370],{},[230,368,369],{},"Desktop app authentication bearer token",[230,371,372],{},"Not encrypted (WebView local storage)",[215,374,375,381],{},[230,376,377,378],{},"Conversations in ",[38,379,380],{},"~\u002F.openclaw\u002Fconversations\u002F",[230,382,364],{},[215,384,385,388],{},[230,386,387],{},"Agent definitions, skill files, workflow recordings",[230,389,364],{},[11,391,392],{},[15,393,394],{},"In MultiClaw Cloud (when connected to a workspace):",[209,396,397,405],{},[212,398,399],{},[215,400,401,403],{},[218,402,220],{},[218,404,352],{},[225,406,407,415,422,429],{},[215,408,409,412],{},[230,410,411],{},"LLM API keys and instance credentials",[230,413,414],{},"AWS disk encryption + application-layer AES-256",[215,416,417,419],{},[230,418,256],{},[230,420,421],{},"AWS disk encryption",[215,423,424,427],{},[230,425,426],{},"Synced agent definitions and skill files",[230,428,421],{},[215,430,431,434],{},[230,432,433],{},"Workspace and account metadata",[230,435,421],{},[20,437,171],{"id":170},[439,440,442],"h3",{"id":441},"local-device","Local device",[11,444,445,446,448,449,452],{},"Your local OpenClaw config file (",[38,447,48],{},") is stored as ",[15,450,451],{},"plain JSON"," on disk. It is not encrypted. Access is limited by OS file permissions. Only your user account can read the file.",[11,454,455],{},"The OpenClaw runtime stores all configuration as plain JSON files. MultiClaw reads and writes these files but does not apply its own encryption layer.",[11,457,458,459,461],{},"The desktop app's authentication bearer token is stored in the WebView's local storage. The bearer token is separate from the gateway workspace auth token, which is stored in ",[38,460,48],{}," alongside the API keys. Neither token is encrypted at rest on the local device.",[439,463,17],{"id":464},"multiclaw-cloud",[11,466,467,468,470,471,474],{},"Workspace data stored in MultiClaw Cloud is hosted on ",[15,469,133],{},", which encrypts storage volumes at rest using AWS-managed encryption keys. Sensitive values — such as LLM API keys and instance credentials — receive an additional layer of protection: they are encrypted at the application layer using ",[15,472,473],{},"AES-256"," before being stored. When MultiClaw Cloud syncs your configuration to a cloud desktop instance, it also encrypts API keys and credentials with AES-256-GCM in the sync payload, using a key derived from your instance token.",[11,476,477],{},"Application-layer encryption keys for credentials are managed by MultiClaw's infrastructure. Workspace members do not hold or control these keys.",[20,479,481],{"id":480},"encryption-in-transit","Encryption in transit",[11,483,484],{},"All traffic between MultiClaw components and external services travels over encrypted connections. The only exception is the link between the desktop app and the local OpenClaw gateway, which uses an unencrypted connection on localhost. This traffic never leaves your machine.",[209,486,487,497],{},[212,488,489],{},[215,490,491,494],{},[218,492,493],{},"Connection",[218,495,496],{},"Protocol",[225,498,499,510,521,532,542],{},[215,500,501,504],{},[230,502,503],{},"Desktop app ↔ MultiClaw Cloud (HTTP)",[230,505,506,509],{},[15,507,508],{},"HTTPS",": TLS 1.2 minimum, TLS 1.3 preferred",[215,511,512,515],{},[230,513,514],{},"Gateway ↔ MultiClaw Cloud (WebSocket)",[230,516,517,520],{},[15,518,519],{},"WSS"," (WebSocket Secure): TLS-encrypted",[215,522,523,526],{},[230,524,525],{},"Desktop app ↔ local OpenClaw gateway",[230,527,528,531],{},[15,529,530],{},"WS\u002FHTTP on localhost",": unencrypted, never leaves your machine",[215,533,534,537],{},[230,535,536],{},"Local gateway → LLM provider API",[230,538,539,541],{},[15,540,508],{},": TLS-encrypted",[215,543,544,547],{},[230,545,546],{},"Cloud desktop viewer (WebRTC)",[230,548,549,552],{},[15,550,551],{},"DTLS-SRTP",": standard encryption for peer-to-peer media",[20,554,556],{"id":555},"what-is-not-encrypted-locally","What is not encrypted locally",[11,558,559],{},"The local files listed in the protection overview use OS file permissions as their only protection. That's sufficient against remote access, but it doesn't protect against physical access to your device.",[11,561,562],{},"If your device is lost, stolen, or accessed by someone with your OS credentials, these files are readable. Full-disk encryption closes this gap.",[11,564,565],{},"When you connect to a workspace, conversations, agent definitions, and skill files sync to MultiClaw Cloud, where they receive AWS disk encryption.",[439,567,569],{"id":568},"enable-full-disk-encryption","Enable full-disk encryption",[11,571,572],{},"Full-disk encryption protects all files on your device, including the plain-text data listed above, from unauthorized physical access.",[28,574,575,585,598],{},[31,576,577,580,581,584],{},[15,578,579],{},"macOS",": Open ",[15,582,583],{},"System Settings → Privacy & Security → FileVault"," and turn FileVault on.",[31,586,587,580,590,593,594,597],{},[15,588,589],{},"Windows",[15,591,592],{},"Settings → Privacy & security → Device encryption",", or search for ",[15,595,596],{},"BitLocker"," on Pro and Enterprise editions.",[31,599,600,603],{},[15,601,602],{},"Linux",": Most distributions offer LUKS encryption during installation. If your disk is not already encrypted, back up your data and reinstall with the encryption option enabled.",[20,605,607],{"id":606},"shared-responsibility","Shared responsibility",[11,609,610],{},"MultiClaw encrypts your credentials and API keys in the cloud. Protecting your local device is your responsibility.",[209,612,613,626],{},[212,614,615],{},[215,616,617,620,623],{},[218,618,619],{},"Area",[218,621,622],{},"Who handles it",[218,624,625],{},"Protection",[225,627,628,639,649,659,670],{},[215,629,630,633,636],{},[230,631,632],{},"API keys and credentials in MultiClaw Cloud",[230,634,635],{},"MultiClaw",[230,637,638],{},"AES-256 application encryption + AWS disk encryption",[215,640,641,644,646],{},[230,642,643],{},"Cloud storage volumes",[230,645,133],{},[230,647,648],{},"AWS-managed disk encryption",[215,650,651,654,656],{},[230,652,653],{},"Traffic between MultiClaw and external services",[230,655,635],{},[230,657,658],{},"TLS 1.2+ for HTTP, WSS for WebSocket",[215,660,661,664,667],{},[230,662,663],{},"Local config, agent files, and conversations",[230,665,666],{},"You",[230,668,669],{},"OS file permissions + full-disk encryption",[215,671,672,675,677],{},[230,673,674],{},"Authentication tokens on your device",[230,676,666],{},[230,678,669],{},[439,680,682],{"id":681},"what-you-can-verify","What you can verify",[11,684,685,688,689,692,693,200],{},[15,686,687],{},"Full-disk encryption",": Check your OS settings using the instructions above. On macOS, look for \"FileVault: On\" in ",[15,690,691],{},"System Settings → Privacy & Security",". On Windows, look for \"Device encryption is on\" in ",[15,694,695],{},"Settings → Privacy & security",[11,697,698,701],{},[15,699,700],{},"Transit encryption",": All connections from the desktop app and Gateway to MultiClaw Cloud use HTTPS and WSS. You can confirm this with browser developer tools or a network monitoring tool — all external traffic will show TLS certificates issued to MultiClaw domains.",[11,703,704,707],{},[15,705,706],{},"Cloud encryption at rest",": Application-layer encryption of cloud-stored credentials is handled transparently by MultiClaw's infrastructure. You cannot inspect it directly — this is a trust boundary inherent to any cloud-hosted service.",[157,709,711],{"type":710},"tip",[11,712,713],{},"MultiClaw Cloud encrypts credentials and API keys stored in its database. Local files on your device — including config, conversations, and agent data — are not encrypted by MultiClaw. Full-disk encryption is the most effective way to protect them.",{"title":296,"searchDepth":297,"depth":297,"links":715},[716,717,722,723,726],{"id":335,"depth":297,"text":336},{"id":170,"depth":297,"text":171,"children":718},[719,721],{"id":441,"depth":720,"text":442},3,{"id":464,"depth":720,"text":17},{"id":480,"depth":297,"text":481},{"id":555,"depth":297,"text":556,"children":724},[725],{"id":568,"depth":720,"text":569},{"id":606,"depth":297,"text":607,"children":727},[728],{"id":681,"depth":720,"text":682},"MultiClaw Cloud encrypts credentials and API keys with AES-256 and secures all traffic with TLS; local files are plain JSON protected only by OS file permissions.",{},4,"\u002Fsecurity-privacy\u002Fdata-encryption",[734,735,736,737],"security-privacy\u002Fsecurity-overview","security-privacy\u002Fnetwork-security","security-privacy\u002Fhow-credentials-and-secrets-are-stored","security-privacy\u002Fdata-residency-and-storage",{"title":184,"description":729},"data-encryption","help\u002Fsecurity-privacy\u002F04.data-encryption","PS01Cx_PLkHKehAf_-QLVhM6_dJhqwlHYiJ4B5fUh18","Data encryption MultiClaw Cloud encrypts credentials and API keys with AES-256 and secures all traffic with TLS; local files are plain JSON protected only by OS file permissions.",{"id":744,"title":745,"body":746,"category":1114,"description":1115,"draft":309,"extension":310,"meta":1116,"navigation":312,"order":297,"path":1117,"relatedArticles":1118,"seo":1124,"slug":1125,"stem":1126,"updatedAt":1127,"__hash__":1128,"excerpt":1115,"searchText":1129},"help\u002Fhelp\u002Flegal-compliance\u002F02.privacy-policy.md","Privacy policy",{"type":8,"value":747,"toc":1099},[748,759,762,766,776,788,793,798,802,812,815,819,822,825,828,848,850,853,905,911,915,922,929,938,941,945,948,954,960,966,970,976,982,986,989,1033,1039,1043,1049,1053,1061,1065,1068,1071,1078,1082,1088,1092],[157,749,750],{"type":159},[11,751,752,753,200],{},"This article summarises the Privacy Policy in plain language. It is not a legal document. Read the full policy at ",[143,754,758],{"href":755,"rel":756},"https:\u002F\u002Fmulticlaw.io\u002Fprivacy",[757],"nofollow","multiclaw.io\u002Fprivacy",[11,760,761],{},"MultiClaw collects only what it needs to run the service, does not sell your data, and gives you control over your information. Below you'll find what is collected, who can access it, and how to exercise your rights.",[20,763,765],{"id":764},"what-is-collected","What is collected",[11,767,768,769,772,773,200],{},"When you create an account, MultiClaw stores your ",[15,770,771],{},"name"," and ",[15,774,775],{},"email address",[11,777,778,780,781,772,784,787],{},[15,779,81],{}," — such as workspace name, team membership, and role assignments — is stored on MultiClaw Cloud. ",[15,782,783],{},"IP addresses",[15,785,786],{},"browser user-agent strings"," appear in server logs and are retained for 90 days.",[11,789,790,792],{},[15,791,107],{}," is stored on MultiClaw Cloud only when you sync a conversation. If you keep conversations local, they never leave your device.",[11,794,795,797],{},[15,796,35],{}," created with the MultiClaw Chrome extension capture the sequence of browser actions (clicks, navigation, form inputs) during a recording session. The extension only records when you explicitly start a session and does not monitor your browsing at any other time.",[20,799,801],{"id":800},"what-is-not-collected","What is not collected",[11,803,804,805,808,809,811],{},"The ",[15,806,807],{},"MultiClaw desktop app"," does not collect telemetry or usage analytics. ",[15,810,66],{}," are saved only on your device and are never uploaded automatically.",[11,813,814],{},"MultiClaw does not collect payment card numbers or banking details directly. Payment processing is handled by a third-party payment processor under its own privacy policy.",[20,816,818],{"id":817},"how-data-is-used","How data is used",[11,820,821],{},"MultiClaw uses your data to run the service, authenticate you when you sign in, provision cloud desktops, and send service-related emails such as security alerts. MultiClaw does not send marketing emails without your explicit consent.",[11,823,824],{},"Audit logs record workspace activity to support governance and security oversight.",[11,826,827],{},"Each type of processing has a legal basis under GDPR:",[28,829,830,836,842],{},[31,831,832,835],{},[15,833,834],{},"Contract performance",": running the service, provisioning cloud desktops, generating agent responses",[31,837,838,841],{},[15,839,840],{},"Legitimate interests",": server log analysis for security, audit logs for governance, responding to support requests",[31,843,844,847],{},[15,845,846],{},"Consent",": analytics cookies on the marketing website and marketing emails (you can withdraw consent at any time)",[20,849,204],{"id":203},[11,851,852],{},"MultiClaw keeps your data only as long as it's needed. The main retention periods are:",[209,854,855,864],{},[212,856,857],{},[215,858,859,861],{},[218,860,220],{},[218,862,863],{},"Kept for",[225,865,866,873,880,886,892,899],{},[215,867,868,870],{},[230,869,232],{},[230,871,872],{},"Until you close your account, then deleted within 30 days",[215,874,875,877],{},[230,876,240],{},[230,878,879],{},"Until the workspace subscription ends, then deleted within 30 days",[215,881,882,884],{},[230,883,248],{},[230,885,251],{},[215,887,888,890],{},[230,889,256],{},[230,891,259],{},[215,893,894,897],{},[230,895,896],{},"Uploaded workflows",[230,898,259],{},[215,900,901,903],{},[230,902,96],{},[230,904,266],{},[11,906,289,907,147],{},[143,908,910],{"href":909},"\u002Fhelp\u002Faccount-billing\u002Fdelete-your-account","Delete your account",[20,912,914],{"id":913},"who-data-is-shared-with","Who data is shared with",[11,916,917,918,921],{},"MultiClaw uses a limited set of ",[15,919,920],{},"subprocessors"," to deliver the service. These include cloud hosting providers, database providers, and email delivery services.",[11,923,924,925,928],{},"Your conversation content is also transmitted to third-party ",[15,926,927],{},"AI model providers"," to generate agent responses. These providers are engaged under data processing agreements that prohibit using your data to train their models.",[11,930,931,932,937],{},"A list of subprocessors will be published at ",[143,933,936],{"href":934,"rel":935},"https:\u002F\u002Fmulticlaw.io\u002Flegal\u002Fsubprocessors",[757],"multiclaw.io\u002Flegal\u002Fsubprocessors"," when the service is generally available.",[11,939,940],{},"Your data is never sold to third parties.",[20,942,944],{"id":943},"ai-and-your-data","AI and your data",[11,946,947],{},"MultiClaw is an AI product, so it's worth understanding how your data interacts with AI systems.",[11,949,950,953],{},[15,951,952],{},"Your data is not used for training."," Neither MultiClaw nor its AI model providers use your conversations, instructions, or workflows to train, fine-tune, or evaluate AI models.",[11,955,956,959],{},[15,957,958],{},"You approve before agents act."," Agents draft a plan before executing any task. You review and approve the plan before the agent proceeds.",[11,961,962,965],{},[15,963,964],{},"Third-party interactions are governed by the third party."," When an agent browses a website or submits a form on your behalf, the data shared with that service is governed by the third party's own privacy policy.",[20,967,969],{"id":968},"cookies","Cookies",[11,971,804,972,975],{},[15,973,974],{},"multiclaw.io marketing website"," uses analytics cookies. A consent banner lets you accept or decline these before any cookie is set.",[11,977,804,978,981],{},[15,979,980],{},"MultiClaw Cloud web app"," uses session cookies only. No tracking or advertising cookies are used inside the product.",[20,983,985],{"id":984},"your-data-subject-rights","Your data subject rights",[11,987,988],{},"If you are in the EU, EEA, or UK, GDPR and UK GDPR give you the right to:",[28,990,991,997,1003,1009,1015,1021,1027],{},[31,992,993,996],{},[15,994,995],{},"Access"," your personal data",[31,998,999,1002],{},[15,1000,1001],{},"Correct"," inaccurate data",[31,1004,1005,1008],{},[15,1006,1007],{},"Erase"," your data",[31,1010,1011,1014],{},[15,1012,1013],{},"Restrict"," processing",[31,1016,1017,1020],{},[15,1018,1019],{},"Receive a portable copy"," of your data",[31,1022,1023,1026],{},[15,1024,1025],{},"Object"," to processing based on legitimate interests",[31,1028,1029,1032],{},[15,1030,1031],{},"Withdraw consent"," at any time when processing is based on consent (for example, analytics cookies or marketing emails)",[11,1034,1035,1036,1038],{},"To exercise any of these rights, email ",[143,1037,286],{"href":285},". MultiClaw will respond within one calendar month.",[20,1040,1042],{"id":1041},"international-data-transfers","International data transfers",[11,1044,1045,1046,147],{},"Your data is hosted on AWS infrastructure in the United States (US East region by default; EU region available on request). Transfers of personal data from the UK and EEA to the US rely on Standard Contractual Clauses (SCCs) and, for UK transfers, the UK International Data Transfer Agreement (IDTA). See the ",[143,1047,1048],{"href":153},"Data processing agreement",[20,1050,1052],{"id":1051},"right-to-complain","Right to complain",[11,1054,1055,1056,1060],{},"If you believe your personal data is being handled unlawfully, you can lodge a complaint with your supervisory authority. In the UK, contact the Information Commissioner's Office (ICO) at ",[143,1057,1058],{"href":1058,"rel":1059},"https:\u002F\u002Fico.org.uk",[757],". In the EU, contact your national data protection authority.",[20,1062,1064],{"id":1063},"security-and-compliance","Security and compliance",[11,1066,1067],{},"Data in transit is encrypted using TLS. Access to personal data is restricted to authorised personnel who need it to perform their role.",[11,1069,1070],{},"If a data breach is likely to affect your rights, MultiClaw will notify the relevant supervisory authority within 72 hours and will notify you directly without undue delay.",[11,1072,1073,1074,1077],{},"MultiClaw's privacy controls are designed in alignment with ",[15,1075,1076],{},"ISO\u002FIEC 27701",", the international standard for privacy information management.",[20,1079,1081],{"id":1080},"childrens-privacy","Children's privacy",[11,1083,1084,1085,1087],{},"MultiClaw is not intended for anyone under 16. If you believe a child under 16 has created an account, email ",[143,1086,286],{"href":285},", and MultiClaw will delete the data promptly.",[20,1089,1091],{"id":1090},"changes-to-the-policy","Changes to the policy",[11,1093,1094,1095,1098],{},"MultiClaw will give you ",[15,1096,1097],{},"30 days' notice"," before making any material change to the Privacy Policy. Notice is sent by email to the address on your account and posted on the website.",{"title":296,"searchDepth":297,"depth":297,"links":1100},[1101,1102,1103,1104,1105,1106,1107,1108,1109,1110,1111,1112,1113],{"id":764,"depth":297,"text":765},{"id":800,"depth":297,"text":801},{"id":817,"depth":297,"text":818},{"id":203,"depth":297,"text":204},{"id":913,"depth":297,"text":914},{"id":943,"depth":297,"text":944},{"id":968,"depth":297,"text":969},{"id":984,"depth":297,"text":985},{"id":1041,"depth":297,"text":1042},{"id":1051,"depth":297,"text":1052},{"id":1063,"depth":297,"text":1064},{"id":1080,"depth":297,"text":1081},{"id":1090,"depth":297,"text":1091},"legal-compliance","A plain-language summary of what data MultiClaw collects, how it is used, and how to exercise your privacy rights.",{},"\u002Flegal-compliance\u002Fprivacy-policy",[1119,318,1120,1121,1122,1123],"legal-compliance\u002Fterms-of-service","legal-compliance\u002Fcompliance-and-certifications","legal-compliance\u002Fsubprocessors-and-third-parties","legal-compliance\u002Fdata-portability-and-export","security-privacy\u002Fprivacy-and-data-handling",{"title":745,"description":1115},"privacy-policy","help\u002Flegal-compliance\u002F02.privacy-policy","2026-03-30","125HQqTSrjEYZlUQE5xdgpy2Hf_1P1JTE_MnctVXrH8","Privacy policy A plain-language summary of what data MultiClaw collects, how it is used, and how to exercise your privacy rights.",{"id":1131,"title":1048,"body":1132,"category":1114,"description":1399,"draft":309,"extension":310,"meta":1400,"navigation":312,"order":720,"path":1401,"relatedArticles":1402,"seo":1403,"slug":1404,"stem":1405,"updatedAt":1127,"__hash__":1406,"excerpt":1399,"searchText":1407},"help\u002Fhelp\u002Flegal-compliance\u002F03.data-processing-agreement.md",{"type":8,"value":1133,"toc":1389},[1134,1147,1160,1164,1167,1187,1190,1194,1215,1222,1226,1239,1242,1246,1249,1311,1316,1320,1323,1337,1340,1344,1353,1362,1366,1372,1386],[11,1135,1136,1137,1139,1140,1143,1144,200],{},"If your organisation processes personal data through MultiClaw, UK GDPR and EU GDPR require a ",[15,1138,154],{}," (DPA) between you and MultiClaw before that processing begins. A DPA is a contract under Article 28 that defines how MultiClaw, as the ",[15,1141,1142],{},"data processor",", handles personal data on your behalf as the ",[15,1145,1146],{},"data controller",[11,1148,1149,1150,1153,1154,1157,1158,1077],{},"MultiClaw provides a standard, pre-signed DPA to any organisation that needs one. The DPA includes ",[15,1151,1152],{},"EU Standard Contractual Clauses"," (SCCs) for EEA data transfers and the ",[15,1155,1156],{},"UK International Data Transfer Agreement"," (IDTA) for UK data transfers. Together, these mechanisms cover international transfers to MultiClaw's subprocessors. MultiClaw's security programme aligns with ",[15,1159,1076],{},[20,1161,1163],{"id":1162},"who-needs-a-dpa","Who needs a DPA",[11,1165,1166],{},"You need a DPA if your team uses MultiClaw to process personal data on behalf of your organisation. Common examples:",[28,1168,1169,1175,1181],{},[31,1170,1171,1174],{},[15,1172,1173],{},"Customer-facing agents"," that handle support tickets containing names, email addresses, or account details",[31,1176,1177,1180],{},[15,1178,1179],{},"Workflow automations"," that process employee records, HR data, or payroll information",[31,1182,1183,1186],{},[15,1184,1185],{},"Task outputs"," that generate or reference personal data from your connected tools",[11,1188,1189],{},"If your use of MultiClaw involves only non-personal data — for example, code generation with no personal identifiers — a DPA is not legally required. When in doubt, request one. There is no cost or downside.",[20,1191,1193],{"id":1192},"how-to-request-a-dpa","How to request a DPA",[1195,1196,1197,1202,1212],"ol",{},[31,1198,1199,1200,200],{},"Send an email to ",[143,1201,166],{"href":165},[31,1203,1204,1205,200],{},"Use the subject line: ",[15,1206,1207,1208],{},"DPA request — ",[1209,1210,1211],"span",{},"your workspace name",[31,1213,1214],{},"Include your organisation's legal entity name and registered address in the email body.",[11,1216,1217,1218,1221],{},"MultiClaw will process your request within ",[15,1219,1220],{},"5 business days"," and send you the pre-signed DPA for countersignature.",[439,1223,1225],{"id":1224},"after-you-receive-the-dpa","After you receive the DPA",[1195,1227,1228,1231,1236],{},[31,1229,1230],{},"Review the agreement with your legal or data protection team.",[31,1232,1233,1234,200],{},"Countersign the DPA and return it to ",[143,1235,166],{"href":165},[31,1237,1238],{},"MultiClaw confirms receipt and stores the executed copy on file.",[11,1240,1241],{},"The DPA remains in effect for as long as your organisation has an active MultiClaw subscription. If you cancel your subscription, the data-handling obligations in the DPA continue until all personal data is deleted or returned, as described in the agreement's deletion and return provisions.",[20,1243,1245],{"id":1244},"what-the-dpa-covers","What the DPA covers",[11,1247,1248],{},"The standard DPA covers all Article 28(3) requirements under UK GDPR and EU GDPR, including:",[28,1250,1251,1257,1263,1269,1275,1281,1287,1293,1299,1305],{},[31,1252,1253,1256],{},[15,1254,1255],{},"Subject matter and duration",": what data is processed and for how long",[31,1258,1259,1262],{},[15,1260,1261],{},"Nature and purpose of processing",": why and how MultiClaw processes the data",[31,1264,1265,1268],{},[15,1266,1267],{},"Type of personal data",": the categories of data involved",[31,1270,1271,1274],{},[15,1272,1273],{},"Categories of data subjects",": the people whose data is processed",[31,1276,1277,1280],{},[15,1278,1279],{},"Obligations and rights of the controller",": your responsibilities and entitlements as the data controller",[31,1282,1283,1286],{},[15,1284,1285],{},"Security measures",": the technical and organisational measures MultiClaw implements to protect the data",[31,1288,1289,1292],{},[15,1290,1291],{},"Subprocessor restrictions",": conditions under which MultiClaw may engage subprocessors and notification obligations",[31,1294,1295,1298],{},[15,1296,1297],{},"Data subject rights assistance",": how MultiClaw assists you in responding to data subject requests",[31,1300,1301,1304],{},[15,1302,1303],{},"Audit rights",": your right to conduct or commission audits of MultiClaw's processing activities",[31,1306,1307,1310],{},[15,1308,1309],{},"Deletion and return",": how data is handled at the end of the contract",[11,1312,1313,1314,200],{},"For a full list of third-party subprocessors covered by the SCCs and IDTA, see ",[143,1315,199],{"href":198},[20,1317,1319],{"id":1318},"international-transfer-mechanisms","International transfer mechanisms",[11,1321,1322],{},"When personal data moves between countries, UK GDPR and EU GDPR require specific legal safeguards. The standard DPA includes two transfer mechanisms:",[28,1324,1325,1331],{},[31,1326,1327,1330],{},[15,1328,1329],{},"EU Standard Contractual Clauses (SCCs)",": pre-approved contract clauses adopted by the European Commission that authorise transfers of personal data from the EEA to countries without an adequacy decision. The DPA incorporates the current Module 2 (controller-to-processor) SCCs.",[31,1332,1333,1336],{},[15,1334,1335],{},"UK International Data Transfer Agreement (IDTA)",": the UK equivalent of SCCs, approved by the UK Information Commissioner's Office (ICO) for transfers from the UK to countries without UK adequacy regulations.",[11,1338,1339],{},"These mechanisms apply automatically to any personal data transferred to MultiClaw's subprocessors outside the EEA or UK. You don't need to sign a separate transfer agreement — the DPA covers international transfers by default.",[20,1341,1343],{"id":1342},"controller-vs-processor-roles","Controller vs processor roles",[11,1345,1346,1347,1349,1350,1352],{},"MultiClaw acts as a ",[15,1348,1142],{}," for data you store in your workspace — for example, task content, agent outputs, and team member activity. You remain the ",[15,1351,1146],{}," for that data.",[11,1354,1355,1356,1358,1359,1361],{},"For personal data MultiClaw collects about its own account holders — such as login credentials and contact details — MultiClaw acts as the ",[15,1357,1146],{},". That processing is covered by the ",[143,1360,146],{"href":145},", not the DPA.",[20,1363,1365],{"id":1364},"custom-terms","Custom terms",[11,1367,1368,1369,1371],{},"If your organisation requires provisions beyond the standard DPA, contact ",[143,1370,166],{"href":165}," to discuss custom terms. Common reasons for custom terms include:",[28,1373,1374,1377,1380,1383],{},[31,1375,1376],{},"Additional data residency requirements beyond the standard subprocessor locations",[31,1378,1379],{},"Specific audit procedures or timelines required by your industry regulator",[31,1381,1382],{},"Enhanced breach notification commitments, such as shorter notification windows",[31,1384,1385],{},"Supplementary security measures required by your organisation's compliance framework",[11,1387,1388],{},"Custom term requests take longer to process than standard DPA requests, as they require legal review on both sides. Include your specific requirements in the initial email so MultiClaw's legal team can assess the scope upfront.",{"title":296,"searchDepth":297,"depth":297,"links":1390},[1391,1392,1395,1396,1397,1398],{"id":1162,"depth":297,"text":1163},{"id":1192,"depth":297,"text":1193,"children":1393},[1394],{"id":1224,"depth":720,"text":1225},{"id":1244,"depth":297,"text":1245},{"id":1318,"depth":297,"text":1319},{"id":1342,"depth":297,"text":1343},{"id":1364,"depth":297,"text":1365},"How to request a DPA, what it covers, and when it is required.",{},"\u002Flegal-compliance\u002Fdata-processing-agreement",[317,1120,1121,1123],{"title":1048,"description":1399},"data-processing-agreement","help\u002Flegal-compliance\u002F03.data-processing-agreement","-KM6rSXnSL5xfTAwjBSGveQvwK1ieX4yZ2wIEhnu0_U","Data processing agreement How to request a DPA, what it covers, and when it is required.",1778463887834]