Privacy and data handling
Last updated Mar 31, 2026
MultiClaw does not collect usage telemetry. Your conversation content stays on your device unless you choose to sync it to a workspace. Below is a complete breakdown of what data MultiClaw holds, how long it is retained, and the rights you have over it.
No telemetry
The desktop app collects no usage analytics, feature statistics, or behavioural telemetry. There are no third-party analytics SDKs embedded in the app, and it does not transmit usage data to MultiClaw or any third party.
App logs
The desktop app continuously writes diagnostic and activity logs to a file on your device at ~/.multiclaw/logs/app.log. Logs record structured operational events (startup, connectivity changes, errors), not conversation content. You can open the log viewer from Settings → General, scroll to the App Logs card, and click Open Logs.
App logs are not uploaded automatically. You choose whether to share a log file with support.
Log files contain operational events including app version and OS identifier. They are not designed to contain conversation content or API keys.
Conversation content
Conversation content is stored locally on your device by default. MultiClaw does not use your conversation content to train, fine-tune, or evaluate AI models.
If you are connected to a workspace, conversations sync to MultiClaw Cloud. Synced conversations are encrypted in transit and at rest. MultiClaw processes this data on your behalf as a data processor.
When you run a task, your prompts and task context are sent to the LLM provider you have configured. See Data sharing below for details on how third parties handle your data.
Workflow recordings
The MultiClaw Chrome Extension captures browser interactions only during an active recording session that you start. The extension does not monitor your browsing activity at any other time and does not collect browsing history.
Recordings are stored locally on your device. If you upload a recording to MultiClaw Cloud, it is encrypted at rest.
See Browser extension security for full details on what the extension accesses and when.
Cookies and tracking
The desktop app does not use browser cookies. MultiClaw Cloud uses session cookies only, which are strictly necessary to keep you signed in.
The marketing website at multiclaw.io uses analytics cookies that require your consent before they are set. MultiClaw does not use advertising or retargeting cookies on any of its properties.
Data sharing
MultiClaw does not sell your personal data. Data is shared with third parties only in the following circumstances:
- LLM providers: when an agent runs a task, your prompts and task context are sent to the provider you configured (such as OpenAI, Anthropic, or Google). Those providers process data under their own terms and privacy policies.
- Infrastructure sub-processors: MultiClaw uses a limited set of third-party infrastructure providers (cloud hosting, database, email delivery) engaged under data processing agreements that restrict them to processing data only on MultiClaw's documented instructions.
- Legal requirements: MultiClaw may disclose personal data where required by applicable law, court order, or regulatory authority.
For the full list of sub-processors, see Subprocessors and third parties.
Personal data we collect
MultiClaw Cloud holds the following personal data about you.
| Data type | Purpose | Legal basis | Retention |
|---|---|---|---|
| Name and email address | Account creation and authentication | Performance of contract (GDPR Art. 6(1)(b)) | While your account is active; purged within 30 days of account deletion request |
| Workspace metadata (member list, agent names, audit logs) | Workspace operation and governance | Performance of contract (GDPR Art. 6(1)(b)) | While your account is active; purged within 30 days of account deletion request |
| IP address and user agent | Server access logs | Legitimate interests — security and abuse prevention (GDPR Art. 6(1)(f)) | 90 days |
Your data rights
You have the following rights under applicable data protection law (including GDPR and UK GDPR).
- Right to access: request a copy of your data at any time by emailing privacy@multiclaw.io.
- Right to erasure: request deletion of your account and associated data by emailing privacy@multiclaw.io. MultiClaw responds to deletion requests within one calendar month.
- Right to rectification: update your name or email address in Settings → General on the Account card.
- Right to portability: request a machine-readable export of the personal data you have provided to MultiClaw by emailing privacy@multiclaw.io.
- Right to restriction: request that MultiClaw limit processing of your data in certain circumstances (for example, while the accuracy of your data is being contested) by emailing privacy@multiclaw.io.
- Right to object: object to processing of your personal data where that processing is based on legitimate interests by emailing privacy@multiclaw.io.
Data retention summary
| Data | Retention period |
|---|---|
| Active account data | While your account is active |
| Deleted account data | Purged within 30 days of deletion request |
| Server access logs | 90 days |
| App logs | Stored locally at ~/.multiclaw/logs/; not uploaded unless you share them |
Delete your data
You can delete individual conversations from the desktop app at any time. To request deletion of all your personal data from MultiClaw Cloud, email privacy@multiclaw.io. After you close your account, you have 30 days to export your data before deletion begins.
See Data portability and export for export options.
Your responsibilities
MultiClaw protects your data in transit and at rest, but some aspects of privacy depend on your choices:
- Workspace sync: if you connect to a workspace, conversations sync to MultiClaw Cloud. To keep conversations entirely local, don't connect to a workspace.
- LLM provider selection: MultiClaw sends your prompts to the provider you choose. Review each provider's data-use policy before configuring an agent.
- Device security: local data (config, conversations, agent definitions) is protected by OS file permissions. Enable full-disk encryption to protect it from physical access.
For a full breakdown of where platform protections end and yours begin, see Shared responsibility model.
For deeper detail on related topics:
- Data encryption: the full encryption model for local and cloud data.
- Data residency and storage: where each type of data is stored.
- Privacy Policy: the full legal privacy policy.
Related articles
Data residency and storage
Workflow recordings and API keys stay local. Workspace data syncs to MultiClaw Cloud on AWS when you connect.
Data encryption
MultiClaw Cloud encrypts credentials and API keys with AES-256 and secures all traffic with TLS; local files are plain JSON protected only by OS file permissions.
How credentials and secrets are stored
API keys are encrypted in MultiClaw Cloud, auth tokens rely on OS file permissions, and session tokens live in memory only.