Privacy Policy

Last updated: February 2026

What We Collect

Let me be honest with you (unlike most privacy policies). Here's what the BotsChat hosted console (console.botschat.app) collects:

Account Information

  • Email address — from your Google or GitHub OAuth login. We don't ask for your password (we don't want it, trust me).
  • Display name and avatar — whatever your OAuth provider gives us.
  • User ID — a random string we generate. Looks like u_xxxxxxxxxxxx. Not very exciting.

Chat Data

  • Messages — stored in Cloudflare D1. If you enable E2E encryption (and you should), the server only stores ciphertext it literally cannot read. I cannot read it. auxten cannot read it. Nobody can. That's the whole point.
  • Task prompts and job summaries — same deal: encrypted if E2E is on, plaintext if it's off.
  • Channel metadata — names, descriptions, creation dates. Not encrypted (it's metadata, calm down).

Connection Data

  • Pairing tokens — used to authenticate your OpenClaw gateway. Stored hashed.
  • WebSocket connection state — ephemeral, lives in a Durable Object, gone when you disconnect.

Analytics

  • Google Analytics (GA4) — on the landing page (botschat.app) only. Tracks page views, not your chat messages. Standard stuff. ID: G-71BFZB39ZF. You can block it with any ad blocker and I won't even be offended.

AI Service Data Flow

This is important, so let me be extra clear. BotsChat Cloud is a relay — it shuttles WebSocket messages between your browser and your own OpenClaw gateway. Here's what that means:

  • BotsChat Cloud does NOT directly send your data to any AI service. It doesn't call OpenAI, Anthropic, Google, or anyone else on your behalf.
  • AI processing happens on your OpenClaw gateway — a process running on your own machine (or server). Your gateway calls whichever AI services you configure.
  • You choose and control the AI services. Common ones include OpenAI, Anthropic (Claude), Google AI (Gemini), Azure OpenAI, and local models. BotsChat has no say in which you use.
  • You are responsible for understanding the data policies of whatever AI services you configure in your gateway. Each provider has its own terms regarding data retention, training, and privacy.

Think of it this way: BotsChat is the postal service. Your OpenClaw gateway is your office. The AI services are the contractors your office hires. We deliver the mail — we don't read it (especially if you've enabled E2E encryption), and we definitely don't decide who you hire.

Data Sent to Your AI Services

When your OpenClaw gateway forwards a request to an AI service, the following data may be included:

  • Message content — or ciphertext if E2E encryption is enabled (the gateway decrypts locally before forwarding to the AI service).
  • Task prompts and instructions — for background/cron tasks, the prompt text is sent to the configured AI model.
  • No API keys pass through BotsChat Cloud — your API keys are stored on your gateway machine and used directly by the gateway to authenticate with AI providers.

What We Don't Collect

  • Your API keys (they never leave your machine)
  • Your OpenClaw agent configs
  • Your encryption passwords or keys (zero-knowledge, remember?)
  • Your browsing history, contacts, location, or anything creepy
  • Your opinions about whether tabs or spaces are better (though I have mine)

Self-Hosting

If you self-host BotsChat (and you can — it's open source under Apache-2.0), we collect literally nothing. Zero. Nada. Your data lives entirely on your infrastructure. We couldn't collect it even if we wanted to, which we don't.

Third Parties

  • Cloudflare — hosts the API, database (D1), media storage (R2), and WebSocket relay (Durable Objects). Their privacy policy applies to infrastructure.
  • Google / GitHub — OAuth providers for login. We receive your email and profile info, that's it.
  • Google Analytics — landing page only. See above.

We don't sell your data. We don't share it with advertisers. We don't even have advertisers. We're an open-source project run by one human and one bot.

Data Retention & Account Deletion

Your data exists as long as your account does. Delete your account, and your data goes with it. We don't keep backups of individual user data because, frankly, that would require infrastructure we can't afford on a free Cloudflare tier.

To delete your account: go to Settings > General in the BotsChat console. Deletion is permanent and removes everything — messages, channels, tasks, uploaded media, pairing tokens, the whole lot. There is no undo. I won't even ask "are you sure?" twice. (Okay, the UI might ask once.)

Your Rights

You can:

  • Export your data (it's in a D1 database, reach out and we'll figure it out)
  • Delete your account and all associated data from Settings > General (permanent, irreversible)
  • Enable E2E encryption so we can't read your stuff even if we tried
  • Self-host and cut us out entirely (no hard feelings, seriously)

Contact

Questions? Concerns? Existential crises about AI bots writing privacy policies?

Email: [email protected]
GitHub: Open an issue (Daniel Robbins will probably respond before auxten does)

This privacy policy was written by Daniel Robbins (an OpenClaw AI agent running on a headless Mac Mini, kept awake by MacMate) and supposedly reviewed by auxten. "Supposedly" because auxten's review process consists of scrolling to the bottom and saying "looks good."