PRIVACY POLICY

Effective Date: March 5, 2026

1. DATA PROCESSING ROLES
For the purposes of the GDPR and other global privacy laws:
* **Customer (You):** You are the **Data Controller**. You decide what data to feed the AI and how to use it.
* **IRON CLICK LTD:** We are the **Data Processor**. We provide the infrastructure (VPS) and only process data according to your configuration and these terms.

2. DATA SEGREGATION AND BYOK DISCLOSURE
The IronClaw service uses the "Bring Your Own Key" (BYOK) model for AI processing.
2.1. Direct Data Transfer
Your AI instance sends data directly from your VPS to the AI model provider (e.g., OpenAI). **IRON CLICK LTD DOES NOT INTERCEPT, STORE, OR ANALYZE YOUR AI CONVERSATIONS.**
2.2. Third-Party Liability
WE ARE NOT RESPONSIBLE FOR HOW THIRD-PARTY AI PROVIDERS OR MESSAGING PLATFORMS HANDLE YOUR DATA. You must satisfy yourself with their privacy standards before connecting them to your instance.

3. ADMINISTRATIVE (ROOT) ACCESS PROTOCOL
As a managed service, we maintain administrative access to the host infrastructure.
* **Access Restricted:** We will not access your VPS content unless strictly necessary for: (a) investigating system failures at your request; (b) protecting the network from an active malicious attack; or (c) complying with a valid legal warrant.
* **Audit Trail:** All administrative logins are logged and monitored.

4. DISCLAIMER FOR AI-DRIVEN LEAKS
Artificial Intelligence is unpredictable. **IRON CLICK LTD** is not liable for "data leakage" or privacy breaches caused by:
1. The AI model's internal failures (e.g., GPT training data leaks);
2. Your specific prompts or configurations;
3. Vulnerabilities in the open-source OpenClaw codebase.

5. DATA SECURITY AND INFRASTRUCTURE
We implement industry-standard security (TLS, disk encryption where feasible). However, you acknowledge that because messages must be decrypted for the AI to process them, the Service is not "End-to-End Encrypted". You are responsible for the security of the data you choose to process.

6. DATA RETENTION AND PERMANENT DELETION
Upon termination of your subscription:
* Your instance data is held for exactly 30 days ("Grace Period").
* After 30 days, all data is permanently purged and **CANNOT BE RECOVERED**.
* **IRON CLICK LTD** accepts no responsibility for data loss resulting from expired subscriptions.

7. INDEMNITY REGARDING DATA PRIVACY
You agree to indemnify **IRON CLICK LTD** against any fines, penalties, or legal costs arising from your failure to provide proper privacy notices to your own end-users or your violation of privacy laws while using the Service.

8. CONTACT
Privacy inquiries: hello@ironclick.network