← Back to Synclaw

Privacy Policy

Last updated: 2026-03-23

1. Who We Are

Synclaw (“we”, “our”, “us”) provides a mission-control dashboard for AI agent workspaces. Our registered email for privacy matters is privacy@synclaw.in.

2. Data We Collect

  • Account data: Name, email address, and profile image from your GitHub or Google OAuth provider.
  • Workspace data: Agents, tasks, documents, messages, and activity logs you create within the product.
  • Configuration data: OpenClaw gateway URLs and encrypted API credentials stored at rest.
  • Technical data: IP addresses and HTTP headers from webhook ingestion endpoints, retained for 90 days.

3. How We Use Your Data

  • To provide and operate the Synclaw service.
  • To authenticate you and authorise access to your workspaces.
  • To send transactional emails (invite notifications, setup confirmations).
  • We do not sell your data to third parties.
  • We do not use third-party analytics or ad tracking.

4. Data Retention

  • Activity logs are retained for 90 days and then purged.
  • Webhook payload records are retained for 90 days.
  • Pending workspace invites expire after 30 days if not accepted.
  • Your account data is retained until you delete your account.

5. Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights:

  • Access (Art. 15): Request a copy of your personal data.
  • Portability (Art. 20): Download your data in machine-readable JSON format from Settings → Account.
  • Erasure (Art. 17): Delete your account and workspace data from Settings → Account.
  • Rectification (Art. 16): Update your name or email via your OAuth provider (GitHub / Google).
  • Object / Restrict (Art. 21-22): Contact us at privacy@synclaw.in.

6. Security

Credentials and gateway tokens are encrypted at rest using AES-256-GCM. Access is protected by OAuth 2.0 and role-based access controls. We do not store plaintext passwords.

7. Third-Party Services

  • Convex: Our backend database and serverless infrastructure provider. Data is processed in their infrastructure under their data processing agreement.
  • GitHub / Google OAuth: Used for authentication only. We receive only the profile scopes you approve.

8. Contact

For privacy requests or questions, email privacy@synclaw.in. We aim to respond within 30 days.