Privacy Policy

Last updated: March 2026

1. Introduction

K&D Labs ("we", "us", "our") operates SuperClaw Cloud at superclawhub.com, a hosted AI assistant service built on OpenClaw. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Service.

2. Information We Collect

Account Information

  • Email address (for authentication and communication)
  • Password (hashed, never stored in plaintext)
  • Account creation date and subscription status

API Keys

  • Third-party API keys you provide (encrypted with AES-256-GCM at rest)
  • Keys are only decrypted in memory when establishing connections to AI providers

Usage Data

  • Session activity (login times, feature usage)
  • Approval queue actions (approve/reject decisions)
  • Theme and configuration preferences

What We Do NOT Collect

  • We do not read, log, or store your AI conversations
  • We do not track your AI prompts or responses
  • We do not use cookies for advertising or tracking

3. How We Use Your Information

  • To provide and maintain the Service
  • To authenticate your identity and manage your account
  • To process payments through Stripe
  • To send essential service communications (billing, security alerts)
  • To improve the Service based on aggregate usage patterns

4. Data Storage and Security

User Isolation

Each user receives a dedicated, isolated data directory. Path traversal protection prevents any user from accessing another user's data.

Encryption

  • API keys are encrypted with AES-256-GCM before storage
  • All connections use HTTPS/TLS encryption in transit
  • Passwords are hashed using industry-standard algorithms via Supabase Auth

Infrastructure

Our service runs on Railway with persistent encrypted storage. Authentication is handled by Supabase with enterprise-grade security.

5. Third-Party Services

We use the following third-party services:

  • Supabase — Authentication and user database
  • Stripe — Payment processing (we never see or store your full card number)
  • Railway — Infrastructure hosting

These services have their own privacy policies. We do not sell or share your data with any other third parties.

6. AI Provider Data

When you use the Service, your AI interactions are sent directly to your chosen AI provider (OpenAI, Anthropic, Google, etc.) using your own API keys. We act as a proxy and do not store, log, or analyze the content of these interactions. Each provider's own privacy policy governs how they handle your data.

7. Data Retention

  • Account data is retained while your account is active
  • Upon account deletion, all user data is permanently removed within 30 days
  • Payment records are retained as required by law and Stripe's policies

8. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate personal data
  • Delete your account and associated data
  • Export your data
  • Opt out of non-essential communications

To exercise these rights, contact us at kanddlabs@gmail.com.

9. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a notice on the Service. The "Last updated" date at the top reflects when the latest changes were made.

11. Contact

For questions or concerns about this Privacy Policy, contact us at kanddlabs@gmail.com or call (203) 828-6630.

K&D Labs — Ledyard, Connecticut, USA.