GDPR and privacy
#We're GDPR-compliant from the foundations, not bolted on later. Consent precedes tracking, we keep only what's necessary, and erasure on request is real — not declarative. We maintain a Record of Processing Activities (RoPA) and publish clear policies.
- Privacy policy — what we collect, why, and on what basis.
- Your GDPR rights — and how to exercise them.
- Terms of service — the rules of working together.
Security
#All AI traffic goes through one router (OpenClaw), which masks personal data before anything reaches the cloud and only rehydrates it in the response — the cloud model never sees real data. Secrets never enter the repository, and irreversible actions require a confirmation token, not the model's say-so.
Sovereignty and data residency
#We process sensitive data locally. A local BGE-M3 model computes embeddings, a local Qdrant holds the vectors — content never leaves the server. Only a masked prompt reaches the cloud. A deliberate data-residency choice: control and independence from any single vendor.
The full map — where each thing lives and which compliances we meet — is in data residency & compliance.
Service levels and transparency
#Infrastructure status is public and measured in real time, not asserted. Every model call is countable (metrics, correlated logs, traces), so cost and quality can be audited.
- Live service status — the state of databases, queues, vectors and local models.
- Our standards — how we build and verify (NO FAKE-DONE as a method).
- How we work with you — collaboration stages with proof + a portal preview.
Method: NO FAKE-DONE
#We don't claim completion on our word. A step is "done" only with hard proof — a green test, a log, or a screenshot. We apply the same rigor to security and privacy: every promise is paired with the practice that enforces it.
More on the method and what exactly we guarantee: methodology & guarantees.