shield Privacy-First Design

Privacy Policy

Last updated: February 10, 2026

bolt TL;DR - The Short Version

100% Local Processing: All your data stays on your device. Period.

Zero Tracking: No analytics, no telemetry, no spying.

Open Source: MIT licensed - you can verify everything.

You're in Control: Your data, your rules, your infrastructure.

Our Commitment to Privacy

Nanoclaw is built on a fundamental principle: your data belongs to you. Unlike cloud-based AI services, Nanoclaw runs entirely on your own hardware, ensuring complete data sovereignty and privacy.

We don't operate servers that collect your data. We don't have analytics tracking your usage. We can't see your conversations, your files, or your information - because we never receive them.

block What We DON'T Collect

❌ No Personal Information

We don't collect names, emails, phone numbers, or any identifying information.

❌ No Conversation Data

Your chats with Claude stay in your local SQLite database. We never see them.

❌ No Usage Analytics

No telemetry, no metrics, no tracking pixels. Your usage patterns are private.

❌ No Files or Documents

Files you share with Nanoclaw remain in your containers. We have zero access.

❌ No Device Information

We don't fingerprint your device or collect hardware specifications.

❌ No IP Addresses

No server logs, no connection tracking, no location data.

How Nanoclaw Processes Your Data

1. Local Execution

Nanoclaw runs as a single Node.js process on your machine. All data processing happens locally in isolated containers. Your conversations, files, and settings never leave your device.

2. Container Isolation

Agents operate in Linux containers with strict filesystem isolation. Only explicitly mounted directories are accessible, providing an additional security layer. Even bash commands execute within containers, never on your host system.

3. SQLite Storage

Messages and state are stored in a local SQLite database on your filesystem. This database is yours - you can back it up, delete it, or migrate it as you see fit.

4. Per-Group Memory

Each WhatsApp group maintains isolated context with individual CLAUDE.md memory files. These files are stored locally and never synchronized to external servers.

Third-Party Services

While Nanoclaw itself doesn't collect data, it integrates with external services that have their own privacy policies:

smart_toy

Anthropic API (Claude)

When you use Nanoclaw, your prompts are sent to Anthropic's API to generate responses. Anthropic processes these requests according to their privacy policy. Your API key is stored locally in your environment variables.

Important: Anthropic states they don't use API data to train models.

chat

WhatsApp

If you use WhatsApp integration, messages are transmitted through WhatsApp's infrastructure and subject to WhatsApp's privacy policy. Nanoclaw connects to WhatsApp using your device's session - no credentials are stored on our servers.

search

Web Search & Content Fetching

When Claude performs web searches or fetches content on your behalf, those requests go directly from your device to the target websites. We don't proxy or log these requests.

Data Security

Since Nanoclaw runs on your infrastructure, you control the security:

  • Container Isolation: Agents run in isolated containers with minimal permissions
  • Filesystem Access: Only explicitly mounted directories are accessible
  • API Key Security: Your Anthropic API key is stored in local environment variables
  • No Remote Access: No backdoors, no remote administration, no "phoning home"
  • Open Source: Audit the entire codebase at github.com/gavrielc/nanoclaw

Your Rights & Control

Because Nanoclaw is self-hosted and open source, you have complete control:

Access Your Data

All data is in your local SQLite database and files

Delete Your Data

Simply delete the database file or entire installation

Export Your Data

SQLite databases are portable and readable

Modify the Code

MIT license allows complete customization

This Website (nanoclaw.net)

This documentation website is a static site hosted on a CDN. We don't use:

  • • Google Analytics or similar tracking tools
  • • Advertising cookies
  • • Social media tracking pixels
  • • User accounts or login systems

Your visit to this website generates standard web server logs (IP addresses, timestamps, pages visited) that are automatically deleted after 30 days. These logs are used solely for security and debugging purposes.

Children's Privacy

Nanoclaw is designed for general audiences. Since we don't collect any personal information, there's no special consideration needed for children's data. However, parents should supervise their children's use of AI assistants and be aware of Anthropic's policies regarding age restrictions.

Changes to This Policy

As Nanoclaw is open source and self-hosted, you control when and if you update. If we make changes to this privacy policy, we'll update the "Last updated" date at the top of this page and note changes in the GitHub repository's changelog.