Data Processing Agreement
Auftragsverarbeitungsvertrag (AV-Vertrag) · GDPR Article 28
Request Your DPA
We provide a signed Data Processing Agreement to all business customers who need one for GDPR compliance.
Request DPA via EmailOverview
When you use OpenClaw Cloud, we process personal data on your behalf. Under GDPR Article 28, this requires a Data Processing Agreement (DPA) between you (the data controller) and OpenClaw (the data processor).
Our standard DPA covers:
- Scope and purpose of data processing
- Types of personal data processed
- Duration of processing
- Rights and obligations of both parties
- Technical and organizational security measures
- Sub-processing provisions
- Data breach notification procedures (72-hour rule)
- Deletion obligations upon termination
- Audit rights
What's Included
Annex 1: Subject Matter & Scope
- Subject matter: Hosting and operation of OpenClaw AI assistant instances
- Duration: For the term of your subscription
- Data subjects: End users of your OpenClaw instance
- Data types: Conversation data, files, configuration data
Annex 2: Technical & Organizational Measures
- TLS 1.3 encryption for all data in transit
- Encrypted storage at rest
- Dedicated server isolation per customer
- Daily encrypted backups
- Access controls and authentication
- Regular security updates
Annex 3: Subprocessors
See our complete Subprocessor List.
Standard vs. Custom DPA
Standard DPA: Based on EU Commission Standard Contractual Clauses. Suitable for most businesses. Available within 24 hours.
Custom DPA: If you have specific requirements or need to use your own template, contact us to discuss. Additional review time may apply.
Data Location
All OpenClaw Cloud instances are hosted in Nuremberg, Germany on Hetzner infrastructure. Your data never leaves the European Union.
Contact
For DPA requests and data protection inquiries:
privacy@openclaw.you