Privacy Policy

Last updated: February 21, 2026

1. Introduction

ProofMeta ("we", "our", "us") provides cost optimization analysis for OpenClaw configurations. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the EU General Data Protection Regulation (GDPR).

2. Data Controller

ProofMeta
Contact: privacy@proofmeta.com

3. What Data We Collect

• Configuration Files: Your openclaw.json file (contains API keys, model settings, and usage patterns)
• Contact Information: Email address and/or Telegram username (for service delivery)
• Payment Information: Processed by Stripe (we do not store full payment details)
• Usage Data: Analysis results, delivery timestamps, service tier used

4. How We Use Your Data

• Free Scans: Analyze your config and provide cost optimization recommendations. Files are deleted immediately after analysis (within 1 hour).
• Paid Reports (€99): Store your config and analysis report for 90 days to enable support and follow-up questions. Deleted automatically after 90 days.
• Communications: Send you service updates, delivery confirmations, and optimization recommendations (only for services you've purchased).

5. Legal Basis (GDPR)

• Contract Performance: Processing necessary to deliver the service you've requested.
• Legitimate Interest: Improving our service quality and detecting fraud.
• Consent: Marketing communications (opt-in only, you can withdraw anytime).

6. Data Retention

• Free Scans: Config files deleted within 1 hour. No long-term storage.
• Paid Reports: Config files and reports stored for 90 days, then automatically deleted.
• Payment Records: Retained for 7 years (legal requirement for accounting).
• Email/Telegram Contacts: Retained until you request deletion or 2 years of inactivity.

7. Data Security

• All data stored on encrypted servers (Ubuntu 24.04 LTS with disk encryption)
• HTTPS/TLS for all web communications
• Telegram bot uses end-to-end encryption where available
• Access restricted to authorized personnel only
• Regular security audits and updates

8. Third-Party Services

• Stripe: Payment processing (PCI-DSS compliant). See Stripe Privacy Policy.
• Telegram: Message delivery. See Telegram Privacy Policy.
• Vercel: Website hosting. See Vercel Privacy Policy.

We do not sell or share your data with third parties for marketing purposes.

9. Your Rights (GDPR)

You have the right to:

• Access: Request a copy of your data we hold
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: For marketing communications

To exercise any of these rights, contact us at privacy@proofmeta.com.

10. Data Breach Notification

In the event of a data breach affecting your personal data, we will notify you within 72 hours as required by GDPR Article 33.

11. International Data Transfers

Your data is primarily stored within the EU. If transferred outside the EU, we ensure adequate safeguards (e.g., Standard Contractual Clauses) are in place.

12. Cookies

Our website does not use tracking cookies. We may use essential session cookies for website functionality only.

13. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect data from children.

14. Changes to This Policy

We may update this Privacy Policy occasionally. Changes will be posted on this page with an updated "Last updated" date. Continued use of our services after changes constitutes acceptance.

15. Contact & Complaints

Data Protection Contact:
Email: privacy@proofmeta.com

Supervisory Authority:
If you're unhappy with how we handle your data, you can file a complaint with your local data protection authority.