PlugAndClaw is managed OpenClaw hosting. We give you a dedicated cloud server running OpenClaw, pre-configured with AI models (Claude, GPT, Gemini) and accessible via Telegram. No server setup, no SSH, no technical knowledge required.

OpenClaw is an open-source AI assistant platform that runs 24/7 on your own server. It can manage your calendar, check emails, search the web, write code, control smart home devices, and more.

How long does setup take?

Under 1 minute. Sign in with Google, complete checkout, connect your Telegram bot, and your dedicated server spins up automatically. You can switch between AI models anytime.

Do I get my own server?

Yes. Every subscriber gets a dedicated VPS (virtual private server) in Europe. Your data is completely isolated from other users, with encrypted disk storage and a hardened firewall.

Which AI models are included?

Claude Opus 4.6, Claude Sonnet 4.6, GPT-5.2, Gemini 3 Flash, Kimi K2.5, and Minimax M2.5. You can switch models anytime. $20 in AI credits are included monthly.

Can I bring my own API keys?

Yes. You can add your own API keys for Anthropic, OpenAI, Google, or any other provider. Traffic with your own keys bypasses our proxy and goes directly to the provider.

What happens when my credits run out?

Your assistant pauses until you top up or your billing cycle renews. Top-ups are available at cost with no processing fees. Your $20 monthly credit allowance refreshes each billing cycle.

Is there a money-back guarantee?

Yes. We offer a 7-day money-back guarantee on all new subscriptions. Email support@plugandclaw.com within 7 days for a full refund.

PlugAndClaw — Deploy OpenClaw Properly in Under 1 Minute

1. Introduction

PlugAndClaw ("we", "us", "our") operates the PlugAndClaw platform available at plugandclaw.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully.

2. Information We Collect

2.1 Information You Provide

Account information: When you sign up via Google authentication, we receive your name, email address, and profile picture from your Google account
Bot configuration: Your Telegram bot token, bot username, selected AI model, and gateway authentication token
Payment information: Payment details are collected and processed by Stripe. We do not store your full card number on our servers — only subscription status and transaction history
Support communications: Any information you provide when contacting us for support

2.2 Information Collected Automatically

Usage data: AI token usage statistics (input/output counts), model used per request, cost per request, and timestamps
Log data: IP address, access times, referring URLs, and error logs collected by our servers and Cloudflare
Device information: Browser type, operating system, and device type collected when you visit plugandclaw.com
Session cookies: Essential cookies used for authentication and session management (see Section 9)

2.3 Server Data

Your dedicated server stores your assistant's conversations, memory files, workspace, and configuration. This data lives on your isolated server and is not accessible to other users or shared across the platform.

3. What We Do NOT Collect

We do not read or log the content of your conversations
We do not access your Telegram messages or contacts
We do not use your data to train AI models
We do not use advertising cookies or third-party tracking pixels
We do not track your browsing activity outside of plugandclaw.com
We do not sell, rent, or trade your personal information to any third party

Your conversations are processed on your dedicated server and routed to AI providers via OpenRouter. Our proxy tracks token counts for billing purposes but does not log message content.

4. How We Use Your Information

We use the information we collect to:

Provision, operate, and maintain your dedicated server
Route AI requests and track usage for billing
Process transactions and manage your subscription via Stripe
Send service-related communications (account confirmations, billing notices, security alerts, outage notifications)
Provide customer support
Detect, prevent, and address fraud, abuse, or security issues
Comply with legal obligations

We do not send marketing or promotional emails. All communications from us are service-related only.

5. Third-Party Services

We share data with the following third-party providers only as necessary to operate the Service:

Stripe — Processes payments securely. Subject to Stripe's Privacy Policy.
OpenRouter — Our AI gateway that routes requests to AI providers on your behalf.
Anthropic, OpenAI, Google, MoonshotAI, Minimax — AI providers whose models process your messages. Each has their own privacy policy and data retention practices.
Telegram — Your bot token connects to Telegram's Bot API to send and receive messages.
Hetzner — Your dedicated server is hosted on Hetzner Cloud infrastructure in Germany (EU).
Cloudflare — DNS, DDoS protection, and reverse proxy for your server's domain.
Supabase — Our database provider stores account information and usage statistics.
Google — Provides OAuth authentication for sign-in.

6. Bot Conversations & AI Data

Messages sent to and from your deployed AI assistant are processed by third-party AI model providers via OpenRouter. We may temporarily store conversation metadata (such as token counts and timestamps) for billing and usage tracking purposes.

We do not access, read, or store the content of your conversations. We do not use conversation content for training AI models or for any marketing purpose.

7. Data Security

We implement the following security measures:

HTTPS/TLS encryption for all connections in transit
LUKS encryption at rest — your server data is encrypted on disk with a unique key per server
Dedicated, isolated server per user — no shared resources
Firewall-hardened servers (Hetzner network firewall + UFW)
Gateway bound to loopback — not directly publicly accessible
Device-based authentication for Telegram pairing
Restricted file permissions on server configuration
SSH key-only authentication (no password logins)

No system is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security against all threats.

8. Data Retention

Account data: Retained while your account is active
Server data: Stored on your dedicated server and permanently deleted when your subscription ends
Usage statistics: Retained for up to 90 days for billing purposes
Payment records: Retained as required by applicable tax and accounting laws

If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain data for legal or compliance purposes. You can request a data export before cancellation by contacting support.

9. Cookies

We use essential cookies only — for authentication (session management via NextAuth) and basic functionality. We do not use advertising cookies, third-party analytics cookies, or tracking pixels. Disabling cookies may prevent you from logging in to the Service.

10. Your Rights

Under GDPR and other applicable privacy laws, you may have the right to:

Access — Request a copy of your personal data
Correction — Request correction of inaccurate or incomplete data
Deletion — Request deletion of your account and associated data
Portability — Request your data in a machine-readable format
Objection — Object to or restrict certain processing of your data
Withdrawal — Withdraw consent for data processing at any time

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

11. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly. If you believe a minor is using the Service, contact us immediately.

12. International Data Transfers

Your server is hosted in Europe (Hetzner Cloud, Germany). Account data is stored in Supabase (US-based). AI requests are routed via OpenRouter and processed by AI providers primarily in the United States. By using the Service, you consent to these transfers. We rely on standard contractual clauses and provider compliance with applicable data protection regulations including GDPR.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email at least 14 days before they take effect. The "last updated" date at the top of this page reflects the most recent revision.

14. Contact Us

For privacy-related questions, data requests, or concerns, contact us at: [email protected]