LEGAL

Privacy Policy

Last updated: 14 March 2026 - Version 3.0

1. Who are we?

AI Agent B.V. ("we", "us", "our") is established in the Netherlands and registered with the Chamber of Commerce (KVK: 99763842). We offer project-based services (training, advisory, custom AI implementation) and the OpenClaw SaaS platform, through which customers can run their own AI agent on a dedicated server. You can reach us via aiagent.nl.

Contact: hello@aiagent.nl

2. What data do we collect?

2.1 Account and registration

When you create an account, we collect:

  • Email address
  • Password (stored encrypted, never in plain text)
  • Name (if provided)

2.2 OpenClaw SaaS platform

When using the Platform, we collect and process:

  • Instance configuration (agent settings, channel integrations, chosen plan)
  • API keys from external providers (stored encrypted with AES-256-GCM)
  • SSH public keys (if provided for server access)
  • Server metadata (IP address, server ID, DNS records)
  • Conversation logs and data generated by your AI agent (stored on your dedicated server)

2.3 Payment data

Payments are processed via Stripe. We do not store credit card numbers or bank account numbers. Stripe processes:

  • Payment method (type, last 4 digits)
  • Subscription status and billing history
  • Stripe customer ID (linked to your account)

2.4 Contact form

When you contact us, we collect:

  • Name
  • Email address
  • Subject and message

2.5 Newsletter

When you sign up for our newsletter, we collect your name and email address. You can unsubscribe at any time via the link at the bottom of each email.

2.6 AI Literacy Test

  • Name and email address (for the certificate)
  • Test results and scores
  • Newsletter opt-in if selected

2.7 Website visits

We use Vercel Web Analytics for anonymous visitor statistics. No personal data is collected. For authentication, functional session cookies are placed by Supabase. See our cookie policy for more information.

3. What do we use your data for?

PurposeLegal basis (GDPR)
Account management and authenticationPerformance of contract (Art. 6.1.b)
Delivery and management of the OpenClaw PlatformPerformance of contract (Art. 6.1.b)
Payment processing and subscription managementPerformance of contract (Art. 6.1.b)
Server provisioning and DNS configurationPerformance of contract (Art. 6.1.b)
Responding to contact requestsLegitimate interest (Art. 6.1.f)
Sending newslettersConsent (Art. 6.1.a)
AI Literacy Test and certificateConsent (Art. 6.1.a)
Executing project-based assignmentsPerformance of contract (Art. 6.1.b)
Improving the website (anonymous analytics)Legitimate interest (Art. 6.1.f)
Invoicing and bookkeepingLegal obligation (Art. 6.1.c)

4. Where do we store your data?

All data is stored within the European Union unless otherwise noted:

  • Account data and database: Supabase (Frankfurt, Germany)
  • Website hosting: Vercel (US, GDPR-compliant via Standard Contractual Clauses)
  • OpenClaw servers: Hetzner Cloud (Frankfurt, Germany) - dedicated server per customer
  • Email: Resend (US, GDPR-compliant)
  • Payments: Stripe (US, certified under the EU-US Data Privacy Framework)

We only select processors with GDPR-compliant data processing agreements or valid transfer mechanisms.

5. Do we share data with third parties?

We do not share your data for marketing or commercial purposes. The following parties process data on our behalf:

PartyPurposeLocation
SupabaseDatabase, authentication and account managementFrankfurt, Germany
VercelWebsite hosting, anonymous analytics and DNS managementUS (GDPR-compliant)
HetznerDedicated cloud servers for OpenClaw instancesGermany (Frankfurt)
StripePayment processing, subscriptions and invoicingUS (EU-US Data Privacy Framework)
ResendSending emails and newslettersUS (GDPR-compliant)
CalendlyAppointment scheduling (only on pages with scheduling widget)US (GDPR-compliant)

6. Cookies

We use functional cookies for authentication (Supabase session cookies) and anonymous analytics (Vercel Analytics). We do not use tracking cookies, advertising cookies or social media cookies.

See our full cookie policy for a detailed overview of all cookies.

7. How long do we retain your data?

Data typeRetention period
Account dataUntil account deletion
OpenClaw instance data (server)Up to 7 days after subscription cancellation, then deleted
API keys (encrypted)Until deletion of the instance or account
Payment and invoice data7 years (statutory retention obligation)
Contact form data6 months after handling
Newsletter subscriptionUntil unsubscription
AI test results12 months

8. Your rights under the GDPR

You have the following rights:

  • Access: You may request which data we hold about you
  • Rectification: You may have incorrect data corrected
  • Erasure: You may request your data to be deleted (including your account and instances)
  • Restriction: You may request that the processing of your data be restricted
  • Portability: You may request your data in a standard format
  • Objection: You may object to processing based on legitimate interest

Send an email to hello@aiagent.nl with your request. We will respond within 30 days.

You may also file a complaint with the Dutch Data Protection Authority (see section 12).

9. Security

We take the following measures to protect your data:

  • Encrypted connections (TLS/HTTPS) for all data communication
  • API keys stored encrypted with AES-256-GCM
  • SSH access to servers secured (no password authentication, key-only)
  • Dedicated servers per customer (no shared infrastructure)
  • Secure storage at certified cloud providers in the EU
  • Regular security updates and patches on all systems
  • Access restrictions to personal data within the organization
  • Automatic TLS certificates (Let's Encrypt) for all customer servers

10. Minimum age

Our services are intended for persons aged 18 or older. We do not knowingly collect data from persons under 18. If you suspect a minor has created an account, please contact us so we can delete the account.

11. Changes to this privacy policy

We may update this privacy policy from time to time. In the event of material changes, we will notify active customers by email. The most recent version is always available on this page.

12. Complaints

If you have a complaint about the processing of your personal data, you may contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):

Privacy Policy | AI Agent