Privacy Policy

Last updated: February 16, 2026

1. Who We Are

PicoClaw is operated by Usto AI ("we," "us," "our"). We provide a platform for deploying and managing AI-powered chatbots on messaging platforms such as Telegram and Discord.

Contact: shsobirov.dev@gmail.com

2. Information We Collect

Account Information

When you sign up via Google or GitHub OAuth, we receive and store:

  • Name
  • Email address
  • Profile picture URL
  • OAuth provider identifier

Payment Information

Payments are processed by Stripe. We do not store credit card numbers or bank details. Stripe provides us with a customer ID and subscription status. See Stripe's Privacy Policy.

Bot Configuration

When you create a bot, we store:

  • Bot name and configuration settings
  • LLM provider and model selection
  • System prompts you write
  • API keys for LLM providers (encrypted at rest with AES-256-GCM)
  • Messaging platform tokens (encrypted at rest with AES-256-GCM)

Usage Data

We collect basic server logs including IP addresses, request timestamps, and error information for operational purposes. We do not use third-party analytics or tracking services.

3. How We Use Your Information

  • To create and manage your account
  • To provision, deploy, and operate your chatbots
  • To process payments and manage your subscription
  • To monitor bot health and perform auto-restarts
  • To communicate with you about your account (e.g., billing issues)
  • To improve and maintain the platform

4. Data Storage & Security

Your data is stored on servers operated by Hetzner Online GmbH, located in the European Union (Helsinki, Finland and Nuremberg, Germany). All sensitive credentials (API keys, bot tokens) are encrypted at rest using AES-256-GCM.

All connections use HTTPS/TLS. SSH key-based authentication is used for server-to-server communication. No passwords are stored.

5. Chat Messages

PicoClaw does not store or log the messages your bot processes. Messages are sent directly from the messaging platform to your bot's LLM provider (e.g., Anthropic, OpenAI, Google) in real-time and are not retained by us. The LLM provider's own privacy policy governs how they handle that data.

6. Data Sharing

We do not sell your personal information. We share data only with:

  • Stripe — for payment processing
  • Hetzner — infrastructure provider (server hosting)
  • Google / GitHub — for OAuth authentication
  • Your chosen LLM provider — your API key is used to make requests on your behalf

7. Data Retention

We retain your account data for as long as your account is active. When you delete your account, we permanently delete your user record, bot configurations, and encrypted credentials. Bot VPS resources are destroyed. Stripe may retain billing records per their own policies.

8. Your Rights

You can:

  • Access your data through the dashboard
  • Delete your account and all associated data from the billing page
  • Export your bot configurations from the dashboard

For any data requests, contact us at shsobirov.dev@gmail.com.

9. Cookies

We use essential cookies only for authentication session management (NextAuth.js session token). We do not use advertising, analytics, or tracking cookies.

10. Children

PicoClaw is not intended for use by individuals under the age of 13. We do not knowingly collect information from children.

11. Changes to This Policy

We may update this policy from time to time. We will notify registered users of significant changes via email. The "Last updated" date at the top indicates when this policy was last revised.

12. Contact

If you have questions about this Privacy Policy, contact us at shsobirov.dev@gmail.com.