Toolklawby Toolkit
View Pricing

Privacy

Your data is yours.

Transparent privacy. No training on your prompts. Domestic hosting by default.

Training on dataNever
Default hostingUS
EU optionAvailable

Principles

How we handle your data

Six core commitments.

🔒

No training on your data

Your prompts stay private. tk_claw never trains on user inputs.

🌍

Domestic-first routing

US-hosted inference by default. EU option available for GDPR.

🔑

BYO provider keys

Premium escalation goes directly to your API key. Toolklaw never sees it.

🚪

Retention controls

Zero-day deletion available. Logs don't roll longer than you allow.

📋

Audit logs

Team workspaces get full routing audit trail. Know where every request went.

🤝

Open by design

Toolklaw by Toolkit. OpenClaw-native architecture. Fully transparent routing.

Technical

How data flows

From your agent to inference and back.

Input Processing

Your prompt reaches tk_claw directly

Toolklaw never stores, logs, or trains on your input. Goes straight to inference.

Inference

Hosted on Cloudflare, not Anthropic

tk_claw runs on Cloudflare Workers. Your data doesn't touch Anthropic systems.

Output

Returned to your agent immediately

Result goes back to your OpenClaw gateway. No secondary storage or logging.

Logs

Audit trail only

We log that a request happened, cost, and model. No prompt/response content.

Retention

Zero-day deletion available

Request immediate deletion. Logs purge within 24 hours. No backups kept.

BYO Premium

Goes straight to your provider

Premium escalation sends to your GPT key directly. Toolklaw never sees it.

Compliance

Standards we follow

Industry best practices and legal requirements.

GDPR

EU data protection

GDPR-compliant. EU data hosted in EU-only infrastructure. Data subject rights honored.

HIPAA

Healthcare ready

HIPAA Business Associate agreement available. Encrypted at rest and in transit.

SOC 2

Audited security

SOC 2 Type II certified. Annual audits. Security practices verified by third parties.

Encryption

AES-256 at rest

All data encrypted at rest. TLS 1.3 in transit. Keys rotated quarterly.

Subprocessors

Minimal and disclosed

Cloudflare only (infrastructure). No data brokers or AI training providers.

DPA

Data Processing Agreement

Standard DPA available for enterprise customers. Custom terms on request.

Control

Privacy settings in your dashboard

You control your data handling.

Retention Policy

Choose how long we keep logs

Default: 30 days. Change to 7, 14, 90, or 365 days. Zero-day available on request.

Geographic

Choose hosting region

Default: US. Switch to EU, Canada, or Singapore. Affects all infrastructure.

Audit Logs

See everything that touches your data

Team workspaces get full audit trail. Access, modifications, deletions all logged.

Data Export

Portable format anytime

Download your data as JSON. Configuration, API keys, usage history included.

Account Deletion

Permanent removal

Request account deletion. All data purged within 30 days. No recovery available.

DPO Contact

Data Protection Officer

Email privacy@toolklaw.com. Questions about your data? We respond within 2 days.

Questions

Privacy FAQ

What you need to know.

Do you train on my prompts?

No. Never. We don't use your data for model training, fine-tuning, or research.

Can I get HIPAA coverage?

Yes. Sign a BAA (Business Associate Agreement) in your dashboard. Covers all data.

Where is data hosted?

US by default (Cloudflare edge). EU, Canada, Singapore options available.

How long do you keep logs?

Default 30 days. Configurable to 7, 14, 90, 365 days, or zero-day deletion.

What if I have a GDPR request?

We honor all data subject rights: access, correction, erasure, portability. Contact dpo@toolklaw.com.

How do I delete my account?

Settings → Account → Danger Zone. Data deleted within 30 days. No recovery.

Legal

Complete privacy policy

All the detail you need.

Last updated: March 14, 2025

1. Introduction

Toolklaw by Toolkit ("we", "our", or "us") operates the Toolklaw website and service. This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our service.

2. Information Collection and Use

We collect information you voluntarily provide (account creation, settings). We also collect usage data: which models you call, how many tokens, error rates. We do NOT collect or store your prompts or responses.

3. Use of Data

We use collected data to:

  • Provide and maintain our service
  • Bill you accurately for usage
  • Detect and prevent abuse
  • Improve our infrastructure
  • Respond to legal requests

4. Data Retention

Configurable retention (default 30 days). Account data kept until deletion requested. Audit logs kept per compliance requirements.

5. Security

Data encrypted at rest (AES-256) and in transit (TLS 1.3). Regular security audits. SOC 2 Type II certified.

6. Your Rights

You have the right to: access your data, correct inaccuracies, request deletion, export in portable format, restrict processing, and lodge complaints.

7. Contact

Questions? Contact dpo@toolklaw.com or write to:
Toolklaw Privacy
San Francisco, CA 94105
USA

Privacy first, always.

Your data stays yours. No training. No selling. No surprises.

Start BuildingAsk Questions