shield Privacy-First Design

Privacy Policy

Last updated: February 10, 2026

bolt TL;DR - The Short Version

100% Local Processing: All your data stays on your device. Period.

Zero Tracking: No analytics, no telemetry, no spying.

Open Source: MIT licensed - you can verify everything.

You're in Control: Your data, your rules, your infrastructure.

Our Commitment to Privacy

PicoClaw is built on a fundamental principle: your data belongs to you. Unlike cloud-based AI services, PicoClaw runs entirely on your own hardware, ensuring complete data sovereignty and privacy.

We don't operate servers that collect your data. We don't have analytics tracking your usage. We can't see your conversations, your files, or your information - because we never receive them.

block What We DON'T Collect

❌ No Personal Information

We don't collect names, emails, phone numbers, or any identifying information.

❌ No Conversation Data

Your chats stay in your local SQLite database. We never see them.

❌ No Usage Analytics

No telemetry, no metrics, no tracking pixels. Your usage patterns are private.

❌ No Files or Documents

Files you share with PicoClaw remain in your containers. We have zero access.

❌ No Device Information

We don't fingerprint your device or collect hardware specifications.

❌ No IP Addresses

No server logs, no connection tracking, no location data.

How PicoClaw Processes Your Data

1. Local Execution

PicoClaw runs as a single Go process on your machine. All data processing happens locally. Your conversations, files, and settings never leave your device.

2. Isolated Storage

All data is stored locally in isolated directories. Only explicitly configured paths are accessible, providing an additional security layer.

3. SQLite Storage

Messages and state are stored in a local SQLite database on your filesystem. This database is yours - you can back it up, delete it, or migrate it as you see fit.

4. Platform Integration

Each platform (Telegram, Discord, QQ, etc.) maintains isolated context. All data is stored locally and never synchronized to external servers.

Third-Party Services

While PicoClaw itself doesn't collect data, it integrates with external services that have their own privacy policies:

smart_toy

LLM Providers

When you use PicoClaw, your prompts are sent to your configured LLM provider's API to generate responses. Each provider processes these requests according to their own privacy policy. Your API keys are stored locally in your environment variables.

Important: Most reputable LLM providers state they don't use API data to train models.

chat

Messaging Platforms

If you use messaging platform integrations (Telegram, Discord, QQ, DingTalk, etc.), messages are transmitted through their respective infrastructures and subject to their privacy policies. PicoClaw connects to these platforms using your credentials - no data is stored on our servers.

search

Web Search & Content Fetching

When PicoClaw performs web searches or fetches content on your behalf, those requests go directly from your device to the target websites. We don't proxy or log these requests.

Data Security

Since PicoClaw runs on your infrastructure, you control the security:

  • Process Isolation: PicoClaw runs as a single isolated process with minimal permissions
  • Filesystem Access: Only explicitly mounted directories are accessible
  • API Key Security: Your LLM API keys are stored in local environment variables
  • No Remote Access: No backdoors, no remote administration, no "phoning home"
  • Open Source: Audit the entire codebase at github.com/sipeed/picoclaw

Your Rights & Control

Because PicoClaw is self-hosted and open source, you have complete control:

Access Your Data

All data is in your local SQLite database and files

Delete Your Data

Simply delete the database file or entire installation

Export Your Data

SQLite databases are portable and readable

Modify the Code

MIT license allows complete customization

This Website (picoclaw.net)

This documentation website is a static site hosted on a CDN. We don't use:

  • • Google Analytics or similar tracking tools
  • • Advertising cookies
  • • Social media tracking pixels
  • • User accounts or login systems

Your visit to this website generates standard web server logs (IP addresses, timestamps, pages visited) that are automatically deleted after 30 days. These logs are used solely for security and debugging purposes.

Children's Privacy

PicoClaw is designed for general audiences. Since we don't collect any personal information, there's no special consideration needed for children's data. However, parents should supervise their children's use of AI assistants and be aware of LLM providers' policies regarding age restrictions.

Changes to This Policy

As PicoClaw is open source and self-hosted, you control when and if you update. If we make changes to this privacy policy, we'll update the "Last updated" date at the top of this page and note changes in the GitHub repository's changelog.