Privacy Policy
Last updated: March 13, 2026
The short version: OpenClaw packages run entirely on your machine. We don't collect telemetry, require accounts, or phone home. Your agent's data never leaves your infrastructure.
Who We Are
OpenClaw is maintained by Humanjava Enterprises Inc. This policy covers the OpenClaw Python packages (nostrkey, nostrwalletconnect, nostrcalendar, socialcard, sense-music, nostrsocial) and the loginwithnostr.com website.
The Packages
OpenClaw packages are open-source libraries published to PyPI under the MIT license. When you install and use them:
- No telemetry. The packages do not collect usage data, analytics, crash reports, or any other information about how you use them.
- No network calls. Except where the package's core function requires it (e.g., nostrwalletconnect communicating with your wallet via Nostr relays, nostrcalendar publishing to relays you configure), the packages make no network connections.
- No accounts. There are no user accounts, API keys, or registration required.
- Local data only. Any data the packages store (social graphs, keys, calendar events) stays on your machine or infrastructure. We never see it.
NostrSocial Specifically
The nostrsocial package manages a social graph locally. It's worth being explicit about what it does and doesn't do:
- Contact data stays local. Your contacts, trust tiers, interaction history, and signal patterns are stored wherever you configure FileStorage to point. We have no access.
- No external lookups. Cross-channel recognition only checks contacts you've already added. It never queries external services, scrapes profiles, or mines data.
- Device secret is yours. The HMAC device secret that generates proxy npubs is generated locally and never transmitted.
- Guardrails run locally. Content screening uses bundled JSON files processed on your machine. No content is sent to external services for analysis.
The Website
loginwithnostr.com is a static site hosted on GitHub Pages. We use:
- No cookies. We don't set any cookies.
- No analytics. No Google Analytics, no Plausible, no tracking pixels.
- GitHub Pages hosting. GitHub may collect standard server logs (IP addresses, timestamps) as part of their hosting. See GitHub's data collection policy.
The Login with Nostr Widget
The Login with Nostr JavaScript widget (login.js) facilitates Nostr authentication between your website and the user's browser extension or NIP-46 bunker. It:
- Runs entirely in the user's browser
- Does not send data to loginwithnostr.com or any Humanjava server
- Communicates only with the user's chosen Nostr signer (extension or bunker relay)
Third-Party Services
Some packages interact with infrastructure you choose:
- Nostr relays — When publishing events or connecting to a bunker, your agent communicates with relays you configure. Each relay has its own privacy policy.
- Lightning wallets — NostrWalletConnect connects to your wallet provider via NIP-47. Your wallet provider's policies apply.
- PyPI — Package installation goes through PyPI's infrastructure. See PyPI's privacy policy.
Children
OpenClaw packages and this website are developer tools. They are not directed at children under 13 and we do not knowingly collect information from children.
Changes
If this policy changes, we'll update the date at the top of this page. For significant changes, we'll note it in the package changelog.
Contact
Questions about this policy? See our support page or file an issue on GitHub.