openclaw/docs/security/data-handling.md

6.4 KiB

title summary permalink
Data Handling Policy How Moltbot handles user data, retention, logging, and privacy. /security/data-handling/

Data Handling Policy

This document describes how Moltbot handles user data, including storage, retention, logging, and user rights.

Data Categories

1. Configuration Data

Location: ~/.clawdbot/clawdbot.json or config.yaml

Contents:

  • LLM provider settings (model, temperature, etc.)
  • Channel configuration (enabled platforms)
  • Gateway settings (host, port, auth mode)
  • Tool and skill preferences

Retention: Persists until user deletes or modifies

Protection: File permissions (0o600)

2. Credentials and Secrets

Location: System keychain (preferred) or ~/.clawdbot/credentials/

Contents:

  • API keys for LLM providers
  • Bot tokens for messaging platforms (Discord, Telegram, Slack)
  • OAuth tokens and session data

Retention: Persists until explicitly revoked or rotated

Protection:

  • System keychain (macOS Keychain, Linux Secret Service) when available
  • AES-256-GCM encryption with PBKDF2 key derivation for file fallback
  • Machine-derived encryption keys

Deletion: Use clawdbot config unset or delete from system keychain

3. Session Data

Location: ~/.clawdbot/sessions/

Contents:

  • Conversation history with LLM
  • Tool execution results
  • Agent state and context

Retention: Configurable via session.maxMessages and session.ttl

Protection: File permissions (0o600), isolated per agent ID

Deletion: clawdbot session clear or delete session files directly

4. Pairing and Authorization Data

Location: ~/.clawdbot/credentials/<channel>-pairing.json and <channel>-allowFrom.json

Contents:

  • Pending pairing requests with codes
  • Authorized sender IDs per channel

Retention:

  • Pending requests: 1 hour TTL
  • Authorized senders: Persists until removed

Protection:

  • HMAC-SHA256 signatures for integrity verification
  • File permissions (0o600)
  • Rate limiting on approval attempts

Deletion: clawdbot pairing revoke or edit allowFrom files

5. Message Content

What is stored:

  • Messages are passed to the LLM provider for processing
  • Session history may include message excerpts for context

What is NOT stored by default:

  • Full message history is not logged to disk
  • Attachments are not persistently stored

LLM Provider Data:

  • Message content is sent to configured LLM providers
  • Subject to provider's data retention policies
  • See provider documentation for details

6. Logs

Location: Configured via logging settings

Default behavior:

  • Errors and warnings logged to console
  • No persistent disk logging by default

When enabled:

  • Log files may contain error messages and stack traces
  • Debug logging may include request/response data
  • Sensitive data (tokens, credentials) should be redacted

Retention: Configurable, no automatic rotation by default

User Rights

Access Your Data

Users can access their data through:

  • Reading configuration files directly
  • Using clawdbot config show for settings
  • Using clawdbot session list for conversations
  • Checking system keychain for stored secrets

Export Your Data

To export all Moltbot data:

# Configuration
cp ~/.clawdbot/clawdbot.json ~/clawdbot-backup/

# Sessions
cp -r ~/.clawdbot/sessions/ ~/clawdbot-backup/sessions/

# Pairing and authorization
cp ~/.clawdbot/credentials/*.json ~/clawdbot-backup/credentials/

# Note: Keychain credentials must be exported via system tools

Delete Your Data

To remove all Moltbot data:

# Stop the gateway
clawdbot gateway stop

# Remove all local data
rm -rf ~/.clawdbot/

# Remove keychain entries (macOS)
security delete-generic-password -s "clawdbot" -a "*"

# Remove keychain entries (Linux)
secret-tool clear service clawdbot

Data Portability

Configuration and session data are stored in JSON format and can be:

  • Backed up and restored
  • Migrated to another machine
  • Inspected with standard tools

Data Flow

Inbound Messages

Channel (WhatsApp/Telegram/etc.)
    ↓
Gateway (auth check, rate limit)
    ↓
Prompt Injection Check
    ↓
LLM Provider (OpenAI/Anthropic/etc.)
    ↓
Response Processing
    ↓
Tool Execution (if requested)
    ↓
Channel Response

Outbound Data

Data leaves the system in these cases:

  1. LLM API calls: Message content sent to configured provider
  2. Channel responses: Bot replies sent to messaging platforms
  3. Tool execution: Commands may access network resources
  4. Browser automation: Web requests as directed by user

Third-Party Services

LLM Providers

Moltbot integrates with:

  • OpenAI (ChatGPT, GPT-4)
  • Anthropic (Claude)
  • Google (Gemini)
  • Local models (Ollama)

Each provider has their own data handling policies. Review:

Messaging Platforms

Each connected channel has its own privacy implications:

  • WhatsApp: End-to-end encrypted, but bot can read messages it receives
  • Telegram: Bot API messages are not end-to-end encrypted
  • Discord: Subject to Discord's terms and privacy policy
  • Slack: Workspace-level data access policies apply
  • Initial bot setup and configuration
  • Connecting to messaging platforms
  • Executing shell commands (approval mode)
  • Pairing new authorized senders
  • Messages being processed by LLM
  • Session data being stored locally
  • Rate limiting and security logging
  • Security controls (blocklists, rate limits)
  • Prompt injection detection
  • Credential encryption

Compliance Considerations

GDPR (if applicable)

  • Right to access: Users can read their data directly
  • Right to erasure: Delete data as documented above
  • Data portability: JSON format enables export
  • Processing records: Not maintained by default

Security Best Practices

  • Credentials stored in system keychain when possible
  • File permissions restrict access to owner
  • Sensitive data encrypted at rest
  • No telemetry or analytics by default

Changes to This Policy

This policy may be updated as features change. Significant changes will be noted in the changelog.


Last updated: 2026-01-27