6.4 KiB
| title | summary | permalink |
|---|---|---|
| Data Handling Policy | How Moltbot handles user data, retention, logging, and privacy. | /security/data-handling/ |
Data Handling Policy
This document describes how Moltbot handles user data, including storage, retention, logging, and user rights.
Data Categories
1. Configuration Data
Location: ~/.clawdbot/clawdbot.json or config.yaml
Contents:
- LLM provider settings (model, temperature, etc.)
- Channel configuration (enabled platforms)
- Gateway settings (host, port, auth mode)
- Tool and skill preferences
Retention: Persists until user deletes or modifies
Protection: File permissions (0o600)
2. Credentials and Secrets
Location: System keychain (preferred) or ~/.clawdbot/credentials/
Contents:
- API keys for LLM providers
- Bot tokens for messaging platforms (Discord, Telegram, Slack)
- OAuth tokens and session data
Retention: Persists until explicitly revoked or rotated
Protection:
- System keychain (macOS Keychain, Linux Secret Service) when available
- AES-256-GCM encryption with PBKDF2 key derivation for file fallback
- Machine-derived encryption keys
Deletion: Use clawdbot config unset or delete from system keychain
3. Session Data
Location: ~/.clawdbot/sessions/
Contents:
- Conversation history with LLM
- Tool execution results
- Agent state and context
Retention: Configurable via session.maxMessages and session.ttl
Protection: File permissions (0o600), isolated per agent ID
Deletion: clawdbot session clear or delete session files directly
4. Pairing and Authorization Data
Location: ~/.clawdbot/credentials/<channel>-pairing.json and <channel>-allowFrom.json
Contents:
- Pending pairing requests with codes
- Authorized sender IDs per channel
Retention:
- Pending requests: 1 hour TTL
- Authorized senders: Persists until removed
Protection:
- HMAC-SHA256 signatures for integrity verification
- File permissions (0o600)
- Rate limiting on approval attempts
Deletion: clawdbot pairing revoke or edit allowFrom files
5. Message Content
What is stored:
- Messages are passed to the LLM provider for processing
- Session history may include message excerpts for context
What is NOT stored by default:
- Full message history is not logged to disk
- Attachments are not persistently stored
LLM Provider Data:
- Message content is sent to configured LLM providers
- Subject to provider's data retention policies
- See provider documentation for details
6. Logs
Location: Configured via logging settings
Default behavior:
- Errors and warnings logged to console
- No persistent disk logging by default
When enabled:
- Log files may contain error messages and stack traces
- Debug logging may include request/response data
- Sensitive data (tokens, credentials) should be redacted
Retention: Configurable, no automatic rotation by default
User Rights
Access Your Data
Users can access their data through:
- Reading configuration files directly
- Using
clawdbot config showfor settings - Using
clawdbot session listfor conversations - Checking system keychain for stored secrets
Export Your Data
To export all Moltbot data:
# Configuration
cp ~/.clawdbot/clawdbot.json ~/clawdbot-backup/
# Sessions
cp -r ~/.clawdbot/sessions/ ~/clawdbot-backup/sessions/
# Pairing and authorization
cp ~/.clawdbot/credentials/*.json ~/clawdbot-backup/credentials/
# Note: Keychain credentials must be exported via system tools
Delete Your Data
To remove all Moltbot data:
# Stop the gateway
clawdbot gateway stop
# Remove all local data
rm -rf ~/.clawdbot/
# Remove keychain entries (macOS)
security delete-generic-password -s "clawdbot" -a "*"
# Remove keychain entries (Linux)
secret-tool clear service clawdbot
Data Portability
Configuration and session data are stored in JSON format and can be:
- Backed up and restored
- Migrated to another machine
- Inspected with standard tools
Data Flow
Inbound Messages
Channel (WhatsApp/Telegram/etc.)
↓
Gateway (auth check, rate limit)
↓
Prompt Injection Check
↓
LLM Provider (OpenAI/Anthropic/etc.)
↓
Response Processing
↓
Tool Execution (if requested)
↓
Channel Response
Outbound Data
Data leaves the system in these cases:
- LLM API calls: Message content sent to configured provider
- Channel responses: Bot replies sent to messaging platforms
- Tool execution: Commands may access network resources
- Browser automation: Web requests as directed by user
Third-Party Services
LLM Providers
Moltbot integrates with:
- OpenAI (ChatGPT, GPT-4)
- Anthropic (Claude)
- Google (Gemini)
- Local models (Ollama)
Each provider has their own data handling policies. Review:
Messaging Platforms
Each connected channel has its own privacy implications:
- WhatsApp: End-to-end encrypted, but bot can read messages it receives
- Telegram: Bot API messages are not end-to-end encrypted
- Discord: Subject to Discord's terms and privacy policy
- Slack: Workspace-level data access policies apply
Consent Model
Explicit Consent Required For:
- Initial bot setup and configuration
- Connecting to messaging platforms
- Executing shell commands (approval mode)
- Pairing new authorized senders
Implicit Consent (by using the bot):
- Messages being processed by LLM
- Session data being stored locally
- Rate limiting and security logging
No Consent Possible (always active):
- Security controls (blocklists, rate limits)
- Prompt injection detection
- Credential encryption
Compliance Considerations
GDPR (if applicable)
- Right to access: Users can read their data directly
- Right to erasure: Delete data as documented above
- Data portability: JSON format enables export
- Processing records: Not maintained by default
Security Best Practices
- Credentials stored in system keychain when possible
- File permissions restrict access to owner
- Sensitive data encrypted at rest
- No telemetry or analytics by default
Changes to This Policy
This policy may be updated as features change. Significant changes will be noted in the changelog.
Last updated: 2026-01-27