How DoneClaw Keeps Your AI Data Private

Why AI Data Privacy Matters in 2026

AI agents are becoming deeply integrated into daily life. They read your emails, manage your calendar, track your finances, and remember your preferences over months of interaction. The data an AI agent accumulates about you is more comprehensive than what any single app collects — it is a detailed profile of your habits, decisions, and private thoughts.

Most AI services operate on shared infrastructure. Your prompts sit alongside millions of other users' data on the same servers, processed by the same models, and sometimes retained for training purposes. OpenAI's default data policy, for example, retains API conversations for 30 days. Google's Gemini conversations may be reviewed by human annotators. This shared model creates real risk: data breaches expose millions of users at once, and your private information may end up in training data that influences outputs for other people.

DoneClaw takes a fundamentally different approach. Every user gets their own dedicated Docker container running on isolated infrastructure. There is no shared database of conversations, no multi-tenant server where your data mingles with other users' data, and no retention of your conversations by DoneClaw itself.

Dedicated Containers — Your Own Private Server

The foundation of DoneClaw's privacy model is per-user container isolation. When you subscribe, DoneClaw provisions a dedicated Docker container just for you. This container runs its own instance of the OpenClaw AI agent with its own configuration, memory store, and skill library.

Your container is not a virtual partition on a shared server — it is a fully isolated Linux environment with its own process space, network stack, and filesystem. Other users' containers cannot see your processes, read your files, or access your network traffic. Even if another container on the same host were compromised, Linux kernel namespaces prevent any cross-container access.

This is the same isolation technology used by major cloud providers like AWS, Google Cloud, and Azure to separate customer workloads. The difference is that DoneClaw applies it at the individual user level, not at the enterprise level. Every single subscriber gets the same level of isolation that Fortune 500 companies pay for.

• Each user gets a dedicated Docker container with its own process namespace
• Containers cannot see or access each other's files, memory, or network traffic
• Linux kernel namespaces enforce isolation at the operating system level
• Container compromise does not propagate to other users

Data Isolation — Nothing Shared, Nothing Leaked

Beyond container isolation, DoneClaw ensures your data never leaves your private environment. Your AI agent's memory — the accumulated context from all your conversations, preferences, and stored information — lives in a Docker volume mounted exclusively to your container.

This volume is not a shared filesystem. It is a dedicated block of storage that only your container can read from or write to. When your agent remembers that you prefer morning meetings or that your project deadline is next Thursday, that information exists only in your volume. DoneClaw's backend infrastructure never reads, indexes, or processes your agent's memory.

The chat proxy route on DoneClaw's backend forwards your messages to your container and streams responses back. Messages pass through the proxy in transit but are not stored, logged, or retained on the backend. The proxy is a stateless relay — once the response is delivered, no trace of the conversation remains on DoneClaw's servers.

• Agent memory stored in dedicated Docker volumes per user
• No shared filesystem between users
• Backend proxy is stateless — messages are relayed, not stored
• No conversation logs retained on DoneClaw infrastructure

HTTPS Everywhere — Encrypted in Transit

Every connection in the DoneClaw stack is encrypted with TLS. When you send a message from the iOS app or web interface, it travels over HTTPS to DoneClaw's backend API. The backend then communicates with your container over an encrypted gateway connection using wildcard SSL certificates.

The gateway architecture uses subdomain-based routing with a wildcard TLS certificate covering *.gateway.doneclaw.com. Each container gets its own subdomain, and all traffic is encrypted end-to-end. There is no plaintext hop anywhere in the chain — from your device to the backend, from the backend to your container, and from your container to the AI model provider.

API keys for model providers like OpenRouter are stored in your container's configuration file, not in a shared database. When your agent makes an inference request, the API key travels directly from your container to the provider over HTTPS. DoneClaw's backend never sees or handles your provider API keys if you use the bring-your-own-key option.

Zero Data Retention Policy

DoneClaw does not retain your conversation data. Period. The backend proxy processes messages in memory and streams responses in real time. Once a response is fully delivered, the message content is gone from DoneClaw's infrastructure.

Usage logging tracks token counts and costs for billing purposes — not message content. Your usage record shows that you used 1,500 tokens on March 10th, not what you asked or what the agent replied. This is the minimum data needed to enforce fair usage limits and generate billing records.

If you cancel your subscription, your container and its associated volume are cleaned up. There is no archive of your conversations sitting in a backup somewhere. When it is deleted, it is deleted. DoneClaw does not maintain shadow copies, cold storage backups of user content, or any other retention mechanism for conversation data.

• Messages processed in memory, not written to disk on backend servers
• Usage logs track token counts and costs only — never message content
• Container and volume deletion on cancellation is permanent
• No shadow copies, backups, or archives of conversation content

How DoneClaw Compares to Other AI Services

Understanding DoneClaw's privacy model is clearer when compared to the alternatives. ChatGPT Plus runs on shared infrastructure where OpenAI retains conversations for up to 30 days by default and may use them for model improvement unless you opt out. Claude Pro conversations are retained for safety evaluation. Google Gemini Advanced conversations may be reviewed by human annotators.

Self-hosted solutions like running your own OpenClaw instance offer maximum privacy, but require significant technical expertise to set up secure networking, certificate management, container isolation, and regular security updates. Most self-hosters skip some of these steps, leaving their data exposed on open ports or unencrypted connections.

DoneClaw occupies the sweet spot: you get the privacy benefits of a dedicated, isolated environment with the convenience of a managed service. All the networking, encryption, container isolation, and security hardening is handled for you. You get a private server without having to be a server administrator.

What Data DoneClaw Does Collect

Transparency means being honest about what data is collected, not just what is not. DoneClaw collects the following for service operation:

Your email address and authentication credentials are stored in the user database for account management. Your subscription tier and billing status are tracked for payment processing. Token usage counts are logged per request for billing and rate limiting. Container metadata — ID, port, and health status — is stored for provisioning and management.

None of this includes conversation content, agent memory, skill configurations, or any data from inside your container. The data DoneClaw collects is the minimum required to authenticate you, bill you, and keep your container running. Everything else stays inside your private environment.

• Email and auth credentials — account management
• Subscription tier and billing status — payment processing
• Token usage counts — billing and rate limits
• Container metadata — provisioning and health monitoring
• Nothing from inside your container is collected or accessed

Verifying Privacy Claims Yourself

DoneClaw's architecture is built on open-source components, which means you can verify these privacy claims independently. The OpenClaw agent running inside your container is open source — you can inspect its code to confirm it does not phone home or exfiltrate data.

If you are technically inclined, you can monitor your container's network traffic to verify that it only communicates with your configured model provider and the DoneClaw gateway. There are no hidden connections to analytics services, telemetry endpoints, or third-party data brokers.

The DoneClaw backend API routes are documented in the project's API documentation. The proxy route code shows exactly how messages are relayed without retention. You do not have to take our word for it — the architecture is inspectable and verifiable.

Conclusion

DoneClaw's privacy model is not a marketing claim — it is an architectural decision baked into every layer of the system. Dedicated containers ensure your data never shares space with other users. Docker volumes keep your agent's memory private. HTTPS encryption protects data in transit. And a zero-retention policy means your conversations exist only in your container, nowhere else. If data privacy is a priority for your AI usage — and it should be — DoneClaw gives you the isolation of self-hosting with the convenience of a managed service.

Frequently asked questions