tencent cloud

Cloud Virtual Machine

ドキュメントCloud Virtual MachineAgreementsTencent Cloud ClawPro Privacy Policy

Tencent Cloud ClawPro Privacy Policy

Download
フォーカスモード
フォントサイズ
最終更新日: 2026-07-15 17:58:54
Welcome to Tencent Cloud ClawPro ("ClawPro", the "Service")! This Privacy Policy explains the when, how, and why of the processing of personal information in connection with the Service, and sets out the choices and rights available in relation to that information. ClawPro is a cloud-based agentic AI product made available exclusively through the Tencent Cloud International platform at https://www.tencentcloud.com/.
For the purposes of data protection laws, the data controller of the personal information described in this Privacy Policy is Tencent Cloud International Pte. Ltd. ("TCI"), a Singapore-registered company located at 10 Anson Road, #21-07, International Plaza, Singapore 079903 ("we", "us", "our"). TCI is the Tencent group entity that operates the Tencent Cloud International platform. References in this Privacy Policy to the "TCI payment system" and "TCI billing system" mean the payment and billing systems operated within the Tencent group to support the Tencent Cloud International platform; these are internal Tencent group systems and not independent third parties.
ClawPro is provided to enterprise customers ("Customer(s)") for use by their staff such as their administrators and authorised end users ("User", "you" or "your"). This Privacy Policy applies to the personal information for which we act as the controller — that is, information we collect and determine the purposes and means of processing in order to operate the Service, manage accounts, process payments and billing, and maintain, secure and improve the Service.
Important — where we act as a processor. ClawPro operates on a "bring-your-own-key" (BYOK) basis and functions as an AI agent management platform. The content that the Customer and its Users submit to, and generate through, the Service — including prompts, queries, conversation history, uploaded files and documents used for agent context, AI-generated outputs, instant-messaging content exchanged through integrated channels, and the Customer's configuration settings ("Customer Content") — is stored on the Customer's own Cloud Virtual Machine (CVM) instance and is controlled by the Customer. In relation to Customer Content, we act as a data processor on behalf of the Customer, who is the controller. Our processing of Customer Content is governed by the Data Processing and Security Agreement (DPSA) entered into with the Customer, and not by this Privacy Policy. Please refer to that Customer's own privacy policy for information on how personal information contained in such Customer Content is processed.
If you do not agree to the processing of personal information as described in this Privacy Policy, please do not provide your information when requested and stop using the Service. By using the Service you acknowledge the processing described here and, to the extent required by the applicable law in your jurisdiction, you consent to the processing of your personal information as described in this Privacy Policy.

This Privacy Policy applies specifically to Tencent Cloud ClawPro. Because ClawPro is an agentic AI product that does not fall within any standard Tencent Cloud product category, this Privacy Policy is a standalone, product-specific notice and operates in addition to (and, in respect of ClawPro, prevails over) the Tencent Cloud International umbrella privacy policy to the extent of any conflict.
Relationship to the umbrella structure: Tencent Cloud International adopts a hybrid model in which an umbrella privacy policy(TCI as controller) and an umbrella DPSA (TCI as processor) cover products generally, supplemented by category-specific documents. As ClawPro cannot be assigned to a product category, this Privacy Policy — together with the ClawPro DPSA  — constitutes the ClawPro-specific privacy documents.

1. What is ClawPro?

Tencent Cloud ClawPro (OpenClaw Enterprise Edition) is a dedicated, cloud-based AI agent management platform built for enterprises. It enables the IT administrators to centrally deploy agent templates, provide model resource quotas, and monitor token consumption, so that the authorised end users can adopt AI agents and drive productivity at scale. Each Customer's deployment runs on an isolated Tencent Cloud Virtual Machine(CVM) instance.
ClawPro is an agentic AI product built on large language models ("LLMs") with autonomous planning and multi-step task execution capability. It connects to first- or third-party LLMs hosted by third parties, and to external tools and services via the Model Context Protocol("MCP") and Skills. ClawPro operates strictly on a BYOK basis: the Customer selects and supplies the LLM and its API keys, and ClawPro forwards prompts to, and returns responses from, the Customer-selected model provider. ClawPro does not itself select the model and does not use Customer Content to train any AI model.
ClawPro integrates natively with enterprise instant-messaging ("IM") platforms including Slack, WhatsApp, Microsoft Teams, Discord and Lark, subject to the Customer's and Users' own authorisation.
Warning:
When providing input to ClawPro, do not disclose personal information (whether your own or that of others) that is not necessary for the task. Any personal information included in prompts may be transmitted to and processed by the third-party LLM providers, Skills, MCP connectors and integrated applications selected by the Customer, and may be reproduced in outputs. We are not responsible for the processing of information by such third parties; please review their policies.

2. Children

The Service is intended for enterprise use and must not be used by children. By children, we mean individuals under the age of 18 (or, in a region where the minimum age for processing personal information differs, such different age). We do not seek nor knowingly collect personal information from children. If you believe we hold personal information of anyone under the applicable minimum age, please contact us as set out in Section 8(Contact).

3. How We Process Your Personal Information

This section describes the categories of User personal information we process as the controller, why we process it, and the legal basis on which we rely to the extent required by the data protection laws in your jurisdiction. Where the laws in your jurisdiction do not recognise the legal basis identified in the table below and consent is the only legal basis available, we will either seek consent from you directly during the sign-up process or rely on the consent obtained by our Customer on our behalf (to the extent your personal information is provided by the Customer to us).
Personal Information
Use
Legal Basis (where applicable)
Login and account information, and security credentials — including username, login password, User ID, email (if applicable), mobile number (if applicable), and identity information obtained via the Tencent Unified Identity platform (such as name, login username, mobile number, email, employee ID, department and position), together with enterprise name and enterprise logo. The specific information collected depends on what the Service actually obtains.
To create, authenticate and manage accounts for the Service, to enable Customer and User access without repeatedly importing enterprise information, and to operate and provide the Service.
Necessary to perform our contract with you to provide the Service.
We have a legitimate interest in securely administering and operating the Service.
We, and our Customer, have a legitimate interest in preventing unauthorised access, misconducts or abuse of the Service.
Payment information — cardholder name, expiration date, security code (CVV/CVC), payment ID; transaction records and order information (order number, amount, payment date/time, referral rewards if applicable); payment channel details (payment method type and payment status); and payment verification records (3DS/OTP status).
To manage payments, settlements and transactions for the Service. Payment data is processed through the TCI payment system — an internal Tencent group system — and is not disclosed to external payment vendors.
We have a legitimate interest in ensuring sound operation of our business through efficient and accurate processing of payments.
Billing and consumption information — billing account identifier; settlement status (paid, unpaid, overdue); invoice information (invoice title, tax ID, invoicing status); subscription and plan details (subscription period, renewal plan, plan type); and consumption/usage data (AI agent creation records, console dashboard records).
To manage billing accounts, settlements and invoicing, to manage subscriptions and service plans, and to track usage. Some of this information is processed through the TCI billing system — an internal Tencent group system — and is not disclosed to external payment vendors.
Necessary to perform our contract with you to provide the Service.
To perform the legal obligations imposed on us (such as accounting, tax and audit obligations).
We have a legitimate interest in ensuring sound operation of our business through accurate billing and service management.
Diagnostic and usage data — device information (device model and brand, operating system and version, browser type and version, screen resolution, system language and time zone); network information (IP address, network type, carrier if applicable); and log information (access time, operation type, request records, error logs, crash records, and performance metrics such as API response time and error rate).
To ensure compatibility, to provide security protection and access control, to conduct security audits, to monitor the performance and quality of the Service, to detect and identify errors and bugs, to troubleshoot, and to improve and optimise the Service.
Necessary to perform our contract with you to provide the Service.
To perform the legal obligations imposed on us (such as cyber/data security obligations).
We have a legitimate interest in maintaining, securing and improving the Service.
We, and our Customer, have a legitimate interest in protecting the data assets of our Customers.
Compliance records — consent and withdrawal records, data deletion and export request records, and any other personal information required to be retained or disclosed pursuant to applicable laws, regulations, court orders or government requests.
To comply with applicable legal obligations, respond to regulatory requests, and fulfil data subject rights.
To fulfil our legal obligations.
 
Any data categories stated above, as the case may be.
To establish, exercise or defend our legal rights, including against legal claims and liabilities that involve us or other Tencent affiliates.
We have a legitimate interest in protecting ourselves against legal claims.

A note on Customer Content (processor role)

The prompts, queries, conversation history, uploaded documents used for agent context, AI-generated outputs, IM message content, and configuration settings that you submit or generate through the Serviceare Customer Content. This is stored on the Customer's own CVM instance and is controlled by the Customer. We process it only as a processor on the Customer's instructions under the DPSA. This Privacy Policy does not govern that processing. ClawPro forwards Customer Content to the Customer-selected LLM provider for inference and does not use it to train any AI model.

Cookies

ClawPro is made available through the Tencent Cloud International platform. The use of cookies and similar technologies on that platform is governed by the Tencent Cloud International umbrella Privacy Policy and the Tencent Cloud International Cookies Policy published on the same site, which apply to your use of ClawPro. Please refer to those documents for details of the cookies used and the choices available to you.

4. How We Store and Share Your Personal Information

Where we store your information: The personal information described in Section 3 is stored on Tencent Cloud infrastructure within one of the launch regions of the Service: Singapore, Hong Kong, Thailand and Indonesia. Customer Content resides on the Customer's own CVM instance within these regions.

Global support and remote access: We have global support, engineering and other teams which support the Service, including personnel located in the mainland of the People's Republic of China ("PRC", and for the purposes of this Privacy Policy, excluding Hong Kong and Macau Special Administrative Regions and Taiwan region). Our first-line troubleshooting is handled by TCI's customer support team in the launch regions (which includes personnel based within or outside your home jurisdiction); the PRC-based R&D team is engaged only for complex technical issues. Where remote access by the PRC R&D team is necessary, only the limited data required for troubleshooting is accessed. Personal information is stored in Singapore, Hong Kong, Thailand and Indonesia, and is not transferred back to the PRC, save for limited remote access strictly necessary for troubleshooting.

Safeguards: Where personal information is transferred across borders or remotely accessed from another jurisdiction, we implement safeguards required by applicable law, including reliance on Tencent Cloud International'sintra-group data transfer agreement incorporating the applicable standard contractual clauses (SCCs), transfer impact assessments, data processing agreements with third-party processors, and other contractual safeguards.

Processing within the Tencent group: Payment and billing information is processed through the TCI payment system and TCI billing system, and identity and authentication are provided through the Tencent Unified Identity (Tencent OneID) platform. These are systems operated within the Tencent group to support the Tencent Cloud International platform. Processing by these systems is internal Tencent group processing and does not constitute disclosure of your personal information to an external service provider. All such Tencent group systems may only use your personal information in accordance with this Privacy Policy.
We share personal information with third parties in the following situations:
Regulators, judicial authorities and law enforcement. There are circumstances in which we may be legally required to disclose personal information, such as to comply with legal obligations or processes.
Safety, security and compliance. We may disclose personal information to (a) enforce our terms; (b) detect, prevent or address security, fraud or technical issues; or (c) protect the rights, property or safety of us, our users, a third party or the public, as required or permitted by law.
Professional advisors. We may disclose personal information to auditors, law firms or accounting firms.
Corporate transactions. We may disclose personal information if we sell, transfer, merge, consolidate or reorganise any part of our business.
LLM providers, Skills, connectors and IM platforms: Because ClawPro operates on a BYOK basis, the LLM providers, Skills, MCP connectors and IM platforms (Slack, WhatsApp, Microsoft Teams, Discord, Lark) used with the Service are selected and authorised by the Customer and its Users. When you choose to use them, Customer Content may be shared with those third parties based on your own selection and authorisation, and processing by those third parties is governed by their own privacy policies. See Section 9.

5. The Security of Your Personal Information

We adopt technical and organisational measures to protect personal information, including:
transfer security: all data is transmitted over HTTPS/TLS encrypted channels;
storage security: data is stored on Tencent Cloud CVM within the launch-region data centres, using a multi-tenant network isolation architecture in which each enterprise's AI assistant runs on an isolated cloud server instance;
access control: firewalls, port stealth, access control measures, and security-group (inbound/outbound network rule) configuration;
AI safeguards: a four-layer AI defence-in-depth approach comprising security auditing, permission control, network isolation and sensitive-content detection; and AIGC labelling (explicit and implicit labels) added to generated content;
organisational measures: dedicated information-security management systems, processes and teams; strict limitation of personnel access; confidentiality obligations and staff review; regular security education and training; and early-warning mechanisms and incident response plans, including breach reporting and notification obligations under applicable law; and
access rights management: identity authentication via the Tencent Unified Identity platform; enterprise administrators manage member permissions and operation traceability (management operation logs) via the admin console; business data is stored on the enterprise's own CVM, with access rights controlled by the enterprise.
Unfortunately, transmission of information via the internet is not completely secure. Although we implement and maintain reasonable measures to protect your personal information, we cannot guarantee the security of information transmitted via the internet; any transmission is at your own risk.

6. Data Retention

We do not keep personal information for longer than necessary to fulfil the purposes described above, unless we are required or permitted to retain it under applicable law. The periods below are maximum retention periods (i.e. we retain the relevant information for no longer than the stated period); we may delete or anonymise it sooner where it is no longer needed. The retention periods below apply to the personal information for which we act as controller. Retention of Customer Content is addressed in the DPSA.
Personal Information
Retention Period
Login and account information, and security credentials
Retained for as long as the account is maintained. Upon account deletion, deleted or anonymised within 1 year after the account/service is terminated.
Payment information
Payment IDs: retained for as long as the account remains active; deleted within 30 days of account deletion. Transaction records: retained for the duration of the account; deleted within 1 year after the account/service is terminated.
Billing and consumption information
Retained for up to 1 year after the account/service is terminated.
Diagnostic and usage data
Retained for up to 1 year after the account/service is terminated.
Compliance records
Retained for no longer than is necessary to fulfil the applicable legal obligations.

7. Your Rights

Depending on where you are located, you may have some or all of the following rights in respect of your personal information. Some rights only apply in certain circumstances. You can exercise certain rights directly through your account or the user console; otherwise you can exercise them (including erasure and relevant opt-outs) by contacting us using the details in Section 8 (Contact). Enterprise administrators may also perform User management and configuration management via the admin console, and authorised end users may access, copy, correct, delete, deregister or withdraw consent via the user console.
Access: You have the right to access the personal information we hold about you, how we use it, and who we share it with.
Portability: You may have the right to receive a copy of certain personal information we process about you in a structured, commonly-used and machine-readable format.
Correction: You have the right to correct inaccurate personal information we hold about you.
Erasure: You may be able to delete your account or remove certain personal information via the user console or by requesting erasure from us. The Service also provides an option to delete the User's account within the application.
Restriction: You may have the right to require that we stop processing your personal information (other than for storage in certain circumstances).
Objection: You may have the right to object to our processing in certain situations.
Consent withdrawal: To the extent provided by applicable law, you may withdraw consent you previously provided by contacting us. Where consent is required and you do not consent or withdraw it, we may be unable to deliver the expected Service.
You also have the right to lodge a complaint with us, and with the relevant data protection authority in the jurisdiction where you live or work.

8. Contact

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us in the first instance at:
Email: cloudlegalnotices@tencent.com
We will endeavour to deal with your request as soon as possible. This is without prejudice to any right you may have to lodge a complaint with a data protection authority in the jurisdiction where you live or work.

9. Third-Party Websites, LLMs, Skills and Connectors

The Service allows the Customer and its Users to select and integrate third-party LLM providers (via BYOK), Skills, MCP connectors, and IM platforms (Slack, WhatsApp, Microsoft Teams, Discord, Lark). These integrations are enabled at the Customer's and Users' own selection and authorisation.
LLM providers:  conversation content is transmitted via ClawPro to the Customer-selected model provider for processing and is handled independently by that provider under its own privacy policy and terms. Before adding an LLM provider, Users are informed (via an in-product pop-up) that doing so will share data with that third party.
IM platforms:  necessary identity identifiers and message content are shared with the relevant platform to enable channel access. Before enabling an integration, Users are redirected to the relevant third-party application to provide authorisation.
Skills and connectors: Users may install first-party and third-party Skills and connectors. Skills are subject to a governance framework (security review, code review/static analysis, signing and verification, vulnerability scanning, and annual review). Connectors configured by Users are used at the User's own risk; before linking, Users are informed of the personal information the connection will access and the third party's privacy practices, and of potential sensitive-data disclosure risks.
We are not responsible for the privacy or security practices of third parties. Our inclusion of links or integration options does not imply endorsement. Please review the applicable third-party policies and terms. To revoke an integration, Users can remove the provider or revoke ClawPro's authorisation in the relevant third-party application, or contact us at cloudlegalnotices@tencent.com to submit a withdrawal request.

10. Changes

If we make changes to this Privacy Policy, we will post the updated Privacy Policy here and notify you in accordance with relevant legal requirements, including through an in-product pop-up notice.

11. Language

Except as otherwise prescribed by law, in the event of any discrepancy or inconsistency between the English version and a local-language version of this Privacy Policy, the English version shall prevail.

12. Jurisdictional Addendum

The Service is initially made available in Singapore, Hong Kong, Thailand and Indonesia. The following supplements apply to the extent relevant to those launch jurisdictions.

Singapore

TCI is established in Singapore. We process personal information in accordance with the Personal Data Protection Act 2012 (PDPA). You may contact us at cloudlegalnotices@tencent.com regarding access, correction and withdrawal of consent, and you may lodge a complaint with the Personal Data Protection Commission (PDPC).

Hong Kong

We process personal data in accordance with the Personal Data (Privacy) Ordinance (PDPO). You may exercise your data access and correction rights by contacting us at cloudlegalnotices@tencent.com, and may lodge a complaint with the Office of the Privacy Commissioner for Personal Data (PCPD).

Thailand

We process personal data in accordance with the Personal Data Protection Act B.E. 2562 (2019) (PDPA). Please include the word "Thailand" in the subject line of any request sent to cloudlegalnotices@tencent.com. You may lodge a complaint with the Personal Data Protection Committee.

Indonesia

We process personal data in accordance with Law No. 27 of 2022 on Personal Data Protection (PDP Law). You may exercise your rights, including access, correction, and deletion, by contacting us at cloudlegalnotices@tencent.com.

ヘルプとサポート

この記事はお役に立ちましたか?

フィードバック