Privacy Policy

Effective date: March 1, 2026 · Last updated: March 13, 2026

Mechanic Bot ("Service", "we", "us") is operated by Mountain Grown Media LLC. This policy explains what data we collect, why we collect it, and what we do with it.

Short version: We collect the minimum data needed to operate the service. We don't sell your data. We don't read your bot conversations.

1. Data We Collect

Data	Why we collect it	Retention
Email address	To send repair alerts, account notifications, and billing receipts	While your account is active + 30 days after cancellation
Telegram chat ID	To send repair alerts to your personal Telegram account (if you link it)	While your account is active
Billing data	Managed by Stripe. We store only your Stripe Customer ID and subscription status.	As required by Stripe's retention policy
Repair logs	To show your repair history and help debug issues	90 days
System diagnostics	CPU, memory, disk usage — collected during repairs only	Not stored long-term; used transiently during repair sessions
Agent audit trail	Record of all commands sent to your agent (what Mechanic did and when)	90 days
Bot name / hostname	To identify your agent in dashboard and notifications	While your account is active
IP address	Rate limiting, abuse prevention. Not logged to permanent storage.	Session only (not persisted)
Analytics (if enabled)	Aggregate page analytics via GA4. No personally identifying info sent to Google.	Per Google's retention settings (26 months default)

2. What We Do NOT Collect

Your Telegram bot conversations — We never read or store your users' messages to your bot
Your Telegram bot token — The agent detects its presence but never sends it to our hub
OpenRouter API keys or other credentials — Same: presence detected, value never transmitted
Files outside OpenClaw's directory — We only access OpenClaw configuration, logs, and service status
Passwords — We never ask for system passwords; we use SSH keys or signed tokens for access

3. How We Use Your Data

Send repair notifications (Telegram / email / macOS native)
Show your repair history and agent status in the dashboard
Provide automated repair capabilities to your Mechanic agent
Send transactional emails (billing, trial reminders, welcome messages)
Improve the service based on aggregate usage patterns

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Third-Party Services

Stripe — Payment processing. Your payment data is handled by Stripe, not us. Stripe Privacy Policy ↗
Resend — Transactional email delivery. Only your email address and message content are shared. Resend Privacy Policy ↗
Telegram — Push notifications (if you link Telegram). Your chat ID is used to send messages. Telegram Privacy Policy ↗
Google Analytics 4 — Website analytics (aggregate, anonymized). No cross-site tracking enabled.

We host our hub server on Hetzner Cloud (Germany/Finland). Data may transit through Hetzner's infrastructure in the EU.

5. Data Security

All agent-to-hub communication is encrypted with TLS. PTY sessions use Ed25519 signatures (the agent rejects unsigned commands). Signing keys are stored in a secrets manager, not on disk. Our hub runs on hardened Linux with fail2ban, UFW, and unattended security updates.

6. Your Rights

You have the right to:

Access — Request a copy of the data we hold about you
Correction — Ask us to correct inaccurate data
Deletion — Ask us to delete your data (we'll retain what's legally required)
Portability — Request your repair log as a CSV (available via your dashboard)
Opt-out — Disable specific notification types in your account settings

To exercise these rights, email privacy@mechanicbot.io.

7. Cookies

We use localStorage (not cookies) to store your session token in the dashboard. We do not use third-party tracking cookies. Analytics use anonymized identifiers only.

8. Children

The Service is not directed at users under 16. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us for immediate deletion.

9. Changes to This Policy

We may update this policy. Material changes will be communicated via email. The "Last updated" date at the top always reflects the current version.

10. Contact

Privacy questions: privacy@mechanicbot.io · General contact: contact form

Mountain Grown Media LLC · mechanicbot.io