Privacy
Policy
Aoraki is built on a simple principle: your data stays on your device unless you explicitly need cloud processing. This policy explains exactly what stays local, what leaves, and why.
1. Introduction & Scope
This Privacy Policy applies to the Aoraki hardware device, its pre-installed software (including the OpenClaw agent stack), optional cloud routing services, the Aoraki website, and any companion applications. It is operated by Aoraki Technologies ("we," "us," "our").
2. Information We Collect
We collect information in the following categories:
- Account Data: Email address, name, and payment information when you create an account or pre-order.
- Device Telemetry: Hardware health metrics (temperature, uptime, storage usage), firmware version, and error logs. This is opt-in and can be disabled entirely.
- Usage Analytics: Aggregate statistics on feature usage (e.g., number of local vs. cloud tasks) to improve the product. No conversation content is included.
- Payment Data: Processed by our payment provider. We do not store credit card numbers.
3. On-Device vs. Cloud Processing
This is the most important section of this policy.
What stays on your device (always):
- All conversation history and agent memory
- All personal files, documents, and data processed by agents
- Your preferences, context, and accumulated knowledge
- The local triage model and its routing decisions
What is sent to cloud models (only when needed):
- The specific query or task that requires a cloud model — not your stored data, not your history, not your full context
- Cloud requests are sent via encrypted connection (TLS 1.3) to the selected model provider (OpenAI, Anthropic, Google, Mistral, or others you configure)
What is never sent anywhere:
- Your raw files, documents, or personal data
- Your agent memory or conversation history
- Your local model's learned preferences
4. AI Data Processing & Model Training
We do not use your data to train AI models. Your conversations, files, and agent interactions are yours. They are stored locally on your Aoraki device and are not accessible to us.
When tasks are routed to third-party cloud model providers, those providers' own data policies apply. We select providers that do not train on API inputs by default (Anthropic, OpenAI API). You can review each provider's data policy in your Aoraki dashboard settings.
5. How We Use Your Information
We use the limited data we collect to:
- Process orders, manage your account, and provide customer support
- Deliver firmware updates (OTA) and security patches
- Improve product performance based on aggregate, anonymized telemetry (if you opt in)
- Send product updates and security notifications (you can opt out of non-critical communications)
- Comply with legal obligations
6. How We Share Your Information
We do not sell your personal data. We never have and never will.
We share data only with:
- Payment processors: To process purchases (e.g., Stripe)
- Cloud model providers: Only the specific query, only when cloud routing is required, only to the provider you've configured
- Hosting & infrastructure: For the Aoraki website and account management (not device data)
- Legal compliance: If required by law, subpoena, or court order
7. Data Retention & Deletion
On-device data: Stored indefinitely on your device until you delete it. You have full control. Factory reset erases everything.
Account data: Retained while your account is active. Upon account deletion, we remove your data within 30 days, except where legal retention is required.
Telemetry data: Anonymized and aggregated. Individual device data is not retained beyond 90 days.
8. Data Security
Your Aoraki device encrypts stored data at rest. All cloud communications use TLS 1.3. Your device is on your network, behind your firewall, under your physical control. We cannot remotely access your device or its contents.
9. Children's Privacy
Aoraki is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it.
10. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access, correct, or delete your personal data
- Export your data in a portable format
- Opt out of telemetry collection
- Withdraw consent for non-essential data processing
- Lodge a complaint with your local data protection authority
11. U.S. State Privacy Rights
If you are a California resident (CCPA/CPRA), you have additional rights including the right to know what data we collect, request deletion, and opt out of data sales. We do not sell personal data. For requests, email support@aoraki.xyz.
12. EEA/UK Rights (GDPR)
If you are in the EEA or UK, our legal bases for processing are: contract performance (order fulfillment), legitimate interest (product improvement via anonymized telemetry), and consent (marketing communications). You may contact our Data Protection Officer at support@aoraki.xyz.
13. International Data Transfers
Your device data stays on your device — no international transfer. Account and website data may be processed in the United States. We use Standard Contractual Clauses where required for cross-border transfers.
14. Changes to This Policy
We will notify you of material changes via email and a prominent notice on our website at least 30 days before they take effect.
15. Contact
All inquiries: support@aoraki.xyz