BroClaw is built on a single principle: you are the only one who ever touches your data. No accounts, no cloud sync โ your conversations and files run entirely on your machine.
Almost nothing. BroClaw does not operate a backend server and does not store any personal data. There is no company database that holds anything about you.
The one exception is anonymous visit analytics. We use Google Analytics on the landing page (broclaw.io) to count page visits and measure general engagement โ things like how many people open the app each day. Google Analytics is loaded only if you click Accept on the cookie banner. If you click Refuse, no analytics script runs at all.
Google Analytics does not have access to your conversations, your files, your API keys, or anything that happens inside the app. It sees only that a browser visited the page.
All app state โ your settings, API keys, chat history, skills, workspace files โ lives exclusively inside your browser's localStorage / IndexedDB and optionally in a folder on your own file system that you explicitly grant access to via the browser's File System Access API.
BroClaw is a client-side application. The only outbound network requests it makes are ones you directly initiate:
When you send a message, your conversation is sent directly from your browser to the AI provider you chose (Anthropic, OpenAI, Google, or a local Ollama instance). BroClaw never sits in the middle of that connection.
Your API keys are stored in your browser's localStorage, optionally encrypted and synced to your own workspace folder. They are:
api.anthropic.com)You can verify this by inspecting the network tab in DevTools โ you will see requests going to your provider, never to any broclaw.* domain.
BroClaw stores the following data locally on your device only:
None of this is ever synced to a cloud service by BroClaw. If you use a workspace folder, it is a regular folder on your hard drive โ under your full control.
To delete everything: clear your browser's site data for the BroClaw origin, and/or delete the workspace folder from your machine.
BroClaw contacts the following external services, depending on the features you use:
api.anthropic.com), OpenAI (api.openai.com), Google Gemini (generativelanguage.googleapis.com), or a local Ollama instance. BroClaw sends only the messages you compose, directly from your browser. Each provider has its own privacy policy.html.duckduckgo.com) and Brave Search (search.brave.com) are used when the agent searches the web. No API key is required. Neither service receives your chat history.api.allorigins.win) โ a public CORS proxy used to fetch web page content for the agent. Only the URL of the page being fetched is sent, never your messages or files.huggingface.co) โ used to download local AI models the first time you select one. After download, the model runs entirely in your browser via WebGPU. No data is sent to HuggingFace during inference.cdn.jsdelivr.net), unpkg, and esm.sh. Standard CDN access logs (IP, user-agent) may apply on the provider side.BroClaw does not share, sell, or transmit your data to any advertising network or data broker โ ever.
The BroClaw web app is hosted as a static site on Vercel. Vercel may collect standard web server access logs (IP address, user-agent, timestamp) when you load the app. These logs are governed by Vercel's Privacy Policy and are outside BroClaw's control.
Once the app loads in your browser, all processing is local. Vercel's servers are never involved in your conversations, file operations, or agent tasks.
BroClaw is a desktop AI tool intended for adult users. We do not knowingly collect personal data from anyone, including children. The only data collected โ anonymous visit counts via Google Analytics โ is not linked to any individual and requires cookie consent. If you are under 18, please use the app with a parent or guardian's approval.
If this policy changes materially, the "Effective" date at the top of this page will be updated. Since we don't hold your email, we can't notify you directly โ revisit this page if you want to stay current.
Have a question about this policy or want to understand how a specific feature handles data? Reach out via the contact details on the app's about page โ we'll give you a straight answer.
Your conversations, files, and API keys never touch our servers. The analytics we do collect โ anonymous visit counts โ require your explicit consent and can be refused at any time via the cookie banner.