🦐ShrimpHost
Features How It Works Pricing FAQ Get Started

Privacy Policy

Last updated: May 20, 2026 Effective date: May 20, 2026

This Privacy Policy explains how Phasor Labs Inc., the Canadian federal corporation that operates ShrimpHost ("ShrimpHost," "we," "us," or "our"), collects, uses, retains, and discloses personal information when you use our managed OpenClaw hosting service available at www.shrimphost.com (the "Service").

ShrimpHost is operated from Canada. Our handling of personal information is governed by the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian privacy laws.

Geographic eligibility. The Service is available to users located in Canada and the United States only. We do not knowingly accept users located in the European Economic Area, the United Kingdom, or Switzerland. See our Terms of Service for full eligibility requirements.

1. Summary (Plain English)

Before the details, here is what you actually need to know:

  • We collect what we need to run your agent — including your name, email, phone number, payment information, and everything your agent reads, writes, sees, says, or does on your behalf.
  • We may use this data to debug and improve the Service, including human review by our staff when necessary.
  • We will not sell your data, share it for advertising or marketing, or use it for any purpose other than operating and improving the Service.
  • We will not use your data to train, fine-tune, or otherwise incorporate it into any AI model — ours, the underlying LLM we use to operate the Service, or anyone else's.
  • If you want your data deleted, cancel your subscription — we will delete your instance and all associated data within 30 days of cancellation. We cannot delete this data while your account is active because the Service uses it to operate.
  • You can sign in with either a phone number or an email address. Consent to receive SMS is optional and only applies if you signed in with a phone number; without it, SMS-dependent features (replies over SMS, agent-initiated texts) won't be available, but the rest of the Service continues to work.

The rest of this document is the long-form version of the same.

2. Information We Collect

2.1 Information you give us directly

  • Account information: name, email address, mobile phone number, and account password.
  • Payment information: processed by Stripe — we receive billing metadata (last four digits of card, billing country, transaction status) but we do not store full card numbers or CVCs. Stripe's privacy practices apply to the payment data they handle; see stripe.com/privacy.
  • Communications: anything you send us through email, support tickets, or our messaging channels.

2.2 Information your agent generates or processes

When you use the Service, your OpenClaw instance generates, stores, and processes data on our infrastructure. This includes:

  • Agent memory — long-term context and notes your agent maintains across sessions.
  • User files — files you upload or that your agent creates, reads, or modifies on your instance.
  • Message logs — the full conversation history between you and your agent across all connected channels (SMS, Telegram, Discord, WhatsApp, Web UI).
  • Tool-call and browsing activity — records of code execution, terminal commands, browser sessions, web requests, scheduled cron jobs, and any other action your agent takes.
  • Connected channel credentials — API tokens or bot credentials you provide so that your agent can reach you on third-party platforms. These are stored encrypted and used solely to deliver your messages.
  • Skills and configurations you install or define on your instance.

We refer to the categories in section 2.2 collectively as your "Agent Data."

2.3 Information we collect automatically

  • Service telemetry: request timestamps, latency, token counts, error rates, crash logs, IP addresses, and similar operational metrics.
  • Cookies and website analytics on www.shrimphost.com — used for session management and basic usage statistics. We do not use advertising or tracking cookies.

3. How We Use Your Information

We use the information described above only for the following purposes:

  • To operate the Service — provisioning your instance, routing messages between you and your agent, executing your agent's actions, billing you, and providing customer support.
  • To debug, maintain, and improve the Service — including, where necessary, review by ShrimpHost staff of Agent Data (memory, files, message logs, tool-call and browsing activity) to diagnose bugs, investigate failures, and improve reliability and quality.
  • To communicate with you — service announcements, billing notices, security alerts, and responses to your support requests.
  • To enforce our Terms of Service and prevent abuse — including detecting unauthorized use, illegal activity, or attempts to harm our infrastructure or other users.
  • To comply with legal obligations — responding to lawful requests from authorities, retaining records required by Canadian law, and responding to valid legal process.

We do not process your information for any other purpose without your consent.

4. What We Do Not Do With Your Information

We make the following binding commitments:

  • We do not sell your personal information or your Agent Data to anyone, for any purpose.
  • We do not share your personal information or Agent Data with third parties for advertising, marketing, or analytics, including not with our service providers' affiliates.
  • We do not use your data to train, fine-tune, evaluate, or otherwise develop AI models — including any underlying LLMs we use to operate the Service, our own future models, or any third party's models.
  • We host the underlying LLMs on our own infrastructure. The specific model or models we use to operate the Service may change at our discretion; in every case, your prompts and the model's responses do not leave our infrastructure for the purpose of model inference, and we do not share your data with the model's publisher.

5. SMS and Mobile Messaging

ShrimpHost supports both phone-number and email sign-in. SMS messaging is an optional feature: you can use the Service entirely without SMS by signing in with email and reaching your agent through Telegram, Discord, WhatsApp, or our Web UI. If you sign in with a phone number, you may opt in to SMS messaging at signup or later from your dashboard. If you do not opt in (or you later opt out), SMS-specific features won't be available, but the rest of the Service continues to work. If you opt in to SMS, you agree to the following:

  • Programs covered. SMS messages from ShrimpHost include (a) account, billing, and security notifications from ShrimpHost, and (b) all messages your AI agent sends to you via SMS at your direction.
  • Message frequency. Recurring. Frequency varies based on how you use your agent — your agent may text you in response to your requests, on cron schedules you set up, or in response to events you configure.
  • Carrier charges. Message and data rates may apply. Check your mobile plan for details. ShrimpHost is not responsible for carrier fees.
  • Opt-out. You can opt out of SMS at any time by replying STOP to any message. You will receive one confirmation message and will not be sent further SMS. Opting out disables SMS-dependent features (replies over SMS, agent-initiated texts); the rest of the Service continues to work. You can opt back in at any time by replying START.
  • Help. Reply HELP to any message for support information, or contact us at contact@shrimphost.com.
  • Supported carriers. All major Canadian and US wireless carriers. Carriers are not liable for delayed or undelivered messages.
  • No sharing of mobile information for marketing. We do not share your mobile phone number, SMS opt-in status, or SMS message contents with any third party or affiliate for marketing or promotional purposes. This commitment is not overridden by anything else in this Policy. Mobile information is shared only with Twilio, the SMS aggregator that delivers messages on our behalf, and only for the purpose of delivering the messages you have requested.

Our SMS program is operated in compliance with the CTIA Messaging Principles and Best Practices and the A2P 10DLC framework.

6. Service Providers and Sub-Processors

We use a small number of third-party service providers to deliver the Service. Each is contractually bound to handle your information only as needed to provide their service to us, and not for their own purposes.

ProviderPurposeData shared
Stripe, Inc.Payment processingName, email, billing address, card details (collected directly by Stripe)
Google Cloud (Google LLC)Cloud hosting infrastructureAll Service and Agent Data, stored on encrypted volumes
Twilio Inc.SMS message deliveryYour phone number and SMS message content

When you connect your agent to a third-party messaging platform (Telegram, Discord, WhatsApp, etc.), your messages also pass through that platform's infrastructure and are subject to that platform's privacy practices. We are not responsible for those third parties' handling of your data on their own platforms.

We do not transfer your personal information outside of North America for processing.

7. Data Retention and Deletion

7.1 While your account is active

We retain your account information and Agent Data for as long as your account is active and as needed to provide the Service.

7.2 Upon cancellation

If you cancel your subscription, we will securely delete your instance and all associated Agent Data within 30 days of cancellation.

7.3 Upon deletion request

Because your Agent Data — agent memory, files, message logs, and tool-call history — is what the Service uses to operate your instance, we cannot delete this data while your account is active. Deleting it would render the Service inoperable.

To have your data deleted, cancel your subscription. We will then automatically delete your instance and all associated Agent Data within the 30-day window described in Section 7.2. If you want us to confirm completion or expedite within that window, email contact@shrimphost.com from the email address on your account.

If you wish to delete only specific files or memory entries while keeping your account active, you may do so yourself through your agent or the Service's file management interface.

7.4 Limited exceptions

We may retain a minimal set of records after deletion where required to (a) comply with a legal or tax obligation (e.g., transaction records for accounting purposes), (b) resolve disputes or enforce our agreements, or (c) defend against legal claims. Retained records are limited to what is strictly necessary for the stated purpose and are not used for any other reason.

8. Your Rights

Under PIPEDA and other applicable Canadian privacy laws, you have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete personal information.
  • Withdraw consent to our processing, subject to legal or contractual restrictions. Withdrawing SMS consent disables SMS-dependent features only; the rest of the Service continues to work.
  • Request deletion of your personal information by cancelling your subscription, as described in Section 7.
  • Export your Agent Data in a portable format.
  • File a complaint with us at contact@shrimphost.com, or with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

To exercise any of these rights, contact us at contact@shrimphost.com. We will respond within 30 days.

9. Security

We protect your information using industry-standard administrative, technical, and physical safeguards, including encryption in transit (TLS), encryption at rest, isolated per-user instances, access controls on our internal systems, and audit logging of staff access to Agent Data.

No security measure is perfect. If we become aware of a breach of security safeguards involving your personal information that creates a real risk of significant harm, we will notify you and the Office of the Privacy Commissioner of Canada as required by law.

10. Children

The Service is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you become aware that a child under 13 has provided us with personal information, please contact us at contact@shrimphost.com and we will take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email and through the Service at least 30 days before the changes take effect. The "Last updated" date at the top of this Policy indicates when it was most recently revised.

12. Contact

Questions, requests, and complaints under this Privacy Policy should be directed to our Privacy Officer:

Phasor Labs Inc.
Attn: Privacy Officer
Email: contact@shrimphost.com
A mailing address is available on request.
🦐ShrimpHost
Features Pricing FAQ About Terms Privacy www.shrimphost.com