We use analytics and marketing cookies to understand how Grip OS is discovered and used. No data leaves your device without consent. Cookie Policy

Back to Grip OS

Privacy Policy

Effective date: April 3, 2026

1. Introduction

Grip OS ("we," "our," or "us") operates the gripos.dev website and the Grip suite of applications (Grip Station, Grip Sentinel, Grip Tray, Grip Kernel, and upcoming products Grip Mobile and Grip Mail). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our products and services. Grip OS is an independent, privately developed product suite and is not affiliated with or endorsed by the OpenClaw project.

2. Data Controller

The data controller responsible for your personal data is:

AI LABS Group, LLC

333 Nelson St SW STE 16340

Atlanta, GA 30313

United States

Email: privacy@gripos.dev

GDPR Article 27 Notice: If you are located in the European Economic Area and wish to contact a local representative, please email privacy@gripos.dev and we will direct your inquiry appropriately. We are in the process of appointing a formal EU Representative pursuant to GDPR Article 27.

3. Information We Collect

Personal Information

When you sign up for our waitlist or create an account, we collect your email address and your marketing communication preferences (opt-in consent). If you purchase a subscription, we collect billing information processed securely through our payment provider. We collect only what is necessary to provide our services.

Usage Data

We collect anonymized usage analytics to improve our products. This includes feature usage patterns, performance metrics, and optional crash diagnostics. Crash reporting and product usage analytics are opt-in controls in the app. No personal conversations, AI interactions, or API keys are collected or stored on our servers.

API Keys

Grip OS uses a Bring Your Own Keys (BYOK) model. Your LLM provider API keys (OpenAI, Anthropic, Google, xAI, Mistral, etc.) are stored exclusively on your local device and are never transmitted to Grip OS servers. API calls are made directly from your device to the provider.

4. Local-First Architecture

Grip products are built with a local-first architecture. Your AI conversations, configuration data, and personal files are stored on your device in the ~/.gripos/ directory by default. Your data never leaves your machine unless you explicitly initiate an API call to an LLM provider using your own keys.

5. Cookies and Tracking Technologies

The gripos.dev website uses cookies and similar technologies (localStorage, sessionStorage) for analytics and marketing attribution. We implement Google Consent Mode v2 to ensure all tracking is consent-gated — no analytics or marketing data is collected until you explicitly grant consent via our cookie banner.

For a complete inventory of cookies used, their purposes, durations, and how to manage your preferences, please see our Cookie Policy.

6. Third-Party Services

We integrate with the following third-party services that may process your personal data:

  • LLM Providers — Anthropic, OpenAI, Google Gemini, xAI, Mistral, Ollama, MLX (via your own API keys; we have no access to these keys or your conversations)
  • Google Analytics 4 / Google Tag Manager — Website analytics and conversion tracking, activated only after you grant analytics consent
  • Supabase — Used for waitlist management and user authentication (hosted in us-east-1)
  • Resend — Transactional and marketing email delivery (processes email addresses)
  • Paddle — Subscription billing, tax handling, and payment processing for paid plans (merchant of record)
  • Sentry — Optional crash and error diagnostics when explicitly enabled
  • Helicone — Optional cost tracking for your LLM usage (anonymized)
  • Sparkle — Application update framework with EdDSA signature verification

7. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases as defined in GDPR Article 6(1):

  • Consent (Art. 6(1)(a)) — Waitlist signup, marketing email communications, analytics and marketing cookies. You may withdraw consent at any time.
  • Performance of a contract (Art. 6(1)(b)) — Processing necessary to provide subscription services, account management, and product delivery.
  • Legitimate interest (Art. 6(1)(f)) — Product improvement based on anonymized, aggregated usage data; fraud prevention; and ensuring network security. We have conducted a balancing test and determined that these interests do not override your fundamental rights, particularly given the anonymized nature of the data and the opt-in controls available.

8. How We Use Your Information

  • To provide, maintain, and improve our services
  • To send you product updates and launch announcements (only with your explicit marketing consent)
  • To respond to customer support requests
  • To process subscription payments
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

9. Data Sharing

We do not sell, rent, or trade your personal information. We do not share your personal data with third parties for their own marketing purposes. We share data only with the service providers listed in Section 6, who act as data processors on our behalf under appropriate data processing agreements.

10. International Data Transfers

Grip OS is operated from the United States. If you are located outside the United States, your personal data may be transferred to and processed in the US. Our third-party processors (Google, Supabase, Resend, Paddle) also process data in the United States.

For transfers of personal data from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on: (a) the EU-US Data Privacy Framework where applicable, (b) Standard Contractual Clauses (SCCs) as approved by the European Commission, and (c) processor-specific adequacy mechanisms. You may request a copy of the relevant transfer safeguards by contacting privacy@gripos.dev.

11. Data Security

We implement industry-standard security measures including encryption in transit (TLS 1.3) for all web communications. Local application data is protected by macOS security features including Keychain for sensitive credentials and sandboxing. Our Sentinel security engine provides tamper-evident audit logs using SHA-256 hash-chaining for all security-relevant operations.

12. Your Rights Under CCPA

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the sale of your personal information (we do not sell personal information)
  • Non-discrimination for exercising your privacy rights

To exercise these rights, contact us at privacy@gripos.dev. We will respond within 45 days.

13. Your Rights Under GDPR

If you are in the European Economic Area, United Kingdom, or Switzerland, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request erasure of your data ("right to be forgotten")
  • Restrict or object to processing of your data
  • Data portability — receive your data in a structured, machine-readable format
  • Withdraw consent at any time for consent-based processing
  • Lodge a complaint with your local supervisory authority

To exercise these rights, contact us at privacy@gripos.dev. We will respond within 30 days.

14. Data Retention

Waitlist data is retained until you unsubscribe or request deletion. Account data is retained for the duration of your subscription plus 30 days. Anonymized usage analytics are retained for up to 24 months. Consent audit logs are retained for 3 years to satisfy regulatory record-keeping requirements. You may request deletion of your data at any time.

15. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such data promptly.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notification at least 30 days before changes take effect. For processing activities based on your consent, material changes will require your renewed consent — we will not rely on continued use as acceptance. The effective date at the top of this page indicates when this version took effect.

17. Contact

For privacy-related inquiries, data access requests, or to exercise any of your rights described above, please contact us at privacy@gripos.dev.

AI LABS Group, LLC
333 Nelson St SW STE 16340
Atlanta, GA 30313
United States