Privacy Policy

Effective Date: 16 March 2026 Last Updated: 17 March 2026

This Privacy Policy has been revised for alignment with applicable Indian law, including the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and applicable rules thereunder, as each may be amended from time to time.

1. Introduction

This Privacy Policy explains how Andromeda Intelligence Private Limited ("Andromeda Intelligence," "we," "us," or "our") collects, uses, discloses, stores, transfers, and protects personal data in connection with Cygnus AI Prime ("Cygnus AI Prime" or the "Services").

Cygnus AI Prime is a managed hosting and deployment service for OpenClaw-based environments. We provide hosted infrastructure, managed setup, configuration adjustments, usability improvements, operational support, and related services to help customers run and manage their OpenClaw instances more easily and securely. We may also enable or support integrations with third-party services as part of the Services.

By using the Services, you acknowledge that you have read and understood this Privacy Policy. Where required by applicable law, we will seek consent or provide notice in the manner required under applicable law before processing personal data.

2. Scope

This Privacy Policy applies to personal data collected through:

  • the Cygnus AI Prime website and platform;
  • account registration and administration;
  • managed hosted instances and related services;
  • support, onboarding, and communications;
  • integrations with third-party services;
  • product analytics, security monitoring, and operational tooling; and
  • any other interactions you have with Andromeda Intelligence in connection with Cygnus AI Prime.

This Privacy Policy does not apply to:

  • third-party products, websites, or services not controlled by us;
  • self-hosted or independently operated OpenClaw deployments outside our managed environment; or
  • data practices of our customers in relation to their own end users, except where we act on the customer’s behalf as a processor or service provider.

3. Our Role

Depending on the context, Andromeda Intelligence may act as:

  • a controller / data fiduciary of personal data, where we determine the purposes and means of processing for our own business operations, such as account administration, billing, analytics, security, and support; or
  • a processor / service provider / data processor, where we process data on behalf of a customer in order to provide the Services.

If you interact with a hosted instance, workflow, or agent operated by one of our customers, that customer may be primarily responsible for how your data is handled, including providing any required notice and obtaining any required consent from you.

4. Information We Collect

A. Account and Business Information

We may collect the following categories of information:

  • name
  • email address
  • phone number
  • company name
  • billing contact details
  • account credentials
  • workspace or organization information

B. Billing and Transaction Information

Payment processing may be handled by third-party processors. We generally do not store full payment card details ourselves.

We may collect the following categories of information:

  • subscription details
  • invoices
  • payment-related records
  • billing address
  • transaction history

C. Usage and Technical Information

We may collect the following categories of information:

  • IP address
  • browser type
  • device information
  • operating system
  • login events
  • session activity
  • feature usage
  • API requests
  • error logs
  • performance diagnostics
  • audit and operational logs

D. Hosted Service and Configuration Data

Because Cygnus AI Prime is a managed OpenClaw hosting service, we may process data associated with:

  • hosted instance setup
  • configuration files and settings
  • managed modifications made to improve usability, operability, or security
  • workspace metadata
  • operational state and deployment information
  • logs needed to maintain and support the Services

E. Content and Customer Data

Depending on how customers use the Services, we may process:

  • prompts and instructions
  • uploaded files and documents
  • messages and workflow content
  • agent-related inputs and outputs
  • configuration content
  • integration-synced data chosen by the customer

F. Integration Data

If you enable third-party integrations, we may collect or process the following categories of data. Some integrations may be operated, powered, or facilitated by third-party providers.

  • access tokens or authentication metadata
  • account identifiers
  • metadata from connected services
  • data transmitted to or from those services at your direction

G. Analytics and Product Improvement Data

We may use product analytics tools, including tools such as PostHog, to understand how users interact with the Services, improve usability, measure feature adoption, troubleshoot issues, and improve performance.

We may collect the following categories of information:

  • page views
  • clicks
  • session events
  • feature usage patterns
  • device and browser metadata
  • approximate region data
  • referral or campaign data

H. Communications

We may collect the following categories of information:

  • support requests
  • emails
  • feedback
  • surveys
  • chat or customer service interactions

I. Cookies and Similar Technologies

We may use cookies, local storage, pixels, and similar technologies for:

  • authentication
  • remembering preferences
  • analytics
  • security
  • fraud prevention
  • performance monitoring

5. Legal Basis / Grounds of Processing

Subject to applicable law, including the Digital Personal Data Protection Act, 2023, we process personal data on one or more of the following grounds:

  • with your consent or the consent of an authorised user acting for a customer account;
  • for specified lawful purposes connected with providing the Services you request;
  • for uses permitted or recognised under applicable law, including certain legitimate uses recognised by law;
  • to comply with legal obligations, court orders, lawful requests, or regulatory requirements; and
  • to protect the security, integrity, and availability of the Services, our systems, customers, users, and the public, where permitted by law.

Where consent is the basis of processing, you may withdraw consent in accordance with applicable law. Withdrawal of consent will not affect the lawfulness of processing completed before such withdrawal and may affect our ability to provide some or all of the Services.

6. How We Use Information

Providing the Services

  • creating and managing accounts
  • provisioning and maintaining hosted environments
  • applying managed configurations and service improvements
  • enabling requested features and integrations
  • supporting customer operations

Operating and Securing the Platform

  • monitoring uptime, reliability, and performance
  • preventing fraud, abuse, misuse, and unauthorized access
  • debugging errors and maintaining service integrity
  • enforcing policies and contractual terms

Analytics and Product Improvement

  • understanding product usage
  • improving workflows, onboarding, and usability
  • measuring feature adoption
  • diagnosing technical issues
  • planning product improvements

Customer Support and Communications

  • responding to support requests
  • sending service notices and operational updates
  • onboarding users
  • communicating about accounts, subscriptions, incidents, or material policy changes

Billing and Administration

  • processing payments and subscriptions
  • maintaining records
  • managing contracts and invoices
  • complying with tax and accounting obligations

Legal Compliance

  • complying with applicable law, legal process, and lawful requests
  • protecting our rights, systems, users, and business

7. We Do Not Sell Personal Data

We do not sell personal data. We do not exchange personal data for money. We also do not share personal data with third parties for their own independent advertising purposes in a manner that would constitute a sale of personal data under applicable law, unless we clearly disclose it and are legally permitted to do so.

8. How We Share Information

A. Service Providers and Vendors

We may share data with vendors and service providers that help us operate the Services, including providers of:

  • cloud infrastructure and hosting
  • analytics
  • authentication
  • payment processing
  • communications
  • logging, monitoring, and error tracking
  • customer support tooling

B. Third-Party Integrations

If you connect or use third-party integrations, data may be shared with those services as necessary to provide the functionality you request.

C. Subprocessors and Infrastructure Partners

Because Cygnus AI Prime is a managed hosting service, we may use third-party subprocessors or infrastructure partners to host customer environments, support integrations, store data, and maintain the platform.

D. Legal and Safety Reasons

We may disclose information where necessary to:

  • comply with law or legal process
  • respond to lawful government requests
  • protect our rights, property, and systems
  • investigate security incidents, fraud, or abuse
  • protect the safety of users or others

E. Business Transfers

We may disclose information in connection with a merger, financing, acquisition, reorganization, sale of assets, or similar transaction.

F. With Your Direction

We may share information where you instruct us to do so or otherwise consent.

Where required, we implement contractual, organisational, or technical safeguards for third parties handling personal data on our behalf.

9. Customer Responsibilities

Customers are responsible for ensuring that they have an appropriate legal basis, including any required notices and consents, for personal data they submit to the Services or cause us to process on their behalf. Customers are also responsible for their own prompts, datasets, integrations, workflows, exposure of agents to third-party or public data sources, and configuration changes not made by us.

Where we act only on a customer’s instructions, the customer remains responsible for determining whether the processing is lawful and for responding to end-user rights requests, except to the extent applicable law or our contract requires our assistance.

10. Data Retention

We retain personal data for as long as reasonably necessary to:

  • provide the Services;
  • maintain account records;
  • support hosted instances;
  • comply with legal, tax, accounting, contractual, and regulatory obligations;
  • resolve disputes;
  • enforce our agreements; and
  • maintain security, backup, and audit records.

Retention periods depend on the type of data, the nature of the customer relationship, our contractual commitments, legitimate business needs, and legal or operational requirements. When data is no longer needed, we will delete, anonymise, de-identify, or securely archive it, as appropriate and subject to applicable law.

11. Data Security

We implement reasonable technical, administrative, and organisational safeguards designed to protect personal data, taking into account the nature of the information and the risks involved. These measures may include:

  • access controls;
  • authentication controls;
  • encryption in transit and, where appropriate, at rest;
  • infrastructure hardening;
  • logging and monitoring;
  • backups and recovery processes; and
  • incident response procedures.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. To the extent applicable, our security practices are intended to be consistent with the Information Technology Act, 2000 and applicable rules relating to reasonable security practices and procedures.

12. International Data Transfers

Your data may be processed in countries other than your own, including countries where our service providers or infrastructure partners operate. Where required by applicable law, we take reasonable steps and appropriate safeguards intended to ensure that personal data transferred across borders is protected. Where Indian law imposes transfer restrictions, we will handle transfers subject to such restrictions and any government notifications that may apply.

13. Your Rights

Subject to applicable law, including the Digital Personal Data Protection Act, 2023, you may have rights to:

  • request access to a summary of your personal data and related processing information;
  • request correction, completion, updating, or erasure of personal data, subject to lawful exceptions;
  • withdraw consent where consent is the basis of processing;
  • seek grievance redressal;
  • nominate another person to exercise rights on your behalf in circumstances recognised by law; and
  • lodge a complaint with an appropriate regulator or authority, including the Data Protection Board of India where applicable.

To exercise these rights, contact us using the details in Section 18. We may need to verify your identity before processing your request. If we process personal data on behalf of a customer, we may direct your request to that customer where appropriate.

14. Cookies and Analytics Choices

You may be able to manage cookies through your browser settings and any consent or preference mechanisms we provide. Please note that disabling certain cookies or tracking technologies may affect the functionality, security, or performance of the Services.

15. Third-Party Services

Cygnus AI Prime may include or rely on third-party services, including third-party integrations, infrastructure providers, analytics providers, and support tools. Their processing of data is governed by their own terms and privacy policies where applicable. We encourage you to review the privacy policies of third-party services you choose to connect to the platform.

16. Children's Privacy

The Services are not directed to children, and we do not knowingly collect personal data from children below the age required for valid consent under applicable law. If you believe a child has provided us with personal data, please contact us so we can take appropriate steps.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date above and, where required, provide additional notice or obtain consent in the manner required by applicable law. Your continued use of the Services after an updated Privacy Policy becomes effective means you accept the revised policy to the extent permitted by law.

18. Grievance Redressal and Contact Us

If you have questions about this Privacy Policy, our data practices, or would like to exercise your rights or raise a grievance, contact:

  • Andromeda Intelligence Private Limited
  • Email: support@andromeda-intelligence.com
  • Address: Plot no 59-62, Naubad Industrial Area, Pratap Nagar, Bidar, Karnataka, India - 585403
  • Website: andromeda-intelligence.com

We may designate a grievance officer or similar contact person where required by applicable law. The relevant contact details may be published on our website or made available through the Services from time to time.

19. Governing Law and Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of India. Subject to any mandatory rights available under applicable law, the courts at Bengaluru, Karnataka shall have exclusive jurisdiction over disputes arising out of or in connection with this Privacy Policy or the Services.