LIVE TAPE
OpenClaw 88,412 stars·CVE-2026-25898 disclosed (HIGH, Hermes)·Hermes Agent v2026.4.7 published·Hermes Agent +182 stars (last hour)·OpenClaw v2026.4.6 — credential vault hardening·CVE-2026-26133 patched (NanoClaw)·Pi 5 16GB rumoured for Q3 — recheck guidance·Nanobot +47 stars (last hour)·ZeroClaw v0.4.2 — Apple container fixes·Mac Mini M4 wins quarterly hardware survey·OpenClaw 88,412 stars·CVE-2026-25898 disclosed (HIGH, Hermes)·Hermes Agent v2026.4.7 published·Hermes Agent +182 stars (last hour)·OpenClaw v2026.4.6 — credential vault hardening·CVE-2026-26133 patched (NanoClaw)·Pi 5 16GB rumoured for Q3 — recheck guidance·Nanobot +47 stars (last hour)·ZeroClaw v0.4.2 — Apple container fixes·Mac Mini M4 wins quarterly hardware survey·
PocketClawvol. 1 · 2026
AI Agentsguide #110

GDPR for self-hosted AI agents in 2026 — a practical compliance walkthrough

By Robin MonteiroPublished 2026-05-03Read 7 min
#gdpr · #privacy · #self-hosted · #compliance · #data-residency · #eu · #security
Editorial noteThis article reports on a fast-moving space. Versions, install counts and timelines are accurate as of the “updated” date above. We re-verify against primary sources (CVE database, project repositories, vendor announcements) before each update. Send corrections to contact@pocketclaw.dev.

Problem
GDPR guidance for self-hosted AI in 2026 is split between vendor compliance pages, lawyer briefings and Reddit threads — none of which give a working operator a clear walkthrough of what to do.

Solution
A 9-section walkthrough covering the lawful basis question, data minimisation in agent contexts, where Hermes/OpenClaw/ZeroClaw store what, sub-processor disclosure, DPIA triggers, breach notification, retention, transfer mechanisms, and rights handling.

This is not legal advice. It is operator-level guidance from people who have shipped GDPR-compliant self-hosted AI deployments in 2026. Treat it as a starting point. For specific situations involving high-risk processing, consult a real lawyer.

Section 1 — Why self-hosted helps with GDPR (and where it doesn't)

GDPR is, in practice, a question of "who controls the data, where does it go, and who else touches it." Self-hosted AI gives you stronger answers to those questions than managed AI does — typically:

  • You control the data because it lives on your hardware.
  • The data goes only where your config tells it to.
  • The set of "who else touches it" is short: your VPS provider, your

That makes GDPR compliance more tractable than "it's all on AWS via twelve sub-processors and we'll send you a DPA when we get around to it." It does not make GDPR compliance automatic.

The two places self-hosted setups commonly trip:

  • The LLM provider when you call Anthropic, OpenAI or Google. They
  • The credential storage when you don't lock it down. Plaintext

Section 2 — Lawful basis

For most self-hosted AI operations, the relevant lawful bases are:

  • Consent — when the agent processes data the user has explicitly
  • Contract — when processing is necessary to deliver a service the
  • Legitimate interest — when processing is for a legitimate purpose

Concretely:

  • Newsletter subscriber data → consent (the user opted in).
  • Pro-tier customer email and Stripe ID → contract.
  • Server-side rate limiting based on IP → legitimate interest.
  • Sending agent prompts to Anthropic for processing → either contract

Document the lawful basis for each processing operation. Most teams have a one-page Record of Processing Activities (RoPA). Build yours.

Section 3 — Data minimisation in agent contexts

GDPR requires you to collect only what you need. Agent runtimes are prone to over-collecting because:

  • They log full prompts by default, which can include personal data.
  • They keep conversation history indefinitely by default.
  • They record tool execution arguments, which may include personal
  • They cache LLM responses, which may include personal data.

What to do:

  • Disable verbose prompt logging in production. Hermes Agent ships
  • Set conversation retention to the shortest interval that meets
  • Hash tool call arguments in audit logs rather than logging them
  • Don't cache LLM responses unless you have a specific reason to,

Section 4 — Where each agent stores what

A practical inventory of where personal data can end up in a typical self-hosted setup:

StorageHermes AgentOpenClaw 2026.4+ZeroClawNanobot
Conversation historySQLite at ~/.hermes/memory.dbSQLite at ~/.openclaw/memory.dbSQLite at ~/.zeroclaw/memory.dbIn-memory (lost on restart) by default
Credential vaultOS keyring or encrypted file at ~/.hermes/vault.encEncrypted file at ~/.openclaw/vault.encOS keyringPlaintext config (configurable)
Audit log~/.hermes/audit.jsonl (rotating)~/.openclaw/audit.jsonl~/.zeroclaw/audit.jsonlStdout (no persistent log)
Tool execution outputsPer-call, retained per memory policyPer-call, retained per memory policyPer-call, retained per memory policyPer-call, in-memory
LLM response cacheOff by defaultOff by defaultN/A (local-only)Off by default

For each location, ensure: encrypted at rest, regular backup with the backup also encrypted, and retention policy documented.

Section 5 — Sub-processors

Your privacy notice needs to disclose every third party that processes personal data on your behalf. For a typical self-hosted setup that's roughly:

  • Hosting provider (Hetzner, Cloudflare, etc.)
  • LLM API provider (Anthropic, OpenAI, Google, OpenRouter)
  • Email delivery (AWS SES, Resend, Postmark)
  • Payment processor (Stripe) if you have a paid tier
  • Analytics if any (Vercel Analytics, Plausible, etc.)
  • TLS certificate authority (Let's Encrypt)

Each of these is a sub-processor. Each needs a DPA on file. Each must appear in your privacy notice.

The good news: every credible vendor in this list has a DPA template ready, signed via DocuSign or similar in 5-15 minutes. Stop putting it off.

Section 6 — DPIA triggers

A Data Protection Impact Assessment is required when processing is likely high-risk to data subjects. Self-hosted AI scenarios that typically trigger:

  • Automated decision-making with legal effects (e.g. an agent making
  • Large-scale processing of special category data (health, race,
  • Systematic monitoring of public spaces.

Self-hosted AI scenarios that typically don't trigger:

  • Internal developer assistant.
  • Personal-use agent.
  • Customer support bot for a small to medium business.
  • Content moderation tooling at small scale.

If your use case is in doubt, do the DPIA — it's not that expensive in operator time and it gives you defensible documentation.

Section 7 — Breach notification

GDPR requires notification to the supervisory authority within 72 hours of becoming aware of a personal data breach, and to data subjects "without undue delay" if there's likely high risk to their rights.

For self-hosted AI, the practical breach scenarios are:

  • Agent host compromised (CVE exploitation, weak auth, credential
  • Conversation memory exfiltrated (rare but possible).
  • Credential vault compromised — leads to LLM provider account
  • Audit log exfiltrated — depends on what your audit log contains.

Have a plan: who notifies the supervisor authority, who drafts the user notice, what backup of evidence you preserve. Don't wait until the breach to figure this out.

The OpenClaw CVE-2026-25253 wave generated several notifiable breaches in early 2026 — assume your install will eventually need this process.

Section 8 — Data subject rights

Under GDPR, data subjects have rights to access, correction, erasure, portability, objection and to lodge complaints. For a small self-hosted AI deployment, the realistic implementation is:

  • Access — provide a JSON export of all data you hold on the
  • Correction — let the subject correct their email and account
  • Erasure — delete on request within 30 days. For backups,
  • Portability — same JSON export as access.
  • Objection — pause processing on request, document the reason,

Give yourself a working email address for these requests (privacy@yourdomain.com or contact@yourdomain.com) and a documented internal SLA for handling them.

Section 9 — Transfer mechanisms

If your sub-processors are in the US (Anthropic, OpenAI, Google, AWS, Stripe, etc.), you need a transfer mechanism. The current options:

  • Adequacy — UK, Switzerland, some others.
  • Standard Contractual Clauses (SCCs) — the dominant mechanism
  • Data Privacy Framework (DPF) — for vendors certified under

Concretely: every US sub-processor in your list needs SCCs (or equivalent) referenced in the DPA you have on file with them.

The minimum viable GDPR posture

If you're a solo operator with a self-hosted agent serving EU users, here's the realistic minimum:

1. Privacy notice published, listing sub-processors and lawful basis per processing op. 2. Cookie banner only if you actually set non-essential cookies (most self-hosted agents don't need one). 3. DPAs on file with every sub-processor. 4. Conversation memory retention set to a defensible number (30 days default, document why). 5. Credentials in OS keyring or encrypted vault. 6. privacy@yourdomain.com working, monitored, documented internal SLA. 7. Breach notification process written down — even a half-page document is fine, you just need it to exist before you need it.

Beyond that you're in DPIA / specialised lawyer territory. Most self-hosted operators don't need to go there.

What this guide does not cover

We've stayed in the GDPR lane. Adjacent regulatory regimes you may also need to think about:

  • EU AI Act for high-risk deployments — separate post coming.
  • Sector-specific regs (HIPAA, PCI-DSS, SOX) — out of scope here.
  • Member state derogations — France's CNIL, Germany's BfDI etc.

For specifics, talk to a lawyer who actually does data protection work, not a generalist who'll quote ChatGPT at you.

Related

  • [Self-hosted AI security playbook](/guides/self-hosted-ai-security-playbook-2026)
  • [Privacy policy template (ours)](/privacy)
  • [How to choose a self-hosted AI agent](/guides/how-to-choose-self-hosted-ai-agent-2026)
Continue reading
guide
Pocket AI complete guide
Running self-hosted AI on portable hardware
guide
Edge AI hardware buyer's guide 2026
Pi 5 vs Mini PC vs Mac Mini
report
Self-hosted AI landscape 2026
Quarterly state of the ecosystem
section
Pocket AI hardware hub
All portable hosts reviewed
section
Agent tracker
Live stats on every agent
newsletter
Thursday digest
Weekly summary in your inbox