Oh my goodness. Reading up on it a bit more:

     Ox Security, a "vibe-coding security platform," highlighted these vulnerabilites to its creator, Peter Steinberg. The response wasn't exactly reassuring.

    “This is a tech preview. A hobby. If you wanna help, send a PR. Once it’s production ready or commercial, happy to look into vulnerabilities.”[1]

In light of this I'm inclined to conclude- yeah, they're just lying about the privacy stuff.

1. https://www.xda-developers.com/please-stop-using-openclaw/