Encryption
Encrypted in transit, encrypted at rest
Every byte of your data is encrypted end-to-end. We use industry-standard primitives — no in-house cryptography.
- TLS 1.3 for all traffic between your browser, our Portal, and tenant gateways
- AES-256-GCM at rest for gateway tokens and connector secrets
- Scrypt password hashing using OWASP-recommended parameters
- HMAC-SHA256 signed session cookies, rotated on each sign-in
Tenant isolation
Each customer runs on its own instance
Your data never shares a process with another customer. Every tenant gets a dedicated OpenClaw runtime on a distinct port and URL, with its own workspace, memory, and data store.
- Separate WebSocket connection per tenant — no shared event loop
- Separate SQLite store per tenant — no shared tables, no noisy-neighbor queries
- Per-tenant OpenClaw workspace — USER.md and every officer's MEMORY.md live inside your workspace only; no shared memory or cross-client learning
- Cross-tenant access checks in every read and write — a single contract, enforced system-wide
- Device-paired ed25519 authentication for operator scopes — shared tokens alone cannot elevate
Access control
Least-privilege from day one
Employees access customer data only when needed to operate the service, and every access is logged.
- Role-separated authentication (operator vs customer) enforced at the middleware layer
- No direct database access from production laptops — all reads go through audited tooling
- Quarterly access reviews with automatic revocation on role change
- Session binding to device identity for operator-scope actions
Data lifecycle
You own your data, and you can take it with you
Your findings, briefings, approvals, and evidence chains belong to you. We store them, we don't license them.
- One-click full data export in JSON — anytime, any plan
- 30-day retention after cancellation, then cryptographic purge
- No training of AI models on customer content, ever
- Data residency in SG, US, or EU — you pick at onboarding