How We Keep Your Data Safe: ClawServe Security Architecture

Security First

When you trust an AI assistant with your emails, code, and personal data, security isn't optional — it's foundational. Here's how ClawServe protects your data.

Container Isolation

Every ClawServe instance runs in its own Docker container with:

• Dedicated resources — CPU, memory, and storage are not shared
• Network isolation — Containers cannot communicate with each other
• Filesystem separation — Each container has its own encrypted volume
• Process isolation — No container can access another's processes

Encryption

• In transit — All API communication uses TLS 1.3
• At rest — Container volumes are encrypted with AES-256
• API keys — Stored using AES encryption with per-user salt, never in plaintext
• Passwords — Hashed using bcrypt with Supabase Auth

Zero-Access Architecture

• We never access your conversations, files, or API keys
• We never train on your data
• We cannot read your encrypted API keys (encryption is one-way from your input)
• Support staff cannot access container contents without your explicit permission

Authentication

• Email/password with bcrypt hashing
• Google OAuth 2.0 integration
• Session management via Supabase Auth with JWT tokens
• Row-level security (RLS) on all database tables

Infrastructure

• Hosted on dedicated servers (not shared cloud)
• Regular security updates applied automatically
• Container images rebuilt with latest patches weekly
• Automated backups with encrypted offsite storage

Your Rights

• Export — Download all your data at any time
• Delete — Request complete data deletion
• Transparency — We publish our security practices openly

Reporting Vulnerabilities

If you discover a security issue, please email security@clawserve.cloud. We take all reports seriously and respond within 24 hours.