Trust & Security

Security isn't an afterthought — it's the foundation. ClawNaut is built with enterprise-grade security standards to protect your data, your agents, and your customers.

Compliance & Certifications

🔒

PCI DSS

Payment Card Industry Data Security Standard

All payment processing is handled through Stripe, a PCI Level 1 certified service provider. We never store, process, or transmit cardholder data on our servers. Your payment information goes directly to Stripe's PCI-compliant infrastructure.

🛡️

SOC 2 Type II

Service Organization Control 2

Our infrastructure and operations meet SOC 2 trust service criteria for security, availability, and confidentiality. We maintain strict access controls, continuous monitoring, and comprehensive audit trails across all systems.

📋

ISO 27001

Information Security Management

We follow ISO 27001 standards for information security management, including risk assessment, security controls, incident management, and continuous improvement of our security posture.

🇪🇺

GDPR

General Data Protection Regulation

As a UK/EU company (Klappp Ltd, England & Wales), we are fully GDPR compliant. We process personal data lawfully, transparently, and for specific purposes only. You have full rights to access, rectify, delete, and port your data.

Security Architecture

End-to-End Encryption

All data in transit is encrypted with TLS 1.3. Data at rest is encrypted using AES-256. Your agent conversations and configurations are protected at every layer.

Isolated Deployments

Each OpenClaw node runs in its own isolated environment. Your data never mixes with other users' data. Full network isolation between all deployments.

European Infrastructure

Our primary infrastructure runs in European data centers (Amsterdam). Data residency options available for compliance requirements.

Access Controls

Role-based access control, multi-factor authentication, and comprehensive audit logging. Every action is tracked and auditable.

Regular Security Audits

We conduct regular penetration testing and security audits. Our infrastructure is continuously monitored for vulnerabilities and threats.

Incident Response

24/7 automated monitoring with defined incident response procedures. We commit to transparent communication in the event of any security incident.

How We Handle Your Data

Your data is yours. We process it only to provide the service. We never sell, share, or use your data for training AI models.

Minimal data collection. We collect only what's necessary: your email for account management, usage metrics for billing, and agent configurations for service delivery.

Right to deletion. You can delete your account and all associated data at any time. When you delete a node, all conversation data and configurations are permanently erased within 30 days.

Data portability. Export all your agent configurations, conversation logs, and account data in standard formats at any time.

Have Security Questions?

Our security team is happy to answer any questions about our practices, provide compliance documentation, or discuss your specific requirements.

Contact Security Team