Security & Privacy

MultiClaw protects your data through layered security, TLS encryption in transit, app sandboxing, and a no-telemetry policy.

How MultiClaw protects your sign-in with password hashing, Multiplai SSO, session tokens, and rate limiting.

Each workspace member is an Owner or a Member. Owners manage people; Members access resources.

MultiClaw Cloud encrypts credentials and API keys with AES-256 and secures all traffic with TLS; local files are plain JSON protected only by OS file permissions.

Workflow recordings and API keys stay local. Workspace data syncs to MultiClaw Cloud on AWS when you connect.

How MultiClaw secures every network connection using TLS, authenticated tokens, and no inbound ports.

The desktop app isolates the UI from the system, signs every update, and restricts file access — all enabled by default.

What permissions the MultiClaw Chrome Extension requests, how recorded data flows and is retained, and what the extension does not access.

API keys are encrypted in MultiClaw Cloud, auth tokens rely on OS file permissions, and session tokens live in memory only.

MultiClaw collects no telemetry, keeps conversations local by default, and gives you full control over your personal data.

Report vulnerabilities to security@multiclaw.io, with target acknowledgement in 24 hours and fix timelines based on CVSS severity.

How MultiClaw pins dependencies, verifies updates, and manages third-party components in the supply chain.

Outbound connections the desktop app and gateway make, what each one does, and when each occurs.

What MultiClaw secures versus what you are responsible for as a customer.