[{"data":1,"prerenderedAt":4486},["ShallowReactive",2],{"help-category-\u002Fsecurity-privacy":3,"help-article-\u002Fsecurity-privacy":4485},[4,301,496,758,1171,1456,1939,2296,2549,2847,3242,3513,3728,4175],{"id":5,"title":6,"body":7,"category":281,"description":282,"draft":283,"extension":284,"meta":285,"navigation":286,"order":287,"path":288,"relatedArticles":289,"seo":295,"slug":296,"stem":297,"updatedAt":298,"__hash__":299,"excerpt":282,"searchText":300},"help\u002Fhelp\u002Fsecurity-privacy\u002F01.security-overview.md","Security overview",{"type":8,"value":9,"toc":264},"minimark",[10,23,26,31,34,50,53,60,69,73,76,82,86,89,95,99,122,129,133,136,143,147,153,160,164,171,178,182,185,192,196,199,205,209,216,223,227,230,236,240,243,250,254,257],[11,12,13,14,18,19,22],"p",{},"MultiClaw protects your data through multiple independent security layers: local credential storage, TLS connections, app sandboxing, and zero telemetry. Each layer works on its own, reducing the risk that a single vulnerability leads to broader exposure. The architecture follows ",[15,16,17],"strong",{},"defense-in-depth"," principles aligned with ",[15,20,21],{},"ISO\u002FIEC 27001:2022",".",[11,24,25],{},"This article gives you a high-level view of how MultiClaw handles security and privacy. Each section links to a dedicated article with full details.",[27,28,30],"h2",{"id":29},"separate-trust-zones","Separate trust zones",[11,32,33],{},"The desktop app, the local OpenClaw gateway, and MultiClaw Cloud operate as three distinct trust zones, each with its own authentication:",[35,36,37,44],"ul",{},[38,39,40,43],"li",{},[15,41,42],{},"Desktop app",": connects to MultiClaw Cloud over HTTPS and WSS for API calls, real-time updates, agent configuration, and session data.",[38,45,46,49],{},[15,47,48],{},"Local OpenClaw gateway",": connects to MultiClaw Cloud separately over an authenticated WebSocket secured with short-lived signed tokens. These tokens rotate automatically, so a captured token expires before it can be reused.",[11,51,52],{},"Each connection enforces its own credentials. No zone shares authentication tokens with another.",[11,54,55],{},[56,57],"img",{"alt":58,"src":59},"MultiClaw security architecture — the four components and how they connect across trust boundaries","\u002Fimages\u002Fmulticlaw-security-architecture.png",[11,61,62,63,68],{},"See ",[64,65,67],"a",{"href":66},"\u002Fhelp\u002Fsecurity-privacy\u002Fnetwork-security","Network security"," for details on how each connection is secured.",[27,70,72],{"id":71},"authentication-and-login-security","Authentication and login security",[11,74,75],{},"All authentication is handled by MultiClaw Cloud. You can sign in with email and password or through Multiplai single sign-on (SSO). Sessions use short-lived tokens that rotate automatically, and repeated failed login attempts trigger temporary account lockouts.",[11,77,62,78,81],{},[64,79,72],{"href":80},"\u002Fhelp\u002Fsecurity-privacy\u002Fauthentication-and-login-security"," for details on session handling, token rotation, and lockout policies.",[27,83,85],{"id":84},"roles-and-access-control","Roles and access control",[11,87,88],{},"MultiClaw uses role-based access control (RBAC) in workspaces. Each person is assigned exactly one role — Owner or Member — which determines what they can view, create, and manage. Permissions follow a least-privilege model: users only have access to what their role requires.",[11,90,62,91,94],{},[64,92,85],{"href":93},"\u002Fhelp\u002Fsecurity-privacy\u002Froles-and-access-control"," for the full permission matrix.",[27,96,98],{"id":97},"encryption-at-rest-and-in-transit","Encryption at rest and in transit",[11,100,101,104,105,109,110,113,114,117,118,121],{},[15,102,103],{},"Config values"," are stored in your local config file (",[106,107,108],"code",{},"~\u002F.openclaw\u002Fopenclaw.json",") as plain JSON. The file is not encrypted at rest; it is protected by your operating system's file permissions. Credentials and API keys stored in ",[15,111,112],{},"MultiClaw Cloud"," receive an additional application-layer encryption with ",[15,115,116],{},"AES-256"," on top of AWS disk encryption. All connections to external MultiClaw services use ",[15,119,120],{},"TLS 1.2 or higher",", covering both HTTPS and WebSocket (WSS) traffic. Communication between the desktop app and the local OpenClaw gateway uses an unencrypted connection on localhost only — this traffic never leaves your machine.",[11,123,62,124,128],{},[64,125,127],{"href":126},"\u002Fhelp\u002Fsecurity-privacy\u002Fdata-encryption","Data encryption"," for the full encryption model.",[27,130,132],{"id":131},"local-first-data-storage","Local-first data storage",[11,134,135],{},"Your agents, conversations, and credentials are stored on your machine by default. When you're not connected to a workspace, everything stays local. When you connect to a workspace, conversation transcripts sync to MultiClaw Cloud automatically.",[11,137,62,138,142],{},[64,139,141],{"href":140},"\u002Fhelp\u002Fsecurity-privacy\u002Fdata-residency-and-storage","Data residency and storage"," for details on where your data lives.",[27,144,146],{"id":145},"credential-and-secret-storage","Credential and secret storage",[11,148,149,150,152],{},"Credentials and other sensitive values are stored in your local config file (",[106,151,108],{},") as plain JSON, protected by operating system file permissions. The desktop app does not send stored credentials to MultiClaw Cloud. Each credential is scoped to the context that needs it.",[11,154,62,155,159],{},[64,156,158],{"href":157},"\u002Fhelp\u002Fsecurity-privacy\u002Fhow-credentials-and-secrets-are-stored","How credentials and secrets are stored"," for details on how credentials are stored, scoped, and managed.",[27,161,163],{"id":162},"sandboxed-desktop-app","Sandboxed desktop app",[11,165,166,167,170],{},"The desktop app is built on ",[15,168,169],{},"Tauri v2",", which enforces a capability-based permission model. The interface layer cannot access your filesystem or start processes on its own. Every sensitive operation goes through an explicitly declared Tauri command, limiting the potential damage from any interface-level vulnerability.",[11,172,62,173,177],{},[64,174,176],{"href":175},"\u002Fhelp\u002Fsecurity-privacy\u002Fdesktop-app-security","Desktop app security"," for details on the sandboxing model and capability declarations.",[27,179,181],{"id":180},"browser-extension-isolation","Browser extension isolation",[11,183,184],{},"The MultiClaw Chrome Extension content script is loaded on all pages, but it only captures and transmits interaction data when a recording session is active. Event listeners are registered when the extension loads; they check whether recording is active before capturing anything, and no data is collected or sent between sessions.",[11,186,62,187,191],{},[64,188,190],{"href":189},"\u002Fhelp\u002Fsecurity-privacy\u002Fbrowser-extension-security","Browser extension security"," for full details on what the extension accesses and when.",[27,193,195],{"id":194},"privacy-and-data-handling","Privacy and data handling",[11,197,198],{},"MultiClaw Desktop does not collect usage analytics or telemetry. If the app crashes, the crash log stays on your machine. Conversation content stays on your machine unless you choose to sync it to a workspace. MultiClaw Cloud stores only the account, workspace, and session data needed to operate the service.",[11,200,62,201,204],{},[64,202,195],{"href":203},"\u002Fhelp\u002Fsecurity-privacy\u002Fprivacy-and-data-handling"," for what data MultiClaw collects, how long it's retained, and your rights.",[27,206,208],{"id":207},"signed-updates-and-supply-chain-security","Signed updates and supply chain security",[11,210,211,212,215],{},"App updates are signed with ",[15,213,214],{},"minisign",". Before installing an update, the updater verifies the signature against the published public key and rejects any update with an invalid or missing signature. Third-party dependencies are pinned to exact versions, scanned for vulnerabilities, and reviewed before they ship.",[11,217,62,218,222],{},[64,219,221],{"href":220},"\u002Fhelp\u002Fsecurity-privacy\u002Fdependency-and-supply-chain-security","Dependency and supply chain security"," for the full scanning and review process.",[27,224,226],{"id":225},"allowed-external-connections","Allowed external connections",[11,228,229],{},"MultiClaw makes a fixed, documented set of outbound connections from your machine. Each connection has a specific purpose — API calls, real-time updates, AI execution, or update checks. No undocumented connections are made.",[11,231,62,232,235],{},[64,233,226],{"href":234},"\u002Fhelp\u002Fsecurity-privacy\u002Fallowed-external-connections"," for the full list of endpoints, protocols, and when each connection occurs.",[27,237,239],{"id":238},"incident-reporting","Incident reporting",[11,241,242],{},"If you discover a security vulnerability, you can report it directly to the MultiClaw security team. Reports are acknowledged within 24 hours and follow a structured triage and resolution process.",[11,244,62,245,249],{},[64,246,248],{"href":247},"\u002Fhelp\u002Fsecurity-privacy\u002Fincident-reporting-and-response","Incident reporting and response"," for how to submit a report and what to expect.",[27,251,253],{"id":252},"shared-responsibility","Shared responsibility",[11,255,256],{},"Security in MultiClaw is a shared effort. MultiClaw secures the infrastructure, encrypts data in transit, and hardens the app. You're responsible for protecting your credentials, managing workspace access, and configuring agents appropriately.",[11,258,62,259,263],{},[64,260,262],{"href":261},"\u002Fhelp\u002Fsecurity-privacy\u002Fshared-responsibility-model","Shared responsibility model"," for a clear breakdown of what each party owns.",{"title":265,"searchDepth":266,"depth":266,"links":267},"",2,[268,269,270,271,272,273,274,275,276,277,278,279,280],{"id":29,"depth":266,"text":30},{"id":71,"depth":266,"text":72},{"id":84,"depth":266,"text":85},{"id":97,"depth":266,"text":98},{"id":131,"depth":266,"text":132},{"id":145,"depth":266,"text":146},{"id":162,"depth":266,"text":163},{"id":180,"depth":266,"text":181},{"id":194,"depth":266,"text":195},{"id":207,"depth":266,"text":208},{"id":225,"depth":266,"text":226},{"id":238,"depth":266,"text":239},{"id":252,"depth":266,"text":253},"security-privacy","MultiClaw protects your data through layered security, TLS encryption in transit, app sandboxing, and a no-telemetry policy.",false,"md",{},true,1,"\u002Fsecurity-privacy\u002Fsecurity-overview",[290,291,292,293,294],"security-privacy\u002Fdata-encryption","security-privacy\u002Fnetwork-security","security-privacy\u002Fbrowser-extension-security","security-privacy\u002Fhow-credentials-and-secrets-are-stored","security-privacy\u002Fprivacy-and-data-handling",{"title":6,"description":282},"security-overview","help\u002Fsecurity-privacy\u002F01.security-overview","2026-03-30","3x0_VX5XDDMQT5kwODVWQnpjsjlxJfe0Lbg5V4Kim9I","Security overview MultiClaw protects your data through layered security, TLS encryption in transit, app sandboxing, and a no-telemetry policy.",{"id":302,"title":72,"body":303,"category":281,"description":486,"draft":283,"extension":284,"meta":487,"navigation":286,"order":266,"path":488,"relatedArticles":489,"seo":492,"slug":71,"stem":493,"updatedAt":298,"__hash__":494,"excerpt":486,"searchText":495},"help\u002Fhelp\u002Fsecurity-privacy\u002F02.authentication-and-login-security.md",{"type":8,"value":304,"toc":474},[305,308,312,319,322,326,337,340,344,347,350,355,358,362,365,377,380,395,399,402,405,411,415,422,427,431,434,469],[11,306,307],{},"Every sign-in to MultiClaw goes through MultiClaw Cloud, which manages your credentials, sessions, and lockout protection. You can sign in with an email and password or through Multiplai SSO. This article explains how each method works, what protections are in place, and what you are responsible for.",[27,309,311],{"id":310},"email-and-password","Email and password",[11,313,314,315,318],{},"You can create an account with your email and a password. Passwords are hashed with ",[15,316,317],{},"bcrypt"," before storage — MultiClaw never stores your password in plain text.",[11,320,321],{},"Your password must be at least 8 characters. For the strongest protection, use a unique password that you don't reuse across other services. A password manager makes this easier.",[27,323,325],{"id":324},"sign-in-with-multiplai","Sign in with Multiplai",[11,327,328,329,332,333,336],{},"If your organisation uses ",[15,330,331],{},"Multiplai",", you can sign in with Multiplai SSO instead of a separate password. Click ",[15,334,335],{},"Continue with multiplai.app"," on the sign-in screen. MultiClaw redirects you to Multiplai to authenticate — MultiClaw never receives or stores your Multiplai password.",[11,338,339],{},"When you sign in through Multiplai, your Multiplai account controls the authentication experience. Password policies, session rules, and any additional protections (such as multi-factor authentication) are managed by Multiplai, not by MultiClaw.",[27,341,343],{"id":342},"session-security","Session security",[11,345,346],{},"After you sign in, the desktop app stores a session token in local storage. This token identifies you for all requests to MultiClaw Cloud.",[11,348,349],{},"Session tokens are short-lived and rotate automatically. Because tokens expire and refresh without action on your part, a captured token has a limited window of usefulness. The session token is separate from any OpenClaw gateway configuration on your machine — compromising one does not affect the other.",[351,352,354],"h3",{"id":353},"signing-out","Signing out",[11,356,357],{},"Signing out of the desktop app revokes the session token on the server immediately. If you use MultiClaw on more than one device, sign out of each device individually. Always sign out when using a shared or untrusted machine.",[351,359,361],{"id":360},"if-you-suspect-a-compromised-session","If you suspect a compromised session",[11,363,364],{},"If you believe someone else has accessed your account:",[366,367,368,371,374],"ol",{},[38,369,370],{},"Sign out of the desktop app on every device you have access to.",[38,372,373],{},"Reset your password from the sign-in screen.",[38,375,376],{},"Contact MultiClaw through the website to report the suspected unauthorised access.",[11,378,379],{},"Under the Terms of Service (§4.3), you are required to notify MultiClaw promptly of any suspected unauthorised access to your account.",[381,382,384],"callout",{"type":383},"warning",[11,385,386,387,390,391,394],{},"To remove a user from your workspace entirely, the workspace owner can go to the ",[15,388,389],{},"Users"," page (",[106,392,393],{},"\u002F{your-workspace}\u002Fusers",") in MultiClaw Cloud and revoke their access.",[27,396,398],{"id":397},"account-lockout","Account lockout",[11,400,401],{},"MultiClaw rate-limits sign-in attempts to protect against brute-force attacks. If you enter too many incorrect passwords in a short window, you see a \"Too many requests\" error.",[11,403,404],{},"Wait a minute and try again — the limit resets automatically. No admin action is required to restore access.",[381,406,408],{"type":407},"tip",[11,409,410],{},"If the error persists after waiting, confirm you are entering the correct email address. If you've forgotten your password, use the password-reset link on the sign-in screen rather than retrying.",[27,412,414],{"id":413},"what-this-article-does-not-cover","What this article does not cover",[11,416,417,418,421],{},"Authentication for the local OpenClaw gateway is handled separately from your MultiClaw Cloud sign-in. The gateway uses its own short-lived signed tokens that rotate automatically. See ",[64,419,6],{"href":420},"\u002Fhelp\u002Fsecurity-privacy\u002Fsecurity-overview"," for how the trust zones connect.",[11,423,424,425,22],{},"Credential and secret storage (API keys, config values) is covered in ",[64,426,158],{"href":157},[27,428,430],{"id":429},"your-security-responsibilities","Your security responsibilities",[11,432,433],{},"MultiClaw secures the authentication infrastructure: password hashing, token rotation, rate limiting, and TLS for all connections. You are responsible for:",[35,435,436,442,448,454,460],{},[38,437,438,441],{},[15,439,440],{},"Choosing a strong password",": use at least 8 characters and avoid reusing passwords from other services.",[38,443,444,447],{},[15,445,446],{},"Keeping credentials confidential",": don't share your password or session details with others.",[38,449,450,453],{},[15,451,452],{},"Signing out on shared devices",": always sign out after using MultiClaw on a machine you don't control.",[38,455,456,459],{},[15,457,458],{},"Reporting unauthorised access promptly",": notify MultiClaw through the website if you suspect your account has been compromised.",[38,461,462,465,466,468],{},[15,463,464],{},"Managing workspace membership",": if you are the workspace owner, periodically review the member list on your workspace's ",[15,467,389],{}," page and remove users who no longer need access.",[11,470,471,472,22],{},"For the full breakdown of what MultiClaw secures versus what you own, see ",[64,473,262],{"href":261},{"title":265,"searchDepth":266,"depth":266,"links":475},[476,477,478,483,484,485],{"id":310,"depth":266,"text":311},{"id":324,"depth":266,"text":325},{"id":342,"depth":266,"text":343,"children":479},[480,482],{"id":353,"depth":481,"text":354},3,{"id":360,"depth":481,"text":361},{"id":397,"depth":266,"text":398},{"id":413,"depth":266,"text":414},{"id":429,"depth":266,"text":430},"How MultiClaw protects your sign-in with password hashing, Multiplai SSO, session tokens, and rate limiting.",{},"\u002Fsecurity-privacy\u002Fauthentication-and-login-security",[490,491,290,293],"security-privacy\u002Fsecurity-overview","security-privacy\u002Froles-and-access-control",{"title":72,"description":486},"help\u002Fsecurity-privacy\u002F02.authentication-and-login-security","Q3uaypfNh-TfTIgNs3H-gCn6nE2selkaSa8_UYNjZ-g","Authentication and login security How MultiClaw protects your sign-in with password hashing, Multiplai SSO, session tokens, and rate limiting.",{"id":497,"title":85,"body":498,"category":281,"description":747,"draft":283,"extension":284,"meta":748,"navigation":286,"order":481,"path":749,"relatedArticles":750,"seo":753,"slug":84,"stem":754,"updatedAt":755,"__hash__":756,"excerpt":747,"searchText":757},"help\u002Fhelp\u002Fsecurity-privacy\u002F03.roles-and-access-control.md",{"type":8,"value":499,"toc":737},[500,511,515,518,632,635,638,647,650,653,659,663,666,673,679,683,694,702,705,709,712,715,719,722,728],[11,501,502,503,506,507,510],{},"Every person in your workspace has one of two roles: ",[15,504,505],{},"Owner"," or ",[15,508,509],{},"Member",". Your role controls what you can see and change, from managing the team roster to running agents on cloud desktops.",[27,512,514],{"id":513},"the-two-role-model","The two-role model",[11,516,517],{},"MultiClaw uses a flat, two-role model. There are no custom roles or granular permission tiers. This keeps the access model easy to understand and reduces the chance of misconfiguration.",[519,520,521,536],"table",{},[522,523,524],"thead",{},[525,526,527,531,534],"tr",{},[528,529,530],"th",{},"Capability",[528,532,505],{"align":533},"center",[528,535,509],{"align":533},[537,538,539,550,559,568,577,586,595,604,614,623],"tbody",{},[525,540,541,545,548],{},[542,543,544],"td",{},"View and use agents",[542,546,547],{"align":533},"✓",[542,549,547],{"align":533},[525,551,552,555,557],{},[542,553,554],{},"Create and manage tasks",[542,556,547],{"align":533},[542,558,547],{"align":533},[525,560,561,564,566],{},[542,562,563],{},"Access cloud desktops",[542,565,547],{"align":533},[542,567,547],{"align":533},[525,569,570,573,575],{},[542,571,572],{},"Use skills and guardrails",[542,574,547],{"align":533},[542,576,547],{"align":533},[525,578,579,582,584],{},[542,580,581],{},"Use Quick Chat",[542,583,547],{"align":533},[542,585,547],{"align":533},[525,587,588,591,593],{},[542,589,590],{},"View the audit trail",[542,592,547],{"align":533},[542,594,547],{"align":533},[525,596,597,600,602],{},[542,598,599],{},"Approve agent plans",[542,601,547],{"align":533},[542,603,547],{"align":533},[525,605,606,609,611],{},[542,607,608],{},"Invite members",[542,610,547],{"align":533},[542,612,613],{"align":533},"—",[525,615,616,619,621],{},[542,617,618],{},"Remove members",[542,620,547],{"align":533},[542,622,613],{"align":533},[525,624,625,628,630],{},[542,626,627],{},"View the full member list",[542,629,547],{"align":533},[542,631,613],{"align":533},[351,633,505],{"id":634},"owner",[11,636,637],{},"The Owner is the person who created the workspace. Each workspace has exactly one Owner. Beyond everything a Member can do, the Owner manages who has access: inviting new members, removing existing ones, and viewing the full member list.",[11,639,640,641,22],{},"Ownership cannot be transferred through the interface. If you need to change who owns the workspace, contact ",[64,642,646],{"href":643,"rel":644},"https:\u002F\u002Fmulticlaw.ai\u002Fsupport",[645],"nofollow","MultiClaw support",[351,648,509],{"id":649},"member",[11,651,652],{},"A Member is anyone the Owner invites into the workspace. Members have full access to the workspace's agents, tasks, cloud desktops, skills, guardrails, and Quick Chat. They can approve agent plans and view the audit trail.",[11,654,655,656,658],{},"Members cannot invite or remove other people. If a Member tries to access the ",[15,657,389],{}," page, they see a permission error.",[27,660,662],{"id":661},"how-roles-connect-to-governance-features","How roles connect to governance features",[11,664,665],{},"Your role does not limit what you can do with agents and tasks. Both Owners and Members create tasks, review agent plans, and approve or reject execution. The approval flow is a governance control that applies equally to everyone in the workspace.",[11,667,668,669,672],{},"The ",[15,670,671],{},"audit trail"," is also visible to both roles. Every action taken in the workspace — task creation, plan approval, agent execution — is logged and visible to all members. The Owner does not have a separate or more detailed audit view.",[381,674,676],{"type":675},"note",[11,677,678],{},"The Owner's unique privileges are limited to managing the member list. Day-to-day work with agents, tasks, and cloud desktops is identical for both roles.",[27,680,682],{"id":681},"manage-members","Manage members",[11,684,685,686,688,689,390,691,693],{},"Only the Owner can add or remove people. Open ",[15,687,112],{}," and go to your workspace's ",[15,690,389],{},[106,692,393],{},"). From there you can:",[366,695,696,699],{},[38,697,698],{},"Invite a new member by entering their email address.",[38,700,701],{},"Remove an existing member by selecting them from the list.",[11,703,704],{},"When you remove a member, they lose access to all workspace resources immediately. Their past actions remain in the audit trail.",[27,706,708],{"id":707},"no-guest-or-anonymous-access","No guest or anonymous access",[11,710,711],{},"Everyone who accesses your workspace needs a MultiClaw account. The Owner must invite each person as a Member before they can see any workspace resources. There is no guest role, temporary access, or public link that bypasses this requirement.",[11,713,714],{},"If someone outside your organization needs access, ask the Owner to invite them. That person will need a MultiClaw account to accept the invitation.",[27,716,718],{"id":717},"security-considerations","Security considerations",[11,720,721],{},"The two-role model is intentionally simple. A flat structure means there are no hidden permissions, no role inheritance chains, and no risk of accidentally granting elevated access through a misconfigured custom role.",[11,723,724,725,727],{},"Because only the Owner can change the member list, a compromised Member account cannot escalate its own access or invite unauthorized users. If you suspect unauthorized access, the Owner should remove the affected member from the ",[15,726,389],{}," page and ask them to reset their password.",[381,729,730],{"type":383},[11,731,732,733,736],{},"If the Owner's account is compromised, contact ",[64,734,646],{"href":643,"rel":735},[645]," immediately. The Owner is the only person who can manage workspace membership.",{"title":265,"searchDepth":266,"depth":266,"links":738},[739,743,744,745,746],{"id":513,"depth":266,"text":514,"children":740},[741,742],{"id":634,"depth":481,"text":505},{"id":649,"depth":481,"text":509},{"id":661,"depth":266,"text":662},{"id":681,"depth":266,"text":682},{"id":707,"depth":266,"text":708},{"id":717,"depth":266,"text":718},"Each workspace member is an Owner or a Member. Owners manage people; Members access resources.",{},"\u002Fsecurity-privacy\u002Froles-and-access-control",[490,751,752],"security-privacy\u002Fauthentication-and-login-security","team-governance\u002Finvite-and-manage-team-members",{"title":85,"description":747},"help\u002Fsecurity-privacy\u002F03.roles-and-access-control","2026-03-31","YTq0ENPm_n7D5uZILgReSwkGp0H0W70S4TOz_Kthnfs","Roles and access control Each workspace member is an Owner or a Member. Owners manage people; Members access resources.",{"id":759,"title":127,"body":760,"category":281,"description":1160,"draft":283,"extension":284,"meta":1161,"navigation":286,"order":1162,"path":1163,"relatedArticles":1164,"seo":1166,"slug":1167,"stem":1168,"updatedAt":755,"__hash__":1169,"excerpt":1160,"searchText":1170},"help\u002Fhelp\u002Fsecurity-privacy\u002F04.data-encryption.md",{"type":8,"value":761,"toc":1146},[762,765,769,774,823,828,870,874,878,888,891,897,900,910,913,917,920,988,992,995,998,1001,1005,1008,1039,1041,1044,1112,1116,1129,1135,1141],[11,763,764],{},"MultiClaw encrypts credentials and API keys stored in MultiClaw Cloud and secures all external traffic in transit with TLS. Your local OpenClaw config file, conversation history, and agent definitions are stored as plain text on your device, protected only by OS file permissions.",[27,766,768],{"id":767},"protection-overview","Protection overview",[11,770,771],{},[15,772,773],{},"On your device:",[519,775,776,786],{},[522,777,778],{},[525,779,780,783],{},[528,781,782],{},"Data",[528,784,785],{},"Protection at rest",[537,787,788,798,806,816],{},[525,789,790,795],{},[542,791,792,793],{},"API keys and credentials in ",[106,794,108],{},[542,796,797],{},"Not encrypted (plain JSON, OS file permissions)",[525,799,800,803],{},[542,801,802],{},"Desktop app authentication bearer token",[542,804,805],{},"Not encrypted (WebView local storage)",[525,807,808,814],{},[542,809,810,811],{},"Conversations in ",[106,812,813],{},"~\u002F.openclaw\u002Fconversations\u002F",[542,815,797],{},[525,817,818,821],{},[542,819,820],{},"Agent definitions, skill files, workflow recordings",[542,822,797],{},[11,824,825],{},[15,826,827],{},"In MultiClaw Cloud (when connected to a workspace):",[519,829,830,838],{},[522,831,832],{},[525,833,834,836],{},[528,835,782],{},[528,837,785],{},[537,839,840,848,856,863],{},[525,841,842,845],{},[542,843,844],{},"LLM API keys and instance credentials",[542,846,847],{},"AWS disk encryption + application-layer AES-256",[525,849,850,853],{},[542,851,852],{},"Synced conversations",[542,854,855],{},"AWS disk encryption",[525,857,858,861],{},[542,859,860],{},"Synced agent definitions and skill files",[542,862,855],{},[525,864,865,868],{},[542,866,867],{},"Workspace and account metadata",[542,869,855],{},[27,871,873],{"id":872},"encryption-at-rest","Encryption at rest",[351,875,877],{"id":876},"local-device","Local device",[11,879,880,881,883,884,887],{},"Your local OpenClaw config file (",[106,882,108],{},") is stored as ",[15,885,886],{},"plain JSON"," on disk. It is not encrypted. Access is limited by OS file permissions. Only your user account can read the file.",[11,889,890],{},"The OpenClaw runtime stores all configuration as plain JSON files. MultiClaw reads and writes these files but does not apply its own encryption layer.",[11,892,893,894,896],{},"The desktop app's authentication bearer token is stored in the WebView's local storage. The bearer token is separate from the gateway workspace auth token, which is stored in ",[106,895,108],{}," alongside the API keys. Neither token is encrypted at rest on the local device.",[351,898,112],{"id":899},"multiclaw-cloud",[11,901,902,903,906,907,909],{},"Workspace data stored in MultiClaw Cloud is hosted on ",[15,904,905],{},"AWS",", which encrypts storage volumes at rest using AWS-managed encryption keys. Sensitive values — such as LLM API keys and instance credentials — receive an additional layer of protection: they are encrypted at the application layer using ",[15,908,116],{}," before being stored. When MultiClaw Cloud syncs your configuration to a cloud desktop instance, it also encrypts API keys and credentials with AES-256-GCM in the sync payload, using a key derived from your instance token.",[11,911,912],{},"Application-layer encryption keys for credentials are managed by MultiClaw's infrastructure. Workspace members do not hold or control these keys.",[27,914,916],{"id":915},"encryption-in-transit","Encryption in transit",[11,918,919],{},"All traffic between MultiClaw components and external services travels over encrypted connections. The only exception is the link between the desktop app and the local OpenClaw gateway, which uses an unencrypted connection on localhost. This traffic never leaves your machine.",[519,921,922,932],{},[522,923,924],{},[525,925,926,929],{},[528,927,928],{},"Connection",[528,930,931],{},"Protocol",[537,933,934,945,956,967,977],{},[525,935,936,939],{},[542,937,938],{},"Desktop app ↔ MultiClaw Cloud (HTTP)",[542,940,941,944],{},[15,942,943],{},"HTTPS",": TLS 1.2 minimum, TLS 1.3 preferred",[525,946,947,950],{},[542,948,949],{},"Gateway ↔ MultiClaw Cloud (WebSocket)",[542,951,952,955],{},[15,953,954],{},"WSS"," (WebSocket Secure): TLS-encrypted",[525,957,958,961],{},[542,959,960],{},"Desktop app ↔ local OpenClaw gateway",[542,962,963,966],{},[15,964,965],{},"WS\u002FHTTP on localhost",": unencrypted, never leaves your machine",[525,968,969,972],{},[542,970,971],{},"Local gateway → LLM provider API",[542,973,974,976],{},[15,975,943],{},": TLS-encrypted",[525,978,979,982],{},[542,980,981],{},"Cloud desktop viewer (WebRTC)",[542,983,984,987],{},[15,985,986],{},"DTLS-SRTP",": standard encryption for peer-to-peer media",[27,989,991],{"id":990},"what-is-not-encrypted-locally","What is not encrypted locally",[11,993,994],{},"The local files listed in the protection overview use OS file permissions as their only protection. That's sufficient against remote access, but it doesn't protect against physical access to your device.",[11,996,997],{},"If your device is lost, stolen, or accessed by someone with your OS credentials, these files are readable. Full-disk encryption closes this gap.",[11,999,1000],{},"When you connect to a workspace, conversations, agent definitions, and skill files sync to MultiClaw Cloud, where they receive AWS disk encryption.",[351,1002,1004],{"id":1003},"enable-full-disk-encryption","Enable full-disk encryption",[11,1006,1007],{},"Full-disk encryption protects all files on your device, including the plain-text data listed above, from unauthorized physical access.",[35,1009,1010,1020,1033],{},[38,1011,1012,1015,1016,1019],{},[15,1013,1014],{},"macOS",": Open ",[15,1017,1018],{},"System Settings → Privacy & Security → FileVault"," and turn FileVault on.",[38,1021,1022,1015,1025,1028,1029,1032],{},[15,1023,1024],{},"Windows",[15,1026,1027],{},"Settings → Privacy & security → Device encryption",", or search for ",[15,1030,1031],{},"BitLocker"," on Pro and Enterprise editions.",[38,1034,1035,1038],{},[15,1036,1037],{},"Linux",": Most distributions offer LUKS encryption during installation. If your disk is not already encrypted, back up your data and reinstall with the encryption option enabled.",[27,1040,253],{"id":252},[11,1042,1043],{},"MultiClaw encrypts your credentials and API keys in the cloud. Protecting your local device is your responsibility.",[519,1045,1046,1059],{},[522,1047,1048],{},[525,1049,1050,1053,1056],{},[528,1051,1052],{},"Area",[528,1054,1055],{},"Who handles it",[528,1057,1058],{},"Protection",[537,1060,1061,1072,1082,1092,1103],{},[525,1062,1063,1066,1069],{},[542,1064,1065],{},"API keys and credentials in MultiClaw Cloud",[542,1067,1068],{},"MultiClaw",[542,1070,1071],{},"AES-256 application encryption + AWS disk encryption",[525,1073,1074,1077,1079],{},[542,1075,1076],{},"Cloud storage volumes",[542,1078,905],{},[542,1080,1081],{},"AWS-managed disk encryption",[525,1083,1084,1087,1089],{},[542,1085,1086],{},"Traffic between MultiClaw and external services",[542,1088,1068],{},[542,1090,1091],{},"TLS 1.2+ for HTTP, WSS for WebSocket",[525,1093,1094,1097,1100],{},[542,1095,1096],{},"Local config, agent files, and conversations",[542,1098,1099],{},"You",[542,1101,1102],{},"OS file permissions + full-disk encryption",[525,1104,1105,1108,1110],{},[542,1106,1107],{},"Authentication tokens on your device",[542,1109,1099],{},[542,1111,1102],{},[351,1113,1115],{"id":1114},"what-you-can-verify","What you can verify",[11,1117,1118,1121,1122,1125,1126,22],{},[15,1119,1120],{},"Full-disk encryption",": Check your OS settings using the instructions above. On macOS, look for \"FileVault: On\" in ",[15,1123,1124],{},"System Settings → Privacy & Security",". On Windows, look for \"Device encryption is on\" in ",[15,1127,1128],{},"Settings → Privacy & security",[11,1130,1131,1134],{},[15,1132,1133],{},"Transit encryption",": All connections from the desktop app and Gateway to MultiClaw Cloud use HTTPS and WSS. You can confirm this with browser developer tools or a network monitoring tool — all external traffic will show TLS certificates issued to MultiClaw domains.",[11,1136,1137,1140],{},[15,1138,1139],{},"Cloud encryption at rest",": Application-layer encryption of cloud-stored credentials is handled transparently by MultiClaw's infrastructure. You cannot inspect it directly — this is a trust boundary inherent to any cloud-hosted service.",[381,1142,1143],{"type":407},[11,1144,1145],{},"MultiClaw Cloud encrypts credentials and API keys stored in its database. Local files on your device — including config, conversations, and agent data — are not encrypted by MultiClaw. Full-disk encryption is the most effective way to protect them.",{"title":265,"searchDepth":266,"depth":266,"links":1147},[1148,1149,1153,1154,1157],{"id":767,"depth":266,"text":768},{"id":872,"depth":266,"text":873,"children":1150},[1151,1152],{"id":876,"depth":481,"text":877},{"id":899,"depth":481,"text":112},{"id":915,"depth":266,"text":916},{"id":990,"depth":266,"text":991,"children":1155},[1156],{"id":1003,"depth":481,"text":1004},{"id":252,"depth":266,"text":253,"children":1158},[1159],{"id":1114,"depth":481,"text":1115},"MultiClaw Cloud encrypts credentials and API keys with AES-256 and secures all traffic with TLS; local files are plain JSON protected only by OS file permissions.",{},4,"\u002Fsecurity-privacy\u002Fdata-encryption",[490,291,293,1165],"security-privacy\u002Fdata-residency-and-storage",{"title":127,"description":1160},"data-encryption","help\u002Fsecurity-privacy\u002F04.data-encryption","PS01Cx_PLkHKehAf_-QLVhM6_dJhqwlHYiJ4B5fUh18","Data encryption MultiClaw Cloud encrypts credentials and API keys with AES-256 and secures all traffic with TLS; local files are plain JSON protected only by OS file permissions.",{"id":1172,"title":141,"body":1173,"category":281,"description":1444,"draft":283,"extension":284,"meta":1445,"navigation":286,"order":1446,"path":1447,"relatedArticles":1448,"seo":1451,"slug":1452,"stem":1453,"updatedAt":755,"__hash__":1454,"excerpt":1444,"searchText":1455},"help\u002Fhelp\u002Fsecurity-privacy\u002F05.data-residency-and-storage.md",{"type":8,"value":1174,"toc":1434},[1175,1181,1185,1188,1225,1229,1232,1261,1265,1268,1275,1281,1285,1295,1303,1311,1321,1323,1329,1334,1338,1341,1348,1352,1355,1406,1409,1415,1419,1426],[11,1176,1177,1178,1180],{},"MultiClaw stores data in two places: your local machine and ",[15,1179,112],{},". Workflow recordings, API keys, and app configuration stay on your machine. Workspace metadata, agent definitions, and audit logs sync to the cloud when you connect to a workspace.",[27,1182,1184],{"id":1183},"what-stays-local","What stays local",[11,1186,1187],{},"This data stays on your machine and doesn't sync to MultiClaw Cloud:",[35,1189,1190,1199,1206,1213,1219],{},[38,1191,1192,1195,1196],{},[15,1193,1194],{},"Workflow recordings",": stored in ",[106,1197,1198],{},"~\u002F.openclaw\u002F",[38,1200,1201,1195,1204],{},[15,1202,1203],{},"API keys",[106,1205,108],{},[38,1207,1208,1195,1211],{},[15,1209,1210],{},"App configuration",[106,1212,108],{},[38,1214,1215,1218],{},[15,1216,1217],{},"Desktop app binary and cache",": stored on your local filesystem",[38,1220,1221,1224],{},[15,1222,1223],{},"Crash logs",": stored locally and not transmitted to MultiClaw Cloud",[27,1226,1228],{"id":1227},"what-syncs-to-multiclaw-cloud","What syncs to MultiClaw Cloud",[11,1230,1231],{},"When you connect to a workspace, this data syncs to the cloud:",[35,1233,1234,1240,1249,1255],{},[38,1235,1236,1239],{},[15,1237,1238],{},"Workspace metadata",": workspace name, member list, agent names, and settings",[38,1241,1242,1245,1246,1248],{},[15,1243,1244],{},"Agent and skill definitions",": stored locally in ",[106,1247,1198],{}," and synced to enable team sharing and backup",[38,1250,1251,1254],{},[15,1252,1253],{},"Audit logs",": a record of agent actions and approvals",[38,1256,1257,1260],{},[15,1258,1259],{},"Usage events",": a record of workspace activity used for operational monitoring",[27,1262,1264],{"id":1263},"conversation-content","Conversation content",[11,1266,1267],{},"Where your conversation transcripts are stored depends on whether you're connected to a workspace.",[11,1269,1270,1271,1274],{},"If you are ",[15,1272,1273],{},"not connected to a workspace",", all transcripts stay on your machine. Nothing syncs to the cloud.",[11,1276,1270,1277,1280],{},[15,1278,1279],{},"connected to a workspace",", transcripts sync to MultiClaw Cloud. To keep conversation content local, don't connect to a workspace.",[27,1282,1284],{"id":1283},"cloud-region-and-infrastructure","Cloud region and infrastructure",[11,1286,1287,1288,1290,1291,1294],{},"MultiClaw Cloud runs on ",[15,1289,905],{}," in the ",[15,1292,1293],{},"ap-southeast-2"," region (Sydney, Australia). All cloud-synced workspace data and cloud desktops are hosted in this region.",[11,1296,1297,1298,1302],{},"For cross-border data transfers, MultiClaw relies on Standard Contractual Clauses (SCCs) for EU data subjects and the UK International Data Transfer Agreement (UK IDTA) for UK data subjects. See the ",[64,1299,1301],{"href":1300},"\u002Fhelp\u002Flegal-compliance\u002Fprivacy-policy","Privacy Policy"," for details.",[11,1304,1305,1306,1310],{},"If your organisation processes personal data through MultiClaw and your users include EU or UK data subjects, you're entitled to a Data Processing Agreement (DPA) under GDPR Article 28 and UK GDPR. See ",[64,1307,1309],{"href":1308},"\u002Fhelp\u002Flegal-compliance\u002Fdata-processing-agreement","Data Processing Agreement"," for how to request one.",[381,1312,1313],{"type":675},[11,1314,1315,1316,1320],{},"If your organisation has specific data residency requirements beyond the current region, contact ",[64,1317,1319],{"href":1318},"mailto:legal@multiclaw.io","legal@multiclaw.io"," to discuss your needs.",[27,1322,873],{"id":872},[11,1324,1325,1326,1328],{},"Local files in ",[106,1327,1198],{}," — including config, conversations, and agent definitions — are stored as plain JSON, protected by OS file permissions. MultiClaw Cloud encrypts workspace data at rest using AWS-managed encryption keys, with additional AES-256 application-layer encryption for sensitive values like API keys.",[11,1330,62,1331,1333],{},[64,1332,127],{"href":126}," for the full encryption model and how to protect local files with full-disk encryption.",[27,1335,1337],{"id":1336},"third-party-data-processing","Third-party data processing",[11,1339,1340],{},"When an agent runs a task, your prompts and task context are sent to the LLM provider you've configured (such as OpenAI, Anthropic, or Google). Those providers process data under their own terms of service and privacy policies. MultiClaw does not use your conversation content for model training.",[11,1342,1343,1344,22],{},"For a list of third-party services that process data on MultiClaw's behalf, see ",[64,1345,1347],{"href":1346},"\u002Fhelp\u002Flegal-compliance\u002Fsubprocessors-and-third-parties","Subprocessors and third parties",[27,1349,1351],{"id":1350},"data-retention","Data retention",[11,1353,1354],{},"MultiClaw keeps cloud-synced data only as long as it's needed. The key retention periods are:",[519,1356,1357,1366],{},[522,1358,1359],{},[525,1360,1361,1363],{},[528,1362,782],{},[528,1364,1365],{},"Retained for",[537,1367,1368,1376,1384,1392,1399],{},[525,1369,1370,1373],{},[542,1371,1372],{},"Account data (name, email)",[542,1374,1375],{},"While your account is active; deleted within 30 days of account closure",[525,1377,1378,1381],{},[542,1379,1380],{},"Workspace and team data",[542,1382,1383],{},"While the workspace subscription is active; deleted within 30 days of cancellation",[525,1385,1386,1389],{},[542,1387,1388],{},"Server logs (IP, user agent)",[542,1390,1391],{},"90 days",[525,1393,1394,1396],{},[542,1395,852],{},[542,1397,1398],{},"Until you delete them or close your account",[525,1400,1401,1403],{},[542,1402,1253],{},[542,1404,1405],{},"1 year",[11,1407,1408],{},"Local data — including workflow recordings, agent definitions, and config files — stays on your machine until you delete it. MultiClaw does not manage retention of local files.",[11,1410,1411,1412,1414],{},"See the ",[64,1413,1301],{"href":1300}," for the full retention schedule.",[27,1416,1418],{"id":1417},"delete-cloud-synced-data","Delete cloud-synced data",[11,1420,1421,1422,22],{},"You can delete individual conversations from the desktop app at any time. To request deletion of all your personal data from MultiClaw Cloud, email ",[64,1423,1425],{"href":1424},"mailto:privacy@multiclaw.io","privacy@multiclaw.io",[11,1427,1428,1429,1433],{},"After you close your account, you have 30 days to export your data before deletion begins. See ",[64,1430,1432],{"href":1431},"\u002Fhelp\u002Flegal-compliance\u002Fdata-portability-and-export","Data portability and export"," for export options.",{"title":265,"searchDepth":266,"depth":266,"links":1435},[1436,1437,1438,1439,1440,1441,1442,1443],{"id":1183,"depth":266,"text":1184},{"id":1227,"depth":266,"text":1228},{"id":1263,"depth":266,"text":1264},{"id":1283,"depth":266,"text":1284},{"id":872,"depth":266,"text":873},{"id":1336,"depth":266,"text":1337},{"id":1350,"depth":266,"text":1351},{"id":1417,"depth":266,"text":1418},"Workflow recordings and API keys stay local. Workspace data syncs to MultiClaw Cloud on AWS when you connect.",{},5,"\u002Fsecurity-privacy\u002Fdata-residency-and-storage",[290,1449,1450],"legal-compliance\u002Fprivacy-policy","legal-compliance\u002Fdata-processing-agreement",{"title":141,"description":1444},"data-residency-and-storage","help\u002Fsecurity-privacy\u002F05.data-residency-and-storage","c80Kwl2mnNM_vd7HyxaMSi1UvbDq6XVGGnv6JUBwhQI","Data residency and storage Workflow recordings and API keys stay local. Workspace data syncs to MultiClaw Cloud on AWS when you connect.",{"id":1457,"title":67,"body":1458,"category":281,"description":1929,"draft":283,"extension":284,"meta":1930,"navigation":286,"order":1931,"path":1932,"relatedArticles":1933,"seo":1934,"slug":1935,"stem":1936,"updatedAt":755,"__hash__":1937,"excerpt":1929,"searchText":1938},"help\u002Fhelp\u002Fsecurity-privacy\u002F06.network-security.md",{"type":8,"value":1459,"toc":1918},[1460,1463,1467,1471,1597,1601,1616,1630,1633,1636,1640,1646,1652,1655,1660,1664,1671,1677,1680,1683,1689,1696,1702,1705,1714,1717,1720,1723,1727,1734,1737,1846,1849,1873,1877,1886,1893,1904,1908],[11,1461,1462],{},"Every connection MultiClaw makes is encrypted and authenticated. Your machine opens no inbound ports, and each credential stays within its intended trust zone.",[11,1464,1465],{},[56,1466],{"alt":58,"src":59},[27,1468,1470],{"id":1469},"connection-summary","Connection summary",[519,1472,1473,1490],{},[522,1474,1475],{},[525,1476,1477,1479,1481,1484,1487],{},[528,1478,928],{},[528,1480,931],{},[528,1482,1483],{},"Authentication",[528,1485,1486],{},"Data carried",[528,1488,1489],{},"Notes",[537,1491,1492,1521,1539,1559,1579],{},[525,1493,1494,1497,1505,1508,1511],{},[542,1495,1496],{},"Desktop app → MultiClaw Cloud",[542,1498,1499,1501,1502,1504],{},[15,1500,943],{}," (REST) and ",[15,1503,954],{}," (WebSocket)",[542,1506,1507],{},"Bearer token (persists until logout); WSS uses a separate short-lived HMAC token",[542,1509,1510],{},"Account, workspace, task, and agent configuration data; real-time status events",[542,1512,1513,1516,1517,1520],{},[15,1514,1515],{},"TLS 1.2"," minimum, ",[15,1518,1519],{},"TLS 1.3"," preferred",[525,1522,1523,1526,1530,1533,1536],{},[542,1524,1525],{},"Local OpenClaw gateway → MultiClaw Cloud",[542,1527,1528,1504],{},[15,1529,954],{},[542,1531,1532],{},"Long-lived workspace auth token stored locally; per-session short-lived signed token (memory only)",[542,1534,1535],{},"Heartbeats, agent status, task execution updates, configuration sync",[542,1537,1538],{},"Separate trust zone from the desktop app; each uses its own credentials",[525,1540,1541,1544,1550,1553,1556],{},[542,1542,1543],{},"Desktop app → local OpenClaw gateway",[542,1545,1546,1549],{},[15,1547,1548],{},"HTTP on localhost"," (127.0.0.1)",[542,1551,1552],{},"Session token generated at gateway start",[542,1554,1555],{},"Agent commands, conversation messages, local status queries",[542,1557,1558],{},"Not exposed on any network interface",[525,1560,1561,1564,1570,1573,1576],{},[542,1562,1563],{},"Cloud desktop viewer",[542,1565,1566,1569],{},[15,1567,1568],{},"WebRTC DataChannel"," (DTLS\u002FSCTP)",[542,1571,1572],{},"ICE negotiated via MultiClaw Cloud over WSS",[542,1574,1575],{},"JPEG video frames and input events",[542,1577,1578],{},"TURN relay used when direct peer-to-peer is unavailable",[525,1580,1581,1584,1588,1591,1594],{},[542,1582,1583],{},"LLM provider API calls",[542,1585,1586],{},[15,1587,943],{},[542,1589,1590],{},"API key stored encrypted in MultiClaw Cloud, pushed to your instance during config sync",[542,1592,1593],{},"Prompts, model responses, and tool-call payloads",[542,1595,1596],{},"Encrypted at rest and in transit; does not appear in agent responses, transcripts, or logs",[27,1598,1600],{"id":1599},"desktop-app-to-multiclaw-cloud","Desktop app to MultiClaw Cloud",[11,1602,1603,1604,1606,1607,1609,1610,1612,1613,1615],{},"Your desktop app connects to MultiClaw Cloud over ",[15,1605,943],{}," for API calls and ",[15,1608,954],{}," for real-time events. Both require ",[15,1611,1515],{}," at minimum; ",[15,1614,1519],{}," is preferred when available.",[11,1617,1618,1619,1622,1623,1625,1626,1629],{},"Authentication uses a ",[15,1620,1621],{},"bearer token"," issued when you sign in. The desktop app stores this token in the WebView's local storage, where it persists until you sign out. The ",[15,1624,954],{}," connection uses a separate ",[15,1627,1628],{},"short-lived HMAC token"," that expires and refreshes automatically. Even if a WebSocket token is compromised, its short lifespan limits exposure.",[11,1631,1632],{},"The desktop app always initiates outbound connections. MultiClaw Cloud does not initiate connections back to your machine.",[11,1634,1635],{},"If the HTTPS or WSS connection drops, the desktop app reconnects automatically and re-authenticates with the existing bearer token. You don't need to sign in again unless the token has been revoked (for example, after a password change or a forced sign-out by a workspace owner).",[27,1637,1639],{"id":1638},"local-openclaw-gateway-to-multiclaw-cloud","Local OpenClaw gateway to MultiClaw Cloud",[11,1641,1642,1643,1645],{},"The local OpenClaw gateway maintains its own ",[15,1644,954],{}," connection to MultiClaw Cloud. This connection operates in a separate trust zone from the desktop app — each uses its own credentials and neither shares tokens with the other.",[11,1647,1648,1649,1651],{},"The gateway authenticates with a long-lived workspace auth token stored in ",[106,1650,108],{},". For each WebSocket session, the gateway generates a separate short-lived signed token in memory and does not write it to disk. When the session ends, the gateway discards the token and generates a new one on reconnect.",[11,1653,1654],{},"If the gateway's WebSocket connection drops, the gateway reconnects and generates a fresh short-lived session token. Running tasks continue locally during brief outages — status updates sync to MultiClaw Cloud once the connection is restored.",[11,1656,62,1657,1659],{},[64,1658,158],{"href":157}," for details on how these tokens are managed.",[27,1661,1663],{"id":1662},"desktop-app-to-local-openclaw-gateway","Desktop app to local OpenClaw gateway",[11,1665,1666,1667,1670],{},"The desktop app communicates with the local OpenClaw gateway over ",[15,1668,1669],{},"HTTP on 127.0.0.1"," (localhost). This connection stays on your machine and is not exposed on any network interface — only local software can reach it.",[11,1672,1618,1673,1676],{},[15,1674,1675],{},"session token"," generated when the gateway starts. The gateway verifies the token on every request using HMAC-SHA256 and does not transmit it outside your machine.",[11,1678,1679],{},"Because this connection stays on localhost, it does not use TLS. The traffic never leaves your machine's loopback interface, so network-level interception is not possible under normal operating conditions.",[27,1681,981],{"id":1682},"cloud-desktop-viewer-webrtc",[11,1684,1685,1686,1688],{},"When you view a cloud desktop, the video stream travels over a ",[15,1687,1568],{}," using DTLS\u002FSCTP encryption. The cloud desktop sends JPEG frames directly to your desktop app, and the two endpoints negotiate a direct connection when possible.",[11,1690,1691,1692,1695],{},"If a direct connection is not possible (for example, due to a restrictive firewall), MultiClaw provides a ",[15,1693,1694],{},"TURN relay"," to carry the stream. The relay forwards encrypted data without decrypting it.",[11,1697,1698,1699,1701],{},"Connection negotiation (ICE candidates) runs through MultiClaw Cloud over the same ",[15,1700,954],{}," channel used for real-time communication. ICE candidate exchange is authenticated through the existing WSS session, so unauthenticated parties cannot inject candidates.",[27,1703,1583],{"id":1704},"llm-provider-api-calls",[11,1706,1707,1708,1711,1712,22],{},"The local OpenClaw gateway calls your LLM provider (for example, ",[106,1709,1710],{},"api.openai.com",") directly over ",[15,1713,943],{},[11,1715,1716],{},"MultiClaw Cloud stores your API key in encrypted form and delivers it to your instance during configuration sync. AES-256-GCM encryption, keyed to the instance token, protects the key in transit. On the instance, the gateway decrypts the key and uses it to call your LLM provider directly.",[11,1718,1719],{},"The API key does not appear in agent responses, transcripts, or logs returned to MultiClaw Cloud.",[11,1721,1722],{},"If you rotate your API key or change providers, update the key in your workspace settings. The new key takes effect on the next configuration sync.",[27,1724,1726],{"id":1725},"outbound-connections-and-ports","Outbound connections and ports",[11,1728,1729,1730,1733],{},"MultiClaw makes only outbound connections from your machine. The desktop app does not open any inbound TCP or UDP ports. The local OpenClaw gateway listens only on ",[15,1731,1732],{},"localhost (127.0.0.1)",", so other devices on your network cannot reach it.",[11,1735,1736],{},"The table below lists every external host and port MultiClaw connects to. Share this with your IT team if you need firewall or proxy allowlisting.",[519,1738,1739,1754],{},[522,1740,1741],{},[525,1742,1743,1746,1749,1752],{},[528,1744,1745],{},"Service",[528,1747,1748],{},"Host",[528,1750,1751],{},"Port",[528,1753,931],{},[537,1755,1756,1774,1790,1811,1827],{},[525,1757,1758,1761,1766,1771],{},[542,1759,1760],{},"MultiClaw Cloud (API + WebSocket)",[542,1762,1763],{},[106,1764,1765],{},"*.multiclaw.io",[542,1767,1768],{},[106,1769,1770],{},"443",[542,1772,1773],{},"HTTPS, WSS",[525,1775,1776,1779,1784,1788],{},[542,1777,1778],{},"Cloud desktop relay (signaling)",[542,1780,1781],{},[106,1782,1783],{},"turn.multiclaw.io",[542,1785,1786],{},[106,1787,1770],{},[542,1789,943],{},[525,1791,1792,1795,1799,1808],{},[542,1793,1794],{},"Cloud desktop relay (media)",[542,1796,1797],{},[106,1798,1783],{},[542,1800,1801,1804,1805],{},[106,1802,1803],{},"3478",", ",[106,1806,1807],{},"5349",[542,1809,1810],{},"UDP",[525,1812,1813,1816,1821,1825],{},[542,1814,1815],{},"Auto-updater",[542,1817,1818],{},[106,1819,1820],{},"cdn.multiclaw.io",[542,1822,1823],{},[106,1824,1770],{},[542,1826,943],{},[525,1828,1829,1832,1840,1844],{},[542,1830,1831],{},"LLM providers (varies by config)",[542,1833,1834,1835,1804,1837],{},"e.g. ",[106,1836,1710],{},[106,1838,1839],{},"api.anthropic.com",[542,1841,1842],{},[106,1843,1770],{},[542,1845,943],{},[11,1847,1848],{},"You only need to allowlist the LLM provider hosts for the models you've configured.",[381,1850,1851],{"type":407},[11,1852,1853,1854,1857,1858,1860,1861,1864,1865,1867,1868,1872],{},"If your network blocks outbound UDP, set ",[15,1855,1856],{},"WebRTC connection mode"," to ",[15,1859,1694],{}," in ",[15,1862,1863],{},"Settings → Gateway → Browser Automation",". This routes cloud desktop traffic over TCP port ",[106,1866,1770],{}," instead. See ",[64,1869,1871],{"href":1870},"\u002Fhelp\u002Ftroubleshooting\u002Fconnections-blocked-by-a-firewall-or-proxy","Connections blocked by a firewall or proxy"," for full troubleshooting steps.",[27,1874,1876],{"id":1875},"tls-and-certificate-verification","TLS and certificate verification",[11,1878,1879,1880,1882,1883,1885],{},"All external connections use ",[15,1881,1515],{}," at minimum, with ",[15,1884,1519],{}," preferred when both endpoints support it. The localhost connection between the desktop app and the local OpenClaw gateway is the only unencrypted path, and that traffic never leaves your machine.",[11,1887,1888,1889,1892],{},"TLS certificate verification uses your ",[15,1890,1891],{},"operating system's trust store",". MultiClaw does not currently pin certificates — it trusts the same certificate authorities your OS trusts.",[381,1894,1895],{"type":383},[11,1896,1897,1898,1900,1901,1903],{},"If your network uses deep packet inspection (DPI) that intercepts and re-signs TLS traffic, WebSocket and WebRTC connections may fail even when the domain is allowlisted. Ask your IT team to exclude ",[106,1899,1765],{}," and ",[106,1902,1783],{}," from DPI inspection.",[27,1905,1907],{"id":1906},"proxy-support","Proxy support",[11,1909,1910,1911,1900,1914,1917],{},"MultiClaw respects the system ",[106,1912,1913],{},"HTTP_PROXY",[106,1915,1916],{},"HTTPS_PROXY"," environment variables. Set these in your shell profile or system environment settings before launching the app. No additional proxy configuration is needed inside MultiClaw.",{"title":265,"searchDepth":266,"depth":266,"links":1919},[1920,1921,1922,1923,1924,1925,1926,1927,1928],{"id":1469,"depth":266,"text":1470},{"id":1599,"depth":266,"text":1600},{"id":1638,"depth":266,"text":1639},{"id":1662,"depth":266,"text":1663},{"id":1682,"depth":266,"text":981},{"id":1704,"depth":266,"text":1583},{"id":1725,"depth":266,"text":1726},{"id":1875,"depth":266,"text":1876},{"id":1906,"depth":266,"text":1907},"How MultiClaw secures every network connection using TLS, authenticated tokens, and no inbound ports.",{},6,"\u002Fsecurity-privacy\u002Fnetwork-security",[490,290,293],{"title":67,"description":1929},"network-security","help\u002Fsecurity-privacy\u002F06.network-security","yeEOmYYO8SAKtVIU9P-lN5DuDXT7TsATmI06m_VuXt8","Network security How MultiClaw secures every network connection using TLS, authenticated tokens, and no inbound ports.",{"id":1940,"title":176,"body":1941,"category":281,"description":2285,"draft":283,"extension":284,"meta":2286,"navigation":286,"order":2287,"path":2288,"relatedArticles":2289,"seo":2291,"slug":2292,"stem":2293,"updatedAt":298,"__hash__":2294,"excerpt":2285,"searchText":2295},"help\u002Fhelp\u002Fsecurity-privacy\u002F07.desktop-app-security.md",{"type":8,"value":1942,"toc":2268},[1943,1949,1953,1964,1967,1971,1985,1989,1992,1996,2007,2010,2015,2019,2026,2061,2064,2068,2073,2076,2080,2094,2097,2101,2104,2142,2145,2149,2152,2182,2185,2189,2192,2208,2211,2214,2218,2221,2231,2235,2238,2264],[11,1944,1945,1946,1948],{},"The MultiClaw desktop app is built on ",[15,1947,169],{},", a Rust-based framework designed to minimize the attack surface. Every security layer described below is enabled by default — you don't need to configure anything.",[27,1950,1952],{"id":1951},"tauri-capability-model","Tauri capability model",[11,1954,1955,1956,1959,1960,1963],{},"The UI runs inside a ",[15,1957,1958],{},"WebView"," that is designed to have no direct access to the filesystem, processes, or system calls. To perform a privileged operation, the frontend must invoke a declared ",[15,1961,1962],{},"IPC command"," in the Rust core. Commands not listed in the capability configuration are blocked by the framework.",[11,1965,1966],{},"This boundary is designed to prevent a compromised script in the UI from escalating to the system layer through undeclared paths. The separation is enforced by Tauri's capability model at the framework level, not by application-layer runtime checks.",[351,1968,1970],{"id":1969},"what-the-capability-model-covers","What the capability model covers",[35,1972,1973,1979],{},[38,1974,1975,1978],{},[15,1976,1977],{},"UI-to-system isolation",": the WebView is designed to be unable to reach the filesystem, execute shell commands, or access system APIs unless a specific IPC command is declared and exposed by the Rust core.",[38,1980,1981,1984],{},[15,1982,1983],{},"Least privilege by default",": only the commands the app explicitly declares in its capability configuration are available. Everything else is blocked at the framework level.",[351,1986,1988],{"id":1987},"what-the-capability-model-does-not-cover","What the capability model does not cover",[11,1990,1991],{},"The capability model isolates the WebView from the system. It does not protect against threats that originate outside the app, such as malware running at the OS level or a compromised system process. OS-level security (disk encryption, user account controls, endpoint protection) remains your responsibility.",[27,1993,1995],{"id":1994},"content-security-policy","Content Security Policy",[11,1997,1998,1999,2002,2003,2006],{},"The WebView enforces a strict ",[15,2000,2001],{},"Content Security Policy (CSP)"," that blocks inline scripts, ",[106,2004,2005],{},"eval()",", and external script loading. This substantially limits what an attacker can do with a cross-site scripting (XSS) vector in the UI layer.",[11,2008,2009],{},"The CSP is set at the framework level and applies to every page rendered inside the app. Combined with the Tauri capability model, CSP acts as a second barrier: even if a script bypasses one layer, the other limits what that script can reach.",[381,2011,2012],{"type":675},[11,2013,2014],{},"CSP reduces the impact of XSS but does not eliminate all injection risks. It is one layer in a defense-in-depth approach.",[27,2016,2018],{"id":2017},"webview-rendering-engine","WebView rendering engine",[11,2020,2021,2022,2025],{},"Tauri v2 uses the ",[15,2023,2024],{},"operating system's built-in WebView"," rather than bundling a separate browser engine:",[519,2027,2028,2038],{},[522,2029,2030],{},[525,2031,2032,2035],{},[528,2033,2034],{},"Platform",[528,2036,2037],{},"WebView engine",[537,2039,2040,2047,2054],{},[525,2041,2042,2044],{},[542,2043,1014],{},[542,2045,2046],{},"WebKit (provided by Safari)",[525,2048,2049,2051],{},[542,2050,1024],{},[542,2052,2053],{},"WebView2 (provided by Microsoft Edge)",[525,2055,2056,2058],{},[542,2057,1037],{},[542,2059,2060],{},"WebKitGTK",[11,2062,2063],{},"Because the WebView is provided by the OS, it receives security patches through your regular OS updates. Keeping your operating system current is one of the most effective ways to maintain desktop app security.",[27,2065,2067],{"id":2066},"update-integrity","Update integrity",[11,2069,211,2070,2072],{},[15,2071,214],{}," (Ed25519 public-key cryptography). Before installing an update, the updater verifies the signature against the embedded public key.",[11,2074,2075],{},"If verification fails, the update is rejected, and your current version stays unchanged. The app does not apply partially downloaded or unsigned updates.",[351,2077,2079],{"id":2078},"how-updates-work","How updates work",[366,2081,2082,2085,2088,2091],{},[38,2083,2084],{},"The app checks for available updates.",[38,2086,2087],{},"If a new version is found, the app downloads the update package and its signature file.",[38,2089,2090],{},"The updater verifies the signature against the public key embedded in your current installation.",[38,2092,2093],{},"If the signature is valid, the update is applied. If not, the update is discarded.",[11,2095,2096],{},"You can continue using the app while updates download. The update takes effect the next time you restart the app.",[27,2098,2100],{"id":2099},"code-signing","Code signing",[11,2102,2103],{},"Every release is signed to protect against tampering.",[519,2105,2106,2115],{},[522,2107,2108],{},[525,2109,2110,2112],{},[528,2111,2034],{},[528,2113,2114],{},"Signing method",[537,2116,2117,2124,2134],{},[525,2118,2119,2121],{},[542,2120,1014],{},[542,2122,2123],{},"Apple Developer ID certificate, notarized by Apple",[525,2125,2126,2128],{},[542,2127,1024],{},[542,2129,2130,2131,2133],{},"Updater artifacts signed with ",[15,2132,214],{}," (Ed25519)",[525,2135,2136,2138],{},[542,2137,1037],{},[542,2139,2130,2140,2133],{},[15,2141,214],{},[11,2143,2144],{},"On macOS, the operating system verifies the Developer ID certificate when you first open the app and blocks unsigned or tampered binaries. On Windows and Linux, the OS does not perform native binary verification, but the Tauri updater independently verifies the minisign signature before applying any update.",[351,2146,2148],{"id":2147},"verify-your-installation-on-macos","Verify your installation on macOS",[11,2150,2151],{},"You can confirm the app's code signature by running this command in Terminal:",[2153,2154,2158],"pre",{"className":2155,"code":2156,"language":2157,"meta":265,"style":265},"language-bash shiki shiki-themes github-light github-dark","codesign --verify --deep --strict \u002FApplications\u002FMultiClaw.app\n","bash",[106,2159,2160],{"__ignoreMap":265},[2161,2162,2164,2168,2172,2175,2178],"span",{"class":2163,"line":287},"line",[2161,2165,2167],{"class":2166},"sScJk","codesign",[2161,2169,2171],{"class":2170},"sj4cs"," --verify",[2161,2173,2174],{"class":2170}," --deep",[2161,2176,2177],{"class":2170}," --strict",[2161,2179,2181],{"class":2180},"sZZnC"," \u002FApplications\u002FMultiClaw.app\n",[11,2183,2184],{},"If the signature is valid, the command produces no output. If the binary has been tampered with, you'll see an error message.",[27,2186,2188],{"id":2187},"filesystem-access-scope","Filesystem access scope",[11,2190,2191],{},"The Rust core limits file access to known data directories:",[35,2193,2194,2199,2205],{},[38,2195,2196,2198],{},[106,2197,1198],{},": agent data, sessions, configuration, and logs managed by OpenClaw",[38,2200,2201,2204],{},[106,2202,2203],{},"~\u002F.multiclaw\u002F",": app preferences, workflow recordings, drafts, and MultiClaw-specific logs",[38,2206,2207],{},"The OS temp directory: transient working files",[11,2209,2210],{},"Requests that target paths outside these directories are not served by the Rust core's file access commands.",[11,2212,2213],{},"When you attach a file to a chat message or export data, the app uses your operating system's file picker. Access is scoped to the file or location you select — the app does not request broader directory access through this flow.",[27,2215,2217],{"id":2216},"local-data-storage","Local data storage",[11,2219,2220],{},"Configuration files and session data are stored in the directories listed above. Authentication tokens are stored locally on your machine.",[381,2222,2223],{"type":407},[11,2224,2225,2226,1900,2228,2230],{},"If you share your computer, use a separate OS user account. Each OS account has its own ",[106,2227,2203],{},[106,2229,1198],{}," directories, keeping agent data and credentials isolated between users.",[27,2232,2234],{"id":2233},"your-responsibilities","Your responsibilities",[11,2236,2237],{},"The desktop app handles isolation, signing, and access scoping automatically. These protections work alongside your own security practices, not instead of them:",[35,2239,2240,2246,2252,2258],{},[38,2241,2242,2245],{},[15,2243,2244],{},"Keep your OS updated."," WebView security patches arrive through OS updates. Delaying updates delays security fixes.",[38,2247,2248,2251],{},[15,2249,2250],{},"Don't bypass code signing checks."," On macOS, don't disable Gatekeeper to run unsigned copies of the app. On Windows, install from official channels only.",[38,2253,2254,2257],{},[15,2255,2256],{},"Use a strong account password."," The app authenticates against MultiClaw Cloud. A weak password on your cloud account undermines the security of your local session.",[38,2259,2260,2263],{},[15,2261,2262],{},"Lock your computer."," Desktop app sessions persist while the app is open. Lock your screen when you step away to prevent unauthorized access.",[2265,2266,2267],"style",{},"html pre.shiki code .sScJk, html code.shiki .sScJk{--shiki-default:#6F42C1;--shiki-dark:#B392F0}html pre.shiki code .sj4cs, html code.shiki .sj4cs{--shiki-default:#005CC5;--shiki-dark:#79B8FF}html pre.shiki code .sZZnC, html code.shiki .sZZnC{--shiki-default:#032F62;--shiki-dark:#9ECBFF}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":265,"searchDepth":266,"depth":266,"links":2269},[2270,2274,2275,2276,2279,2282,2283,2284],{"id":1951,"depth":266,"text":1952,"children":2271},[2272,2273],{"id":1969,"depth":481,"text":1970},{"id":1987,"depth":481,"text":1988},{"id":1994,"depth":266,"text":1995},{"id":2017,"depth":266,"text":2018},{"id":2066,"depth":266,"text":2067,"children":2277},[2278],{"id":2078,"depth":481,"text":2079},{"id":2099,"depth":266,"text":2100,"children":2280},[2281],{"id":2147,"depth":481,"text":2148},{"id":2187,"depth":266,"text":2188},{"id":2216,"depth":266,"text":2217},{"id":2233,"depth":266,"text":2234},"The desktop app isolates the UI from the system, signs every update, and restricts file access — all enabled by default.",{},7,"\u002Fsecurity-privacy\u002Fdesktop-app-security",[490,2290,291,1165],"security-privacy\u002Fdependency-and-supply-chain-security",{"title":176,"description":2285},"desktop-app-security","help\u002Fsecurity-privacy\u002F07.desktop-app-security","rA3kcK7wiPbTOZxq3mlIvbAS0xgV-rG_VxIcoNqVJEE","Desktop app security The desktop app isolates the UI from the system, signs every update, and restricts file access — all enabled by default.",{"id":2297,"title":190,"body":2298,"category":281,"description":2537,"draft":283,"extension":284,"meta":2538,"navigation":286,"order":2539,"path":2540,"relatedArticles":2541,"seo":2544,"slug":2545,"stem":2546,"updatedAt":298,"__hash__":2547,"excerpt":2537,"searchText":2548},"help\u002Fhelp\u002Fsecurity-privacy\u002F08.browser-extension-security.md",{"type":8,"value":2299,"toc":2526},[2300,2306,2310,2313,2319,2325,2334,2340,2354,2360,2364,2374,2381,2388,2392,2422,2427,2431,2437,2450,2453,2455,2458,2477,2480,2483,2487,2501,2508,2512,2519],[11,2301,668,2302,2305],{},[15,2303,2304],{},"MultiClaw Chrome Extension"," is a Manifest v3 extension for Chrome, Edge, Brave, and other Chromium-based browsers. It records browser workflows and sends the recorded data to the desktop app over localhost. The extension requests only the permissions it needs and does not send anything to the internet.",[27,2307,2309],{"id":2308},"permissions","Permissions",[11,2311,2312],{},"The extension requests six permissions. Each has a specific, limited purpose.",[11,2314,2315,2318],{},[15,2316,2317],{},"activeTab",": Lets the extension interact with the currently active tab when you trigger an action from the popup.",[11,2320,2321,2324],{},[15,2322,2323],{},"tabs",": Lets the extension read tab URLs, titles, and indices across open tabs. Recording uses this to enumerate tabs and attach recording hooks to each one.",[11,2326,2327,2330,2331,2333],{},[15,2328,2329],{},"scripting",": Lets the extension inject the recording content script into a tab when recording begins. This works alongside ",[106,2332,2323],{}," to capture pages you navigate to during a session.",[11,2335,2336,2339],{},[15,2337,2338],{},"alarms",": Keeps the background service worker alive during long recordings by scheduling a keepalive alarm every 30 seconds.",[11,2341,2342,2345,2346,2349,2350,2353],{},[15,2343,2344],{},"storage",": Stores recording state and captured events in the browser's built-in storage. Recording state (active, paused, or idle) lives in ",[106,2347,2348],{},"chrome.storage.session"," and clears when you close the browser. Captured events live in ",[106,2351,2352],{},"chrome.storage.local"," and persist until transferred to the desktop app or automatically removed after 7 days, whichever comes first.",[11,2355,2356,2359],{},[15,2357,2358],{},"unlimitedStorage",": Removes the default storage quota so longer recordings do not lose events.",[351,2361,2363],{"id":2362},"host-permissions-and-content-script","Host permissions and content script",[11,2365,2366,2367,1900,2370,2373],{},"The extension's host permissions cover only ",[106,2368,2369],{},"http:\u002F\u002Flocalhost\u002F*",[106,2371,2372],{},"http:\u002F\u002F127.0.0.1\u002F*",". The extension does not request network access to any external domain.",[11,2375,2376,2377,2380],{},"The content script runs on all pages (",[106,2378,2379],{},"\u003Call_urls>",") so it can attach recording hooks to any site you visit. Without this scope, the extension would need to re-inject the content script each time you navigate to a new page during a recording — missing page transitions in the process.",[11,2382,2383,2384,2387],{},"Every event handler in the content script checks an ",[106,2385,2386],{},"isRecording"," flag before executing. When no recording is active, the handlers exit immediately. No clicks, keystrokes, or page content are captured outside a recording session.",[27,2389,2391],{"id":2390},"what-the-extension-does-not-do","What the extension does not do",[35,2393,2394,2400,2406,2416],{},[38,2395,2396,2399],{},[15,2397,2398],{},"Does not capture while idle",": The content script's event handlers are inactive unless a recording is in progress. No data is collected while you browse normally.",[38,2401,2402,2405],{},[15,2403,2404],{},"Does not transmit to MultiClaw Cloud directly",": The extension communicates only with the desktop app over localhost through a local HTTP relay. The desktop app handles any subsequent sync to MultiClaw Cloud, not the extension.",[38,2407,2408,2411,2412,2415],{},[15,2409,2410],{},"Does not store passwords",": The content script excludes password input fields (",[106,2413,2414],{},"input[type=\"password\"]",") from capture.",[38,2417,2418,2421],{},[15,2419,2420],{},"Does not access history or bookmarks",": The extension has no permissions for browser history or bookmark data.",[381,2423,2424],{"type":383},[11,2425,2426],{},"During an active recording, the extension does capture non-password form inputs such as text fields, dropdowns, and checkboxes. Avoid typing sensitive information like credit card numbers or personal IDs while a recording is in progress.",[27,2428,2430],{"id":2429},"data-flow-during-recording","Data flow during recording",[11,2432,2433,2434,2436],{},"When you start a recording, the content script captures DOM events (clicks, navigation, form inputs, keyboard shortcuts, and scrolls) and forwards them to the background service worker. The service worker buffers events in memory and periodically flushes them to ",[106,2435,2352],{}," to survive service worker restarts.",[11,2438,2439,2440,2443,2444,2447,2448,22],{},"When you stop and finalize the recording, the extension opens a ",[106,2441,2442],{},"multiclaw:\u002F\u002F"," deep link to wake the desktop app. It then transfers the complete event log to the desktop app's local relay server (",[106,2445,2446],{},"http:\u002F\u002F127.0.0.1:18799",") via an HTTP POST request. The desktop app stores the recording locally at ",[106,2449,1198],{},[11,2451,2452],{},"Once the transfer succeeds, the extension removes the events from local storage. If the transfer fails — for example, because the desktop app is not running — the events stay in local storage until the next successful transfer or the 7-day expiry. The extension transmits nothing to the internet during this process and communicates only with the desktop app over localhost.",[27,2454,1351],{"id":1350},[11,2456,2457],{},"Recorded data exists in two storage locations while the extension holds it:",[35,2459,2460,2469],{},[38,2461,2462,2465,2466,2468],{},[15,2463,2464],{},"Session storage"," (",[106,2467,2348],{},"): Stores the recording state (active, paused, or idle). This clears automatically when you close the browser.",[38,2470,2471,2465,2474,2476],{},[15,2472,2473],{},"Local storage",[106,2475,2352],{},"): Stores captured events. These persist until transferred to the desktop app or automatically removed after 7 days, whichever comes first.",[11,2478,2479],{},"After a successful transfer, the extension deletes events from local storage immediately. If the desktop app is unavailable for an extended period, the 7-day expiry acts as a safety net so recorded data does not accumulate indefinitely.",[11,2481,2482],{},"Uninstalling the extension removes all of its stored data from the browser.",[27,2484,2486],{"id":2485},"distribution-and-updates","Distribution and updates",[11,2488,2489,2490,2495,2496,2500],{},"The MultiClaw Chrome Extension is available from ",[64,2491,2494],{"href":2492,"rel":2493},"https:\u002F\u002Fdownload.multiclaw.io",[645],"download.multiclaw.io",". You install it manually (sideloaded) through your browser's developer mode rather than through the Chrome Web Store. See ",[64,2497,2499],{"href":2498},"\u002Fhelp\u002Fgetting-started\u002Finstall-the-companion-browser-extension","Install the MultiClaw Chrome Extension"," for step-by-step instructions.",[11,2502,2503,2504,2507],{},"Because the extension is sideloaded, your browser does not update it automatically. To update, download the latest version from ",[64,2505,2494],{"href":2492,"rel":2506},[645]," and replace the existing extension files in your browser's extension directory.",[351,2509,2511],{"id":2510},"verifying-the-extension","Verifying the extension",[11,2513,2514,2515,2518],{},"MultiClaw signs extension artifacts as part of the release process. Download the extension only from ",[64,2516,2494],{"href":2492,"rel":2517},[645]," to make sure you receive a signed, unmodified package. Do not install extension files obtained from third-party sources.",[11,2520,2521,2522,22],{},"Source code is not publicly available. To report a security concern, contact ",[64,2523,2525],{"href":2524},"mailto:security@multiclaw.io","security@multiclaw.io",{"title":265,"searchDepth":266,"depth":266,"links":2527},[2528,2531,2532,2533,2534],{"id":2308,"depth":266,"text":2309,"children":2529},[2530],{"id":2362,"depth":481,"text":2363},{"id":2390,"depth":266,"text":2391},{"id":2429,"depth":266,"text":2430},{"id":1350,"depth":266,"text":1351},{"id":2485,"depth":266,"text":2486,"children":2535},[2536],{"id":2510,"depth":481,"text":2511},"What permissions the MultiClaw Chrome Extension requests, how recorded data flows and is retained, and what the extension does not access.",{},8,"\u002Fsecurity-privacy\u002Fbrowser-extension-security",[490,2542,2543],"security-privacy\u002Fdesktop-app-security","getting-started\u002Finstall-the-companion-browser-extension",{"title":190,"description":2537},"browser-extension-security","help\u002Fsecurity-privacy\u002F08.browser-extension-security","BEWDCt7cd9ggBc60xRfEoutQw8GnDPT_zjbMy2OPpCU","Browser extension security What permissions the MultiClaw Chrome Extension requests, how recorded data flows and is retained, and what the extension does not access.",{"id":2550,"title":158,"body":2551,"category":281,"description":2837,"draft":283,"extension":284,"meta":2838,"navigation":286,"order":2839,"path":2840,"relatedArticles":2841,"seo":2842,"slug":2843,"stem":2844,"updatedAt":755,"__hash__":2845,"excerpt":2837,"searchText":2846},"help\u002Fhelp\u002Fsecurity-privacy\u002F09.how-credentials-and-secrets-are-stored.md",{"type":8,"value":2552,"toc":2828},[2553,2556,2650,2653,2656,2662,2665,2668,2672,2681,2689,2692,2698,2718,2721,2727,2734,2737,2740,2751,2755,2758,2772,2775,2780,2784,2787,2801,2803,2806,2820],[11,2554,2555],{},"MultiClaw stores your LLM API keys encrypted in MultiClaw Cloud, auth tokens in local config files protected by OS file permissions, and session tokens in memory only. The table below shows where each secret lives, how it's protected, and how to clear it.",[519,2557,2558,2574],{},[522,2559,2560],{},[525,2561,2562,2565,2568,2571],{},[528,2563,2564],{},"Secret",[528,2566,2567],{},"Where it lives",[528,2569,2570],{},"Encrypted at rest",[528,2572,2573],{},"Cleared by",[537,2575,2576,2590,2608,2623,2636],{},[525,2577,2578,2581,2584,2587],{},[542,2579,2580],{},"LLM API keys",[542,2582,2583],{},"MultiClaw Cloud database",[542,2585,2586],{},"Yes — AES-256 application-level encryption",[542,2588,2589],{},"Removing the key from your agent's settings",[525,2591,2592,2595,2602,2605],{},[542,2593,2594],{},"LLM API keys (cloud desktop sync)",[542,2596,2597,2598,2601],{},"Cloud desktop instance config (prefixed ",[106,2599,2600],{},"enc:",")",[542,2603,2604],{},"Yes — AES-256-GCM per-instance key",[542,2606,2607],{},"Instance reset or re-sync from MultiClaw Cloud",[525,2609,2610,2613,2617,2620],{},[542,2611,2612],{},"Gateway workspace auth token",[542,2614,2615],{},[106,2616,108],{},[542,2618,2619],{},"No — OS file permissions only",[542,2621,2622],{},"Removing the user from the workspace",[525,2624,2625,2628,2631,2633],{},[542,2626,2627],{},"Desktop app bearer token",[542,2629,2630],{},"Desktop app WebView local storage",[542,2632,2619],{},[542,2634,2635],{},"Signing out of the desktop app",[525,2637,2638,2641,2644,2647],{},[542,2639,2640],{},"WebSocket session tokens",[542,2642,2643],{},"Memory only — not written to disk",[542,2645,2646],{},"N\u002FA",[542,2648,2649],{},"Connection close or token expiry",[27,2651,2580],{"id":2652},"llm-api-keys",[11,2654,2655],{},"MultiClaw Cloud stores your LLM provider API keys in its database, encrypted at rest with application-level encryption.",[11,2657,2658,2659,2661],{},"When MultiClaw syncs your configuration to a cloud desktop, it re-encrypts each API key with AES-256-GCM using a per-instance key derived through HKDF-SHA256. MultiClaw writes the encrypted value (prefixed ",[106,2660,2600],{},") to the instance's local config. At runtime, the gateway decrypts the key in memory to call your LLM provider.",[11,2663,2664],{},"The desktop app and gateway are designed not to log configuration values. Under normal operation, keys do not appear in diagnostic logs.",[11,2666,2667],{},"To add, update, or remove an API key, open your agent's settings in MultiClaw Cloud. Changes sync to connected cloud desktops on the next configuration push. Removing a key from MultiClaw Cloud deletes the encrypted copy from every synced instance.",[27,2669,2671],{"id":2670},"workspace-auth-token","Workspace auth token",[11,2673,2674,2675,2677,2678,2680],{},"When you sign in, MultiClaw Cloud issues a long-lived auth token stored in ",[106,2676,108],{}," as a plain JSON string. The gateway uses this token to authenticate WebSocket connections to MultiClaw Cloud. The token is not encrypted at rest. OS file permissions on ",[106,2679,1198],{}," control read access.",[381,2682,2683],{"type":675},[11,2684,2685,2686,2688],{},"OS file permissions mean that only your operating system user account is intended to read the contents of ",[106,2687,1198],{},". If you share an OS-level user account with other people, they may be able to read the token. Treat your OS user account as the trust boundary for this file.",[11,2690,2691],{},"The token is scoped to your user account and is not designed to permit access to another user's data.",[11,2693,2694,2695,2697],{},"To revoke access after a device is lost, a workspace owner can remove the user on the ",[15,2696,389],{}," page in MultiClaw Cloud. MultiClaw does not currently offer per-device session revocation.",[381,2699,2700],{"type":407},[11,2701,2702,2703,2705,2706,2709,2710,2713,2714,2717],{},"On macOS and Linux, verify your ",[106,2704,1198],{}," directory permissions by running ",[106,2707,2708],{},"ls -ld ~\u002F.openclaw\u002F",". The output should show ",[106,2711,2712],{},"drwx------"," (owner-only access). On Windows, right-click the folder, open ",[15,2715,2716],{},"Properties → Security",", and confirm only your user account has read access.",[27,2719,2627],{"id":2720},"desktop-app-bearer-token",[11,2722,2723,2724,2726],{},"The desktop app uses a separate bearer token for its HTTP and real-time API calls to MultiClaw Cloud. It stores this token in its WebView local storage, not in ",[106,2725,108],{},", and does not encrypt it at rest.",[11,2728,2729,2730,2733],{},"This bearer token is distinct from the gateway workspace auth token. The gateway reads ",[106,2731,2732],{},"openclaw.json"," for its WebSocket connection, while the desktop app holds its own bearer token. Signing out of the desktop app clears the bearer token from local storage.",[27,2735,2640],{"id":2736},"websocket-session-tokens",[11,2738,2739],{},"Each WebSocket connection uses a short-lived HMAC-SHA256-signed token generated fresh for every session. These tokens exist in memory only while the connection is active and are not written to disk.",[11,2741,2742,2743,2746,2747,2750],{},"Token lifetime depends on the connection type: user session tokens expire after ",[15,2744,2745],{},"4 hours",", and daemon (cloud desktop) connection tokens expire after ",[15,2748,2749],{},"24 hours",". When a token expires, the system generates a new one automatically on reconnect.",[27,2752,2754],{"id":2753},"if-a-device-is-lost-or-compromised","If a device is lost or compromised",[11,2756,2757],{},"If you lose a device or suspect unauthorized access, take these steps in order:",[366,2759,2760,2766,2769],{},[38,2761,2762,2763,2765],{},"Ask a workspace owner to remove your user account on the ",[15,2764,389],{}," page in MultiClaw Cloud. This revokes the gateway workspace auth token stored on the device.",[38,2767,2768],{},"Sign in to MultiClaw Cloud from a trusted device and rotate any LLM API keys your agents use. Open your agent's settings, remove the current key, and add a new one.",[38,2770,2771],{},"If you use the same password elsewhere, change it. MultiClaw Cloud stores only a bcrypt hash of your password, but credential reuse remains a risk outside MultiClaw.",[11,2773,2774],{},"The desktop app bearer token is cleared when you sign out, but you cannot remotely sign out a lost device. Removing the user from the workspace is the primary revocation mechanism.",[381,2776,2777],{"type":383},[11,2778,2779],{},"MultiClaw does not currently offer per-device session revocation. Removing a user from the workspace revokes all of that user's tokens across every device.",[27,2781,2783],{"id":2782},"what-multiclaw-does-not-store","What MultiClaw does not store",[11,2785,2786],{},"MultiClaw does not retain the following values in their original form:",[35,2788,2789,2795],{},[38,2790,2791,2794],{},[15,2792,2793],{},"Plaintext passwords",": MultiClaw Cloud stores only a bcrypt hash of your password. Neither MultiClaw Cloud nor the desktop app is designed to retain the original password.",[38,2796,2797,2800],{},[15,2798,2799],{},"Browser cookies and session tokens",": MultiClaw is not designed to store cookies or session tokens from pages recorded during a workflow.",[27,2802,2234],{"id":2233},[11,2804,2805],{},"MultiClaw encrypts API keys at rest, scopes tokens to your user account, and keeps session tokens short-lived. The protections above assume:",[35,2807,2808,2811,2814,2817],{},[38,2809,2810],{},"Your OS user account is not shared with other people.",[38,2812,2813],{},"Your device has full-disk encryption enabled (FileVault on macOS, BitLocker on Windows, LUKS on Linux).",[38,2815,2816],{},"You sign out of the desktop app before lending or decommissioning a device.",[38,2818,2819],{},"You keep your device locked when unattended.",[11,2821,2822,2823,2825,2826,22],{},"Without these measures, unencrypted tokens in ",[106,2824,2732],{}," and local storage are accessible to anyone with physical access to the device. For a full breakdown of where platform protections end and yours begin, see ",[64,2827,262],{"href":261},{"title":265,"searchDepth":266,"depth":266,"links":2829},[2830,2831,2832,2833,2834,2835,2836],{"id":2652,"depth":266,"text":2580},{"id":2670,"depth":266,"text":2671},{"id":2720,"depth":266,"text":2627},{"id":2736,"depth":266,"text":2640},{"id":2753,"depth":266,"text":2754},{"id":2782,"depth":266,"text":2783},{"id":2233,"depth":266,"text":2234},"API keys are encrypted in MultiClaw Cloud, auth tokens rely on OS file permissions, and session tokens live in memory only.",{},9,"\u002Fsecurity-privacy\u002Fhow-credentials-and-secrets-are-stored",[290,490,751,1165],{"title":158,"description":2837},"how-credentials-and-secrets-are-stored","help\u002Fsecurity-privacy\u002F09.how-credentials-and-secrets-are-stored","zk_b1Ew5T-ezUvHLnuGENrO82-pDLoeQaYbEfcU6ESI","How credentials and secrets are stored API keys are encrypted in MultiClaw Cloud, auth tokens rely on OS file permissions, and session tokens live in memory only.",{"id":2848,"title":195,"body":2849,"category":281,"description":3233,"draft":283,"extension":284,"meta":3234,"navigation":286,"order":3235,"path":3236,"relatedArticles":3237,"seo":3238,"slug":194,"stem":3239,"updatedAt":755,"__hash__":3240,"excerpt":3233,"searchText":3241},"help\u002Fhelp\u002Fsecurity-privacy\u002F10.privacy-and-data-handling.md",{"type":8,"value":2850,"toc":3220},[2851,2854,2858,2864,2868,2886,2892,2895,2897,2904,2910,2918,2921,2924,2927,2931,2935,2938,2941,2944,2947,2967,2972,2976,2979,3044,3048,3051,3107,3111,3157,3161,3166,3170,3172,3175,3195,3200,3203],[11,2852,2853],{},"MultiClaw does not collect usage telemetry. Your conversation content stays on your device unless you choose to sync it to a workspace. Below is a complete breakdown of what data MultiClaw holds, how long it is retained, and the rights you have over it.",[27,2855,2857],{"id":2856},"no-telemetry","No telemetry",[11,2859,2860,2863],{},[15,2861,2862],{},"The desktop app collects no usage analytics, feature statistics, or behavioural telemetry."," There are no third-party analytics SDKs embedded in the app, and it does not transmit usage data to MultiClaw or any third party.",[27,2865,2867],{"id":2866},"app-logs","App logs",[11,2869,2870,2871,2874,2875,2878,2879,2882,2883,22],{},"The desktop app continuously writes diagnostic and activity logs to a file on your device at ",[106,2872,2873],{},"~\u002F.multiclaw\u002Flogs\u002Fapp.log",". Logs record structured operational events (startup, connectivity changes, errors), not conversation content. You can open the log viewer from ",[15,2876,2877],{},"Settings → General",", scroll to the ",[15,2880,2881],{},"App Logs"," card, and click ",[15,2884,2885],{},"Open Logs",[11,2887,2888,2891],{},[15,2889,2890],{},"App logs are not uploaded automatically."," You choose whether to share a log file with support.",[11,2893,2894],{},"Log files contain operational events including app version and OS identifier. They are not designed to contain conversation content or API keys.",[27,2896,1264],{"id":1263},[11,2898,2899,2900,2903],{},"Conversation content is stored ",[15,2901,2902],{},"locally on your device"," by default. MultiClaw does not use your conversation content to train, fine-tune, or evaluate AI models.",[11,2905,2906,2907,2909],{},"If you are connected to a workspace, conversations sync to ",[15,2908,112],{},". Synced conversations are encrypted in transit and at rest. MultiClaw processes this data on your behalf as a data processor.",[11,2911,2912,2913,2917],{},"When you run a task, your prompts and task context are sent to the LLM provider you have configured. See ",[64,2914,2916],{"href":2915},"#data-sharing","Data sharing"," below for details on how third parties handle your data.",[27,2919,1194],{"id":2920},"workflow-recordings",[11,2922,2923],{},"The MultiClaw Chrome Extension captures browser interactions only during an active recording session that you start. The extension does not monitor your browsing activity at any other time and does not collect browsing history.",[11,2925,2926],{},"Recordings are stored locally on your device. If you upload a recording to MultiClaw Cloud, it is encrypted at rest.",[11,2928,62,2929,191],{},[64,2930,190],{"href":189},[27,2932,2934],{"id":2933},"cookies-and-tracking","Cookies and tracking",[11,2936,2937],{},"The desktop app does not use browser cookies. MultiClaw Cloud uses session cookies only, which are strictly necessary to keep you signed in.",[11,2939,2940],{},"The marketing website at multiclaw.io uses analytics cookies that require your consent before they are set. MultiClaw does not use advertising or retargeting cookies on any of its properties.",[27,2942,2916],{"id":2943},"data-sharing",[11,2945,2946],{},"MultiClaw does not sell your personal data. Data is shared with third parties only in the following circumstances:",[35,2948,2949,2955,2961],{},[38,2950,2951,2954],{},[15,2952,2953],{},"LLM providers",": when an agent runs a task, your prompts and task context are sent to the provider you configured (such as OpenAI, Anthropic, or Google). Those providers process data under their own terms and privacy policies.",[38,2956,2957,2960],{},[15,2958,2959],{},"Infrastructure sub-processors",": MultiClaw uses a limited set of third-party infrastructure providers (cloud hosting, database, email delivery) engaged under data processing agreements that restrict them to processing data only on MultiClaw's documented instructions.",[38,2962,2963,2966],{},[15,2964,2965],{},"Legal requirements",": MultiClaw may disclose personal data where required by applicable law, court order, or regulatory authority.",[11,2968,2969,2970,22],{},"For the full list of sub-processors, see ",[64,2971,1347],{"href":1346},[27,2973,2975],{"id":2974},"personal-data-we-collect","Personal data we collect",[11,2977,2978],{},"MultiClaw Cloud holds the following personal data about you.",[519,2980,2981,2997],{},[522,2982,2983],{},[525,2984,2985,2988,2991,2994],{},[528,2986,2987],{},"Data type",[528,2989,2990],{},"Purpose",[528,2992,2993],{},"Legal basis",[528,2995,2996],{},"Retention",[537,2998,2999,3015,3029],{},[525,3000,3001,3006,3009,3012],{},[542,3002,3003],{},[15,3004,3005],{},"Name and email address",[542,3007,3008],{},"Account creation and authentication",[542,3010,3011],{},"Performance of contract (GDPR Art. 6(1)(b))",[542,3013,3014],{},"While your account is active; purged within 30 days of account deletion request",[525,3016,3017,3022,3025,3027],{},[542,3018,3019,3021],{},[15,3020,1238],{}," (member list, agent names, audit logs)",[542,3023,3024],{},"Workspace operation and governance",[542,3026,3011],{},[542,3028,3014],{},[525,3030,3031,3036,3039,3042],{},[542,3032,3033],{},[15,3034,3035],{},"IP address and user agent",[542,3037,3038],{},"Server access logs",[542,3040,3041],{},"Legitimate interests — security and abuse prevention (GDPR Art. 6(1)(f))",[542,3043,1391],{},[27,3045,3047],{"id":3046},"your-data-rights","Your data rights",[11,3049,3050],{},"You have the following rights under applicable data protection law (including GDPR and UK GDPR).",[35,3052,3053,3061,3070,3083,3091,3099],{},[38,3054,3055,3058,3059,22],{},[15,3056,3057],{},"Right to access",": request a copy of your data at any time by emailing ",[64,3060,1425],{"href":1424},[38,3062,3063,3066,3067,3069],{},[15,3064,3065],{},"Right to erasure",": request deletion of your account and associated data by emailing ",[64,3068,1425],{"href":1424},". MultiClaw responds to deletion requests within one calendar month.",[38,3071,3072,3075,3076,3078,3079,3082],{},[15,3073,3074],{},"Right to rectification",": update your name or email address in ",[15,3077,2877],{}," on the ",[15,3080,3081],{},"Account"," card.",[38,3084,3085,3088,3089,22],{},[15,3086,3087],{},"Right to portability",": request a machine-readable export of the personal data you have provided to MultiClaw by emailing ",[64,3090,1425],{"href":1424},[38,3092,3093,3096,3097,22],{},[15,3094,3095],{},"Right to restriction",": request that MultiClaw limit processing of your data in certain circumstances (for example, while the accuracy of your data is being contested) by emailing ",[64,3098,1425],{"href":1424},[38,3100,3101,3104,3105,22],{},[15,3102,3103],{},"Right to object",": object to processing of your personal data where that processing is based on legitimate interests by emailing ",[64,3106,1425],{"href":1424},[27,3108,3110],{"id":3109},"data-retention-summary","Data retention summary",[519,3112,3113,3122],{},[522,3114,3115],{},[525,3116,3117,3119],{},[528,3118,782],{},[528,3120,3121],{},"Retention period",[537,3123,3124,3132,3140,3146],{},[525,3125,3126,3129],{},[542,3127,3128],{},"Active account data",[542,3130,3131],{},"While your account is active",[525,3133,3134,3137],{},[542,3135,3136],{},"Deleted account data",[542,3138,3139],{},"Purged within 30 days of deletion request",[525,3141,3142,3144],{},[542,3143,3038],{},[542,3145,1391],{},[525,3147,3148,3150],{},[542,3149,2867],{},[542,3151,3152,3153,3156],{},"Stored locally at ",[106,3154,3155],{},"~\u002F.multiclaw\u002Flogs\u002F","; not uploaded unless you share them",[27,3158,3160],{"id":3159},"delete-your-data","Delete your data",[11,3162,1421,3163,3165],{},[64,3164,1425],{"href":1424},". After you close your account, you have 30 days to export your data before deletion begins.",[11,3167,62,3168,1433],{},[64,3169,1432],{"href":1431},[27,3171,2234],{"id":2233},[11,3173,3174],{},"MultiClaw protects your data in transit and at rest, but some aspects of privacy depend on your choices:",[35,3176,3177,3183,3189],{},[38,3178,3179,3182],{},[15,3180,3181],{},"Workspace sync",": if you connect to a workspace, conversations sync to MultiClaw Cloud. To keep conversations entirely local, don't connect to a workspace.",[38,3184,3185,3188],{},[15,3186,3187],{},"LLM provider selection",": MultiClaw sends your prompts to the provider you choose. Review each provider's data-use policy before configuring an agent.",[38,3190,3191,3194],{},[15,3192,3193],{},"Device security",": local data (config, conversations, agent definitions) is protected by OS file permissions. Enable full-disk encryption to protect it from physical access.",[11,3196,3197,3198,22],{},"For a full breakdown of where platform protections end and yours begin, see ",[64,3199,262],{"href":261},[11,3201,3202],{},"For deeper detail on related topics:",[35,3204,3205,3210,3215],{},[38,3206,3207,3209],{},[64,3208,127],{"href":126},": the full encryption model for local and cloud data.",[38,3211,3212,3214],{},[64,3213,141],{"href":140},": where each type of data is stored.",[38,3216,3217,3219],{},[64,3218,1301],{"href":1300},": the full legal privacy policy.",{"title":265,"searchDepth":266,"depth":266,"links":3221},[3222,3223,3224,3225,3226,3227,3228,3229,3230,3231,3232],{"id":2856,"depth":266,"text":2857},{"id":2866,"depth":266,"text":2867},{"id":1263,"depth":266,"text":1264},{"id":2920,"depth":266,"text":1194},{"id":2933,"depth":266,"text":2934},{"id":2943,"depth":266,"text":2916},{"id":2974,"depth":266,"text":2975},{"id":3046,"depth":266,"text":3047},{"id":3109,"depth":266,"text":3110},{"id":3159,"depth":266,"text":3160},{"id":2233,"depth":266,"text":2234},"MultiClaw collects no telemetry, keeps conversations local by default, and gives you full control over your personal data.",{},10,"\u002Fsecurity-privacy\u002Fprivacy-and-data-handling",[1165,290,293],{"title":195,"description":3233},"help\u002Fsecurity-privacy\u002F10.privacy-and-data-handling","U_27RD9fX6Rl-0R0Bh_vHok-zaDdQn2B-bxYV-nsbaE","Privacy and data handling MultiClaw collects no telemetry, keeps conversations local by default, and gives you full control over your personal data.",{"id":3243,"title":248,"body":3244,"category":281,"description":3502,"draft":283,"extension":284,"meta":3503,"navigation":286,"order":3504,"path":3505,"relatedArticles":3506,"seo":3508,"slug":3509,"stem":3510,"updatedAt":755,"__hash__":3511,"excerpt":3502,"searchText":3512},"help\u002Fhelp\u002Fsecurity-privacy\u002F11.incident-reporting-and-response.md",{"type":8,"value":3245,"toc":3494},[3246,3254,3258,3266,3292,3303,3311,3315,3318,3368,3377,3386,3389,3393,3396,3432,3436,3439,3442,3446,3454,3459,3461,3464,3489],[11,3247,3248,3249,3253],{},"To report a security vulnerability, email ",[15,3250,3251],{},[64,3252,2525],{"href":2524}," with a description of the issue, steps to reproduce, and the affected MultiClaw version. MultiClaw targets acknowledgement within 24 hours and triages all reports within 72 hours. The incident management process is informed by ISO\u002FIEC 27035.",[27,3255,3257],{"id":3256},"how-to-report-a-vulnerability","How to report a vulnerability",[11,3259,3260,3261,3265],{},"Email ",[15,3262,3263],{},[64,3264,2525],{"href":2524}," with the following details:",[35,3267,3268,3274,3280,3286],{},[38,3269,3270,3273],{},[15,3271,3272],{},"Description of the issue",": what you found, where it occurs, and what impact it may have.",[38,3275,3276,3279],{},[15,3277,3278],{},"Steps to reproduce",": a clear sequence another person could follow to confirm the issue.",[38,3281,3282,3285],{},[15,3283,3284],{},"Affected MultiClaw version",": the desktop app version, MultiClaw Cloud, or MultiClaw Chrome Extension version where you observed the issue.",[38,3287,3288,3291],{},[15,3289,3290],{},"Proof-of-concept"," (if available): screenshots, logs, or sample code that demonstrate the vulnerability.",[11,3293,3294,3295,3298,3299,3302],{},"For vulnerabilities with a CVSS score of ",[15,3296,3297],{},"7.0 or higher"," (High or Critical severity), use the subject line ",[15,3300,3301],{},"\"SECURITY — Critical\"",". This routes the report to the on-call security team for immediate triage.",[381,3304,3305],{"type":675},[11,3306,3307,3310],{},[15,3308,3309],{},"CVSS"," (Common Vulnerability Scoring System) is an industry-standard framework for rating the severity of security vulnerabilities on a scale from 0.0 to 10.0. MultiClaw uses CVSS scores to prioritize response and fix timelines.",[27,3312,3314],{"id":3313},"response-timelines","Response timelines",[11,3316,3317],{},"MultiClaw targets the following response and resolution timelines after a report is received.",[519,3319,3320,3333],{},[522,3321,3322],{},[525,3323,3324,3327,3330],{},[528,3325,3326],{},"Severity",[528,3328,3329],{},"CVSS range",[528,3331,3332],{},"Target resolution",[537,3334,3335,3346,3357],{},[525,3336,3337,3340,3343],{},[542,3338,3339],{},"Critical",[542,3341,3342],{},"9.0–10.0",[542,3344,3345],{},"Patch within 7 days",[525,3347,3348,3351,3354],{},[542,3349,3350],{},"High",[542,3352,3353],{},"7.0–8.9",[542,3355,3356],{},"Patch within 30 days",[525,3358,3359,3362,3365],{},[542,3360,3361],{},"Medium \u002F Low",[542,3363,3364],{},"Below 7.0",[542,3366,3367],{},"Scheduled in the next available release",[11,3369,3370,3373,3374,3376],{},[15,3371,3372],{},"Acknowledgement",": MultiClaw targets acknowledgement of all reports within ",[15,3375,2749],{}," of receipt.",[11,3378,3379,3382,3383,22],{},[15,3380,3381],{},"Triage",": severity classification is targeted for completion within ",[15,3384,3385],{},"72 hours",[11,3387,3388],{},"These timelines are targets, not guarantees. Complex vulnerabilities may require additional time to fix safely without introducing new issues.",[27,3390,3392],{"id":3391},"what-happens-during-an-incident","What happens during an incident",[11,3394,3395],{},"When a confirmed security incident affects customer data, MultiClaw follows a structured response process:",[366,3397,3398,3404,3410,3416,3426],{},[38,3399,3400,3403],{},[15,3401,3402],{},"Containment",": the security team identifies the scope of the incident and takes immediate steps to limit further exposure.",[38,3405,3406,3409],{},[15,3407,3408],{},"Regulatory notification",": MultiClaw notifies the relevant supervisory authority (such as the UK ICO) within 72 hours of confirming a personal data breach, as required by GDPR Article 33.",[38,3411,3412,3415],{},[15,3413,3414],{},"Customer notification",": where a breach is likely to result in a high risk to affected individuals, MultiClaw notifies those individuals without undue delay by email, as required by GDPR Article 34.",[38,3417,3418,3421,3422,3425],{},[15,3419,3420],{},"Status updates",": the MultiClaw Cloud status page at ",[15,3423,3424],{},"status.multiclaw.io"," is updated as the incident progresses.",[38,3427,3428,3431],{},[15,3429,3430],{},"Post-incident report",": for incidents with customer impact, MultiClaw publishes a post-incident report within 14 days of resolution. The report covers what happened, what data was affected, what steps were taken, and what changes were made to reduce the likelihood of recurrence.",[27,3433,3435],{"id":3434},"responsible-disclosure","Responsible disclosure",[11,3437,3438],{},"MultiClaw encourages responsible disclosure from security researchers. If you discover a vulnerability, report it through the process above before sharing details publicly. MultiClaw will work with you to understand and address the issue before any public disclosure.",[11,3440,3441],{},"Avoid posting vulnerability details in public forums, issue trackers, or social media until a fix has been released. This protects other users while the team resolves the issue.",[27,3443,3445],{"id":3444},"data-privacy-concerns","Data privacy concerns",[11,3447,3448,3449,3453],{},"For GDPR data subject requests, data breach reports, or questions about how MultiClaw handles your personal data, email ",[15,3450,3451],{},[64,3452,1425],{"href":1424},". MultiClaw responds to data subject requests within one calendar month, as required by GDPR.",[11,3455,62,3456,3458],{},[64,3457,195],{"href":203}," for full details on what data MultiClaw collects, retention periods, and your data rights.",[27,3460,2234],{"id":2233},[11,3462,3463],{},"Security incident response is a shared effort. While MultiClaw handles containment, regulatory notification, and resolution, you play a role in keeping your workspace secure:",[35,3465,3466,3477,3483],{},[38,3467,3468,3471,3472,3476],{},[15,3469,3470],{},"Report promptly",": if you notice unexpected agent behaviour, unauthorized access, or suspicious activity, report it to ",[15,3473,3474],{},[64,3475,2525],{"href":2524}," as soon as possible.",[38,3478,3479,3482],{},[15,3480,3481],{},"Preserve evidence",": avoid making changes that could overwrite logs or configuration before the security team has a chance to investigate.",[38,3484,3485,3488],{},[15,3486,3487],{},"Rotate compromised credentials",": if you suspect an API key or password has been exposed, rotate it immediately from your agent settings in MultiClaw Cloud.",[11,3490,3491,3492,22],{},"For a full breakdown of security responsibilities, see ",[64,3493,262],{"href":261},{"title":265,"searchDepth":266,"depth":266,"links":3495},[3496,3497,3498,3499,3500,3501],{"id":3256,"depth":266,"text":3257},{"id":3313,"depth":266,"text":3314},{"id":3391,"depth":266,"text":3392},{"id":3434,"depth":266,"text":3435},{"id":3444,"depth":266,"text":3445},{"id":2233,"depth":266,"text":2234},"Report vulnerabilities to security@multiclaw.io, with target acknowledgement in 24 hours and fix timelines based on CVSS severity.",{},11,"\u002Fsecurity-privacy\u002Fincident-reporting-and-response",[3507,294,490],"security-privacy\u002Fshared-responsibility-model",{"title":248,"description":3502},"incident-reporting-and-response","help\u002Fsecurity-privacy\u002F11.incident-reporting-and-response","W43rGireM3xgJWbN0_B8wL_50R2ybN9aP0ARKqOxcr8","Incident reporting and response Report vulnerabilities to security@multiclaw.io, with target acknowledgement in 24 hours and fix timelines based on CVSS severity.",{"id":3514,"title":221,"body":3515,"category":281,"description":3718,"draft":283,"extension":284,"meta":3719,"navigation":286,"order":3720,"path":3721,"relatedArticles":3722,"seo":3723,"slug":3724,"stem":3725,"updatedAt":755,"__hash__":3726,"excerpt":3718,"searchText":3727},"help\u002Fhelp\u002Fsecurity-privacy\u002F12.dependency-and-supply-chain-security.md",{"type":8,"value":3516,"toc":3706},[3517,3520,3524,3527,3556,3559,3563,3580,3584,3587,3590,3595,3599,3605,3611,3615,3622,3625,3629,3636,3646,3650,3657,3664,3666,3669,3701],[11,3518,3519],{},"Every release of MultiClaw includes third-party code: open-source libraries, language runtimes, and external service integrations. This article explains how MultiClaw controls that supply chain so you know what protections are in place and where your responsibilities begin.",[27,3521,3523],{"id":3522},"how-dependency-pinning-works","How dependency pinning works",[11,3525,3526],{},"MultiClaw pins every dependency to an exact resolved version before a release ships. Three lockfiles enforce this:",[35,3528,3529,3538,3547],{},[38,3530,3531,3534,3535],{},[15,3532,3533],{},"Frontend packages"," (JavaScript\u002FTypeScript): pinned in ",[106,3536,3537],{},"pnpm-lock.yaml",[38,3539,3540,3543,3544],{},[15,3541,3542],{},"Rust packages",": pinned in ",[106,3545,3546],{},"Cargo.lock",[38,3548,3549,3552,3553],{},[15,3550,3551],{},"PHP packages"," (MultiClaw Cloud): pinned in ",[106,3554,3555],{},"composer.lock",[11,3557,3558],{},"Each build rejects any installed package that differs from the lockfile. This means every build uses the same dependency graph that was tested.",[351,3560,3562],{"id":3561},"lockfiles-and-version-ranges","Lockfiles and version ranges",[11,3564,3565,3566,1804,3569,1804,3572,3575,3576,3579],{},"Manifest files (",[106,3567,3568],{},"package.json",[106,3570,3571],{},"Cargo.toml",[106,3573,3574],{},"composer.json",") define version ranges (for example, ",[106,3577,3578],{},"^1.2.0",") that specify which future versions are acceptable. The lockfiles override those ranges with exact versions. A dependency only moves to a newer version when a developer explicitly updates the lockfile, the test suite passes, and the change goes through code review.",[27,3581,3583],{"id":3582},"vulnerability-scanning","Vulnerability scanning",[11,3585,3586],{},"Dependency vulnerability scanning is not yet automated in the build pipeline. There are no automated scanning tools running as part of the CI workflow.",[11,3588,3589],{},"When a dependency is updated, the change is reviewed manually. Vulnerability detection currently relies on developers monitoring advisories during updates rather than continuous automated scanning.",[381,3591,3592],{"type":675},[11,3593,3594],{},"Automated vulnerability scanning is planned but not yet in place. Until it is, lockfile pinning limits exposure by ensuring no dependency changes reach a release without a reviewed, committed lockfile update.",[27,3596,3598],{"id":3597},"update-verification","Update verification",[11,3600,3601,3602,3604],{},"The desktop app uses the Tauri updater, which signs every release with ",[15,3603,214],{}," (Ed25519 public-key signatures). Before installing an update, the updater verifies the cryptographic signature against the public key embedded in the current installation. If verification fails, the update is rejected and your current version stays unchanged.",[11,3606,3607,3608,3610],{},"This protects against tampered downloads and man-in-the-middle attacks during the update process. See ",[64,3609,176],{"href":175}," for the full update flow and code-signing details.",[351,3612,3614],{"id":3613},"openclaw-binary","OpenClaw binary",[11,3616,3617,3618,3621],{},"The OpenClaw binary is not downloaded or managed by MultiClaw. You install it separately using Homebrew, winget, apt, or the OpenClaw install script. The desktop app detects the binary on your system ",[106,3619,3620],{},"PATH"," and confirms it is a compatible version before connecting to the gateway.",[11,3623,3624],{},"MultiClaw does not verify the OpenClaw binary's integrity. The binary's authenticity depends on the package manager you used to install it and any code-signing your operating system enforces.",[27,3626,3628],{"id":3627},"third-party-services","Third-party services",[11,3630,3631,3632,3635],{},"New third-party services that process your data go through a security review and require a signed ",[15,3633,3634],{},"Data Processing Agreement (DPA)"," before onboarding. This applies to any service that handles task content, agent output, or account information.",[11,3637,3638,3639,3641,3642,3645],{},"For the current list of subprocessors, contact ",[64,3640,1425],{"href":1424},". See the ",[64,3643,1301],{"href":3644},"\u002Fprivacy"," for details on how subprocessor changes are communicated.",[27,3647,3649],{"id":3648},"open-source-licensing","Open-source licensing",[11,3651,3652,3653,22],{},"MultiClaw is built on open-source components. Dependencies are selected from projects with OSI-approved licenses to reduce the risk of proprietary or restrictive license obligations. License notices are included in the software distribution, as described in the ",[64,3654,3656],{"href":3655},"\u002Fterms","Terms of Service",[11,3658,3659,3660,3663],{},"A ",[15,3661,3662],{},"software bill of materials (SBOM)"," — a machine-readable inventory of every third-party component in a given release — is planned for a future release. When available, it will let you audit the exact libraries and versions included in any MultiClaw build.",[27,3665,2234],{"id":2233},[11,3667,3668],{},"Supply-chain security is a shared effort. MultiClaw pins dependencies, signs updates, and reviews third-party services. You are responsible for:",[35,3670,3671,3677,3683,3695],{},[38,3672,3673,3676],{},[15,3674,3675],{},"Keeping the desktop app updated."," Auto-updates are enabled by default. Do not disable them — updates include security patches for both MultiClaw and its bundled dependencies.",[38,3678,3679,3682],{},[15,3680,3681],{},"Keeping your operating system updated."," The desktop app's WebView is provided by your OS. WebView security patches arrive through OS updates.",[38,3684,3685,3688,3689,3694],{},[15,3686,3687],{},"Verifying OpenClaw's source."," Since MultiClaw does not verify the OpenClaw binary, install it from an official source (Homebrew, winget, apt, or ",[64,3690,3693],{"href":3691,"rel":3692},"https:\u002F\u002Fopenclaw.ai",[645],"openclaw.ai",").",[38,3696,3697,3700],{},[15,3698,3699],{},"Reviewing third-party MCP servers."," MultiClaw does not audit third-party MCP servers you add. Verify the source and permissions of any MCP server before connecting it.",[11,3702,3703,3704,22],{},"For the full breakdown of provider and customer responsibilities, see ",[64,3705,262],{"href":261},{"title":265,"searchDepth":266,"depth":266,"links":3707},[3708,3711,3712,3715,3716,3717],{"id":3522,"depth":266,"text":3523,"children":3709},[3710],{"id":3561,"depth":481,"text":3562},{"id":3582,"depth":266,"text":3583},{"id":3597,"depth":266,"text":3598,"children":3713},[3714],{"id":3613,"depth":481,"text":3614},{"id":3627,"depth":266,"text":3628},{"id":3648,"depth":266,"text":3649},{"id":2233,"depth":266,"text":2234},"How MultiClaw pins dependencies, verifies updates, and manages third-party components in the supply chain.",{},12,"\u002Fsecurity-privacy\u002Fdependency-and-supply-chain-security",[490,2542,3507],{"title":221,"description":3718},"dependency-and-supply-chain-security","help\u002Fsecurity-privacy\u002F12.dependency-and-supply-chain-security","9fsseaw9NJ60aqjm0MoK2zT-YIuxir-t-ze8VUaFFiA","Dependency and supply chain security How MultiClaw pins dependencies, verifies updates, and manages third-party components in the supply chain.",{"id":3729,"title":226,"body":3730,"category":281,"description":4166,"draft":283,"extension":284,"meta":4167,"navigation":286,"order":4168,"path":4169,"relatedArticles":4170,"seo":4171,"slug":225,"stem":4172,"updatedAt":755,"__hash__":4173,"excerpt":4166,"searchText":4174},"help\u002Fhelp\u002Fsecurity-privacy\u002F13.allowed-external-connections.md",{"type":8,"value":3731,"toc":4154},[3732,3735,3739,3744,3748,3751,3928,3932,3935,3953,3956,3959,3965,3968,3971,3977,3980,3984,3991,3997,4000,4003,4009,4017,4021,4032,4044,4047,4050,4056,4060,4066,4069,4073,4076,4149],[11,3733,3734],{},"The desktop app and gateway make outbound connections to MultiClaw Cloud, your configured LLM providers, and a few supporting services. Connections to LLM providers and custom MCP servers activate only after you set them up — no traffic reaches a provider you haven't configured.",[11,3736,3737],{},[56,3738],{"alt":58,"src":59},[11,3740,3741,3742,22],{},"For port, protocol, and firewall allowlisting details, see ",[64,3743,67],{"href":66},[27,3745,3747],{"id":3746},"connection-inventory","Connection inventory",[11,3749,3750],{},"Some connections in this table are conditional. LLM provider entries activate only when you've added a matching API key. Custom MCP server entries appear only after you've enabled an MCP server in your settings.",[519,3752,3753,3766],{},[522,3754,3755],{},[525,3756,3757,3759,3761,3763],{},[528,3758,928],{},[528,3760,1748],{},[528,3762,931],{},[528,3764,3765],{},"When it occurs",[537,3767,3768,3783,3798,3811,3826,3840,3854,3869,3884,3899,3914],{},[525,3769,3770,3773,3778,3780],{},[542,3771,3772],{},"MultiClaw Cloud (API)",[542,3774,3775],{},[106,3776,3777],{},"api.multiclaw.io",[542,3779,943],{},[542,3781,3782],{},"While the gateway is running and connected",[525,3784,3785,3788,3793,3795],{},[542,3786,3787],{},"MultiClaw Cloud (WebSocket)",[542,3789,3790],{},[106,3791,3792],{},"ws.multiclaw.io",[542,3794,954],{},[542,3796,3797],{},"While the gateway is running",[525,3799,3800,3802,3806,3808],{},[542,3801,1815],{},[542,3803,3804],{},[106,3805,1820],{},[542,3807,943],{},[542,3809,3810],{},"On app launch and when you check for updates",[525,3812,3813,3816,3820,3823],{},[542,3814,3815],{},"TURN relay (WebRTC)",[542,3817,3818],{},[106,3819,1783],{},[542,3821,3822],{},"HTTPS + UDP",[542,3824,3825],{},"When you open a cloud desktop",[525,3827,3828,3831,3835,3837],{},[542,3829,3830],{},"OpenAI API",[542,3832,3833],{},[106,3834,1710],{},[542,3836,943],{},[542,3838,3839],{},"When a task uses an OpenAI model",[525,3841,3842,3845,3849,3851],{},[542,3843,3844],{},"Anthropic API",[542,3846,3847],{},[106,3848,1839],{},[542,3850,943],{},[542,3852,3853],{},"When a task uses an Anthropic model",[525,3855,3856,3859,3864,3866],{},[542,3857,3858],{},"Google Gemini API",[542,3860,3861],{},[106,3862,3863],{},"generativelanguage.googleapis.com",[542,3865,943],{},[542,3867,3868],{},"When a task uses a Gemini model",[525,3870,3871,3874,3879,3881],{},[542,3872,3873],{},"Real-time events (Pusher)",[542,3875,3876],{},[106,3877,3878],{},"*.pusher.com",[542,3880,954],{},[542,3882,3883],{},"During SOP generation and skill compilation",[525,3885,3886,3889,3894,3896],{},[542,3887,3888],{},"Link title preview",[542,3890,3891],{},[106,3892,3893],{},"api.microlink.io",[542,3895,943],{},[542,3897,3898],{},"When a chat message contains a URL",[525,3900,3901,3904,3909,3911],{},[542,3902,3903],{},"Favicon service",[542,3905,3906],{},[106,3907,3908],{},"www.google.com",[542,3910,943],{},[542,3912,3913],{},"When a chat message displays a tool call with a URL",[525,3915,3916,3919,3922,3925],{},[542,3917,3918],{},"Custom MCP servers",[542,3920,3921],{},"User-configured",[542,3923,3924],{},"Varies",[542,3926,3927],{},"When an MCP server is enabled in your settings",[27,3929,3931],{"id":3930},"multiclaw-cloud-connections","MultiClaw Cloud connections",[11,3933,3934],{},"The gateway opens two connections to MultiClaw Cloud while running:",[35,3936,3937,3945],{},[38,3938,3939,3944],{},[15,3940,3941,3942,2601],{},"API (",[106,3943,3777],{},": syncs configuration, task state, and workspace membership between the desktop app and MultiClaw Cloud. Synced data includes agent settings, encrypted API keys, and task assignments. The gateway also sends periodic heartbeats so MultiClaw Cloud can report your instance's connection status.",[38,3946,3947,3952],{},[15,3948,3949,3950,2601],{},"WebSocket (",[106,3951,3792],{},": receives real-time events from MultiClaw Cloud, such as new task assignments and configuration changes pushed by other team members.",[11,3954,3955],{},"Both connections authenticate with your account session. They carry coordination and configuration data — not your prompts, task content, or files sent to LLM providers.",[27,3957,1815],{"id":3958},"auto-updater",[11,3960,3961,3962,3964],{},"On launch, the desktop app sends a version check to ",[106,3963,1820],{},". The request includes your current app version and operating system so the CDN can return the correct installer if an update is available. No account identifiers, usage data, or behavioural information is included in the request.",[11,3966,3967],{},"You can also trigger an update check manually from the desktop app's menu.",[27,3969,1694],{"id":3970},"turn-relay",[11,3972,3973,3974,3976],{},"When you open a cloud desktop, the app connects to ",[106,3975,1783],{}," to relay the session's encrypted media stream — screen output from the cloud desktop and your keyboard and mouse input. The TURN server activates only when a direct peer-to-peer connection between your machine and the cloud desktop isn't possible, which is common in corporate or restricted networks.",[11,3978,3979],{},"The relay handles only the encrypted WebRTC stream. The connection closes when you leave the cloud desktop session.",[27,3981,3983],{"id":3982},"llm-provider-connections","LLM provider connections",[11,3985,3986,3987,3990],{},"MultiClaw contacts only the LLM providers you've configured. If you haven't entered an API key for a provider, ",[15,3988,3989],{},"no connection is made to that provider",". For example, adding only an Anthropic key means the app never contacts OpenAI or Google.",[11,3992,3993,3994,3996],{},"Your API keys are stored encrypted in MultiClaw Cloud and delivered to your instance during configuration sync. They are not stored in plaintext on your local machine. See ",[64,3995,158],{"href":157}," for full details.",[11,3998,3999],{},"Each provider connection sends only the data needed to fulfil the task: your prompt, context, and any files you explicitly include. The provider processes this data under its own terms of service and privacy policy. Review your provider's data-use policy to understand how request content is handled and whether it is used for model training.",[27,4001,3873],{"id":4002},"real-time-events-pusher",[11,4004,4005,4006,4008],{},"When you use SOP generation or skill compilation, the desktop app opens a WebSocket connection to Pusher (",[106,4007,3878],{},") for live progress updates. Your existing MultiClaw Cloud session authenticates this connection. The connection closes when the operation completes.",[11,4010,4011,4012,22],{},"No task content reaches Pusher. The connection carries only structured progress events, subject to ",[64,4013,4016],{"href":4014,"rel":4015},"https:\u002F\u002Fpusher.com\u002Flegal\u002Fprivacy-policy\u002F",[645],"Pusher's Privacy Policy",[27,4018,4020],{"id":4019},"link-preview-and-favicon-services","Link preview and favicon services",[11,4022,4023,4024,4026,4027,22],{},"When a chat message contains a URL, the desktop app automatically sends that URL to ",[106,4025,3893],{}," to fetch the page title for display. Microlink processes the URL, subject to ",[64,4028,4031],{"href":4029,"rel":4030},"https:\u002F\u002Fmicrolink.io\u002Fprivacy",[645],"Microlink's Privacy Policy",[11,4033,4034,4035,4038,4039,22],{},"When a chat message displays a tool call with a URL, the app fetches a favicon from ",[106,4036,4037],{},"https:\u002F\u002Fwww.google.com\u002Fs2\u002Ffavicons"," to display an icon beside the link. The app sends the domain portion of that URL to Google's favicon service, subject to ",[64,4040,4043],{"href":4041,"rel":4042},"https:\u002F\u002Fpolicies.google.com\u002Fprivacy",[645],"Google's Privacy Policy",[27,4045,3918],{"id":4046},"custom-mcp-servers",[11,4048,4049],{},"Your server configuration determines which custom MCP servers the app connects to. MultiClaw does not inspect, control, or audit traffic to or from custom MCP servers. No connections occur unless you've added and enabled an MCP server in your settings.",[11,4051,4052,4053,4055],{},"Review the network requirements and trustworthiness of any MCP server before adding it. See ",[64,4054,262],{"href":261}," for the breakdown of your responsibilities versus the provider's.",[27,4057,4059],{"id":4058},"no-telemetry-or-analytics-connections","No telemetry or analytics connections",[11,4061,4062,4065],{},[15,4063,4064],{},"MultiClaw makes no telemetry, analytics, or crash-reporting connections."," No usage metrics, behavioural analytics, or diagnostic payloads are sent to MultiClaw or any analytics service.",[11,4067,4068],{},"The Pusher, Microlink, and Google connections described above serve specific UI functions, not analytics or tracking. The sections above detail what data each service receives and link to the relevant privacy policies.",[27,4070,4072],{"id":4071},"blocked-connections","Blocked connections",[11,4074,4075],{},"Not all connections are required for the desktop app to function. If your network restricts outbound traffic, use this table to understand the impact of blocking each connection.",[519,4077,4078,4087],{},[522,4079,4080],{},[525,4081,4082,4084],{},[528,4083,928],{},[528,4085,4086],{},"Effect of blocking",[537,4088,4089,4097,4104,4111,4118,4126,4134,4142],{},[525,4090,4091,4094],{},[542,4092,4093],{},"MultiClaw Cloud (API \u002F WebSocket)",[542,4095,4096],{},"The gateway cannot sync configuration or receive task assignments. Core app functionality stops.",[525,4098,4099,4101],{},[542,4100,1815],{},[542,4102,4103],{},"The app continues working but won't receive automatic updates. Download updates manually from the MultiClaw website.",[525,4105,4106,4108],{},[542,4107,1694],{},[542,4109,4110],{},"Cloud desktop sessions may fail if your network also blocks direct peer-to-peer connections.",[525,4112,4113,4115],{},[542,4114,2953],{},[542,4116,4117],{},"Tasks that use the blocked provider's models fail. Other configured providers remain available.",[525,4119,4120,4123],{},[542,4121,4122],{},"Pusher",[542,4124,4125],{},"SOP generation and skill compilation lose live progress indicators. The operations still complete in the background.",[525,4127,4128,4131],{},[542,4129,4130],{},"Microlink",[542,4132,4133],{},"Chat messages with URLs display without title previews.",[525,4135,4136,4139],{},[542,4137,4138],{},"Google favicon",[542,4140,4141],{},"Chat messages with tool-call URLs display without favicon icons.",[525,4143,4144,4146],{},[542,4145,3918],{},[542,4147,4148],{},"The blocked server becomes unavailable. Other MCP servers and core functionality are unaffected.",[381,4150,4151],{"type":407},[11,4152,4153],{},"To verify the connections your desktop app makes, use a network monitor such as Little Snitch (macOS), GlassWire (Windows), or your operating system's built-in firewall logs.",{"title":265,"searchDepth":266,"depth":266,"links":4155},[4156,4157,4158,4159,4160,4161,4162,4163,4164,4165],{"id":3746,"depth":266,"text":3747},{"id":3930,"depth":266,"text":3931},{"id":3958,"depth":266,"text":1815},{"id":3970,"depth":266,"text":1694},{"id":3982,"depth":266,"text":3983},{"id":4002,"depth":266,"text":3873},{"id":4019,"depth":266,"text":4020},{"id":4046,"depth":266,"text":3918},{"id":4058,"depth":266,"text":4059},{"id":4071,"depth":266,"text":4072},"Outbound connections the desktop app and gateway make, what each one does, and when each occurs.",{},13,"\u002Fsecurity-privacy\u002Fallowed-external-connections",[291,294,293],{"title":226,"description":4166},"help\u002Fsecurity-privacy\u002F13.allowed-external-connections","vLsuZIyuIs_bymigjrC4jMYMHRFSI4B0fqZ_RiJ2ULE","Allowed external connections Outbound connections the desktop app and gateway make, what each one does, and when each occurs.",{"id":4176,"title":262,"body":4177,"category":281,"description":4475,"draft":283,"extension":284,"meta":4476,"navigation":286,"order":4477,"path":4478,"relatedArticles":4479,"seo":4480,"slug":4481,"stem":4482,"updatedAt":298,"__hash__":4483,"excerpt":4475,"searchText":4484},"help\u002Fhelp\u002Fsecurity-privacy\u002F14.shared-responsibility-model.md",{"type":8,"value":4178,"toc":4458},[4179,4182,4329,4333,4336,4339,4342,4344,4348,4355,4359,4366,4370,4373,4377,4380,4392,4396,4409,4413,4416,4420,4423,4427,4431,4434,4438,4441,4445,4448],[11,4180,4181],{},"Security in MultiClaw follows a shared responsibility model. MultiClaw secures the cloud infrastructure and the desktop app; you secure your local environment, credentials, and workspace configuration. Understanding each party's role helps you protect your workspace effectively.",[519,4183,4184,4194],{},[522,4185,4186],{},[525,4187,4188,4191],{},[528,4189,4190],{},"Responsibility",[528,4192,4193],{},"Party",[537,4195,4196,4203,4210,4217,4224,4231,4238,4245,4252,4259,4266,4273,4280,4287,4294,4301,4308,4315,4322],{},[525,4197,4198,4201],{},[542,4199,4200],{},"Infrastructure security (servers, databases, networking)",[542,4202,1068],{},[525,4204,4205,4208],{},[542,4206,4207],{},"AES-256-GCM application-layer encryption for sensitive values in MultiClaw Cloud",[542,4209,1068],{},[525,4211,4212,4215],{},[542,4213,4214],{},"TLS encryption between the gateway and MultiClaw Cloud",[542,4216,1068],{},[525,4218,4219,4222],{},[542,4220,4221],{},"Desktop app update signing and verification (minisign)",[542,4223,1068],{},[525,4225,4226,4229],{},[542,4227,4228],{},"Patching the desktop app and MultiClaw Cloud",[542,4230,1068],{},[525,4232,4233,4236],{},[542,4234,4235],{},"Access controls and audit trail in MultiClaw Cloud",[542,4237,1068],{},[525,4239,4240,4243],{},[542,4241,4242],{},"Security incident notification (GDPR Art. 33 and Art. 34)",[542,4244,1068],{},[525,4246,4247,4250],{},[542,4248,4249],{},"Keeping the desktop app updated",[542,4251,1099],{},[525,4253,4254,4257],{},[542,4255,4256],{},"Keeping OpenClaw updated",[542,4258,1099],{},[525,4260,4261,4264],{},[542,4262,4263],{},"Protecting your LLM API keys",[542,4265,1099],{},[525,4267,4268,4271],{},[542,4269,4270],{},"Securing the local OpenClaw data directory",[542,4272,1099],{},[525,4274,4275,4278],{},[542,4276,4277],{},"Managing workspace member access",[542,4279,1099],{},[525,4281,4282,4285],{},[542,4283,4284],{},"Configuring agent guardrails",[542,4286,1099],{},[525,4288,4289,4292],{},[542,4290,4291],{},"Securing the machine running the desktop app",[542,4293,1099],{},[525,4295,4296,4299],{},[542,4297,4298],{},"Reviewing third-party MCP servers before adding them",[542,4300,1099],{},[525,4302,4303,4306],{},[542,4304,4305],{},"Infrastructure monitoring",[542,4307,1068],{},[525,4309,4310,4313],{},[542,4311,4312],{},"Agent activity monitoring and suspicious behaviour reporting",[542,4314,1099],{},[525,4316,4317,4320],{},[542,4318,4319],{},"Secure default configuration",[542,4321,1068],{},[525,4323,4324,4327],{},[542,4325,4326],{},"Configuration changes (for example, disabling auto-updates)",[542,4328,1099],{},[27,4330,4332],{"id":4331},"multiclaws-responsibilities","MultiClaw's responsibilities",[11,4334,4335],{},"MultiClaw secures the cloud infrastructure that powers MultiClaw Cloud. This includes the physical security of data centres via AWS, server and database hardening, and network-level protections. MultiClaw Cloud stores data on AWS infrastructure, which encrypts underlying storage volumes at rest. Sensitive values including agent configuration and credentials are additionally encrypted at the application layer using AES-256-GCM before being written to the database.",[11,4337,4338],{},"All connections between the gateway and MultiClaw Cloud are encrypted with TLS. Desktop app updates are signed with minisign and verified before installation. MultiClaw patches and maintains the desktop app and MultiClaw Cloud on an ongoing basis.",[11,4340,4341],{},"MultiClaw Cloud enforces access controls and maintains an audit trail of key platform events. If a security incident is confirmed to have affected your data, MultiClaw will notify the relevant supervisory authority within 72 hours as required by GDPR Art. 33. MultiClaw will also notify you directly without undue delay if the breach poses a high risk to your rights (Art. 34).",[27,4343,2234],{"id":2233},[351,4345,4347],{"id":4346},"keep-the-desktop-app-updated","Keep the desktop app updated",[11,4349,4350,4351,4354],{},"Auto-updates are enabled by default. Do not disable them, as updates include security patches. If you need to verify which version you are running, check the desktop app's ",[15,4352,4353],{},"About"," screen.",[351,4356,4358],{"id":4357},"keep-openclaw-updated","Keep OpenClaw updated",[11,4360,4361,4362,4365],{},"OpenClaw is installed and updated separately from MultiClaw. Keep your OpenClaw installation current by following the update instructions for your platform (for example, ",[106,4363,4364],{},"brew upgrade openclaw"," on macOS). MultiClaw does not distribute or update the OpenClaw binary on your behalf.",[351,4367,4369],{"id":4368},"protect-your-llm-api-keys","Protect your LLM API keys",[11,4371,4372],{},"Your LLM API keys are stored in MultiClaw Cloud and encrypted at rest using AES-256-GCM. You control which services receive those keys. If you suspect a key has been compromised, rotate it immediately in your LLM provider's dashboard and update it in MultiClaw Cloud. Only connect services you trust.",[351,4374,4376],{"id":4375},"secure-the-local-openclaw-data-directory","Secure the local OpenClaw data directory",[11,4378,4379],{},"The local OpenClaw data directory is protected by your operating system's file-system permissions. Enable full-disk encryption on any machine running the desktop app. Keep the machine's operating system updated and apply security patches promptly.",[11,4381,4382,4383,4385,4386,4388,4389,4391],{},"On macOS, confirm FileVault is on in ",[15,4384,1124],{},". On Windows, check ",[15,4387,1027],{}," or search for ",[15,4390,1031],{},". On Linux, verify LUKS encryption is active.",[351,4393,4395],{"id":4394},"manage-workspace-member-access","Manage workspace member access",[11,4397,4398,4399,1900,4401,4403,4404,390,4406,4408],{},"Invite only trusted users and revoke access when members leave. Two roles exist: ",[15,4400,505],{},[15,4402,509],{},". Periodically review the member list by navigating to your workspace's ",[15,4405,389],{},[106,4407,393],{},") in MultiClaw Cloud.",[351,4410,4412],{"id":4411},"configure-agent-guardrails","Configure agent guardrails",[11,4414,4415],{},"MultiClaw provides secure defaults, but you are responsible for adjusting approval flows, scope limits, and execution permissions to match your organisation's risk tolerance. Review guardrail settings whenever your security requirements change.",[351,4417,4419],{"id":4418},"vet-third-party-mcp-servers","Vet third-party MCP servers",[11,4421,4422],{},"Before adding a third-party MCP server, verify its source and review its permissions. MultiClaw cannot audit or vouch for third-party servers. You are responsible for any access those servers receive.",[27,4424,4426],{"id":4425},"shared-responsibilities","Shared responsibilities",[351,4428,4430],{"id":4429},"incident-detection","Incident detection",[11,4432,4433],{},"MultiClaw monitors infrastructure for anomalies. You are responsible for monitoring your own agent activity. If you notice unexpected behaviour — agents running tasks you did not approve, unusual output, or activity at unexpected times — review the audit trail and revoke agent access if necessary.",[351,4435,4437],{"id":4436},"configuration","Configuration",[11,4439,4440],{},"MultiClaw ships secure defaults for all settings. When you change a default (for example, disabling auto-updates or granting an agent broad file access), you accept responsibility for the security implications of that change. Review any configuration change against your organisation's security policies before applying it.",[27,4442,4444],{"id":4443},"what-this-model-does-not-cover","What this model does not cover",[11,4446,4447],{},"This model describes the division of security responsibilities between MultiClaw and you. It does not guarantee that either party's measures will prevent every possible incident. No security programme can eliminate all risk.",[11,4449,4450,4451,1804,4453,4455,4456,22],{},"If you are unsure where a specific responsibility falls, contact MultiClaw support. For the technical detail behind the protections described here, see ",[64,4452,6],{"href":420},[64,4454,127],{"href":126},", and ",[64,4457,158],{"href":157},{"title":265,"searchDepth":266,"depth":266,"links":4459},[4460,4461,4470,4474],{"id":4331,"depth":266,"text":4332},{"id":2233,"depth":266,"text":2234,"children":4462},[4463,4464,4465,4466,4467,4468,4469],{"id":4346,"depth":481,"text":4347},{"id":4357,"depth":481,"text":4358},{"id":4368,"depth":481,"text":4369},{"id":4375,"depth":481,"text":4376},{"id":4394,"depth":481,"text":4395},{"id":4411,"depth":481,"text":4412},{"id":4418,"depth":481,"text":4419},{"id":4425,"depth":266,"text":4426,"children":4471},[4472,4473],{"id":4429,"depth":481,"text":4430},{"id":4436,"depth":481,"text":4437},{"id":4443,"depth":266,"text":4444},"What MultiClaw secures versus what you are responsible for as a customer.",{},14,"\u002Fsecurity-privacy\u002Fshared-responsibility-model",[490,290,293],{"title":262,"description":4475},"shared-responsibility-model","help\u002Fsecurity-privacy\u002F14.shared-responsibility-model","hIH39R_Cs9_Maa_AMfiy_aXwvGhQrYoqXAyei0o7818","Shared responsibility model What MultiClaw secures versus what you are responsible for as a customer.",null,1778463883266]