[{"data":1,"prerenderedAt":1451},["ShallowReactive",2],{"help-category-\u002Fsecurity-privacy\u002Fprivacy-and-data-handling":3,"help-article-\u002Fsecurity-privacy\u002Fprivacy-and-data-handling":4,"related-articles-\u002Fsecurity-privacy\u002Fprivacy-and-data-handling":455},[],{"id":5,"title":6,"body":7,"category":437,"description":438,"draft":439,"extension":440,"meta":441,"navigation":442,"order":443,"path":444,"relatedArticles":445,"seo":449,"slug":450,"stem":451,"updatedAt":452,"__hash__":453,"excerpt":438,"searchText":454},"help\u002Fhelp\u002Fsecurity-privacy\u002F10.privacy-and-data-handling.md","Privacy and data handling",{"type":8,"value":9,"toc":422},"minimark",[10,14,19,26,30,50,56,59,63,70,77,86,90,93,96,104,108,111,114,117,120,142,149,153,156,229,233,236,294,298,345,349,355,362,366,369,389,396,399],[11,12,13],"p",{},"MultiClaw does not collect usage telemetry. Your conversation content stays on your device unless you choose to sync it to a workspace. Below is a complete breakdown of what data MultiClaw holds, how long it is retained, and the rights you have over it.",[15,16,18],"h2",{"id":17},"no-telemetry","No telemetry",[11,20,21,25],{},[22,23,24],"strong",{},"The desktop app collects no usage analytics, feature statistics, or behavioural telemetry."," There are no third-party analytics SDKs embedded in the app, and it does not transmit usage data to MultiClaw or any third party.",[15,27,29],{"id":28},"app-logs","App logs",[11,31,32,33,37,38,41,42,45,46,49],{},"The desktop app continuously writes diagnostic and activity logs to a file on your device at ",[34,35,36],"code",{},"~\u002F.multiclaw\u002Flogs\u002Fapp.log",". Logs record structured operational events (startup, connectivity changes, errors), not conversation content. You can open the log viewer from ",[22,39,40],{},"Settings → General",", scroll to the ",[22,43,44],{},"App Logs"," card, and click ",[22,47,48],{},"Open Logs",".",[11,51,52,55],{},[22,53,54],{},"App logs are not uploaded automatically."," You choose whether to share a log file with support.",[11,57,58],{},"Log files contain operational events including app version and OS identifier. They are not designed to contain conversation content or API keys.",[15,60,62],{"id":61},"conversation-content","Conversation content",[11,64,65,66,69],{},"Conversation content is stored ",[22,67,68],{},"locally on your device"," by default. MultiClaw does not use your conversation content to train, fine-tune, or evaluate AI models.",[11,71,72,73,76],{},"If you are connected to a workspace, conversations sync to ",[22,74,75],{},"MultiClaw Cloud",". Synced conversations are encrypted in transit and at rest. MultiClaw processes this data on your behalf as a data processor.",[11,78,79,80,85],{},"When you run a task, your prompts and task context are sent to the LLM provider you have configured. See ",[81,82,84],"a",{"href":83},"#data-sharing","Data sharing"," below for details on how third parties handle your data.",[15,87,89],{"id":88},"workflow-recordings","Workflow recordings",[11,91,92],{},"The MultiClaw Chrome Extension captures browser interactions only during an active recording session that you start. The extension does not monitor your browsing activity at any other time and does not collect browsing history.",[11,94,95],{},"Recordings are stored locally on your device. If you upload a recording to MultiClaw Cloud, it is encrypted at rest.",[11,97,98,99,103],{},"See ",[81,100,102],{"href":101},"\u002Fhelp\u002Fsecurity-privacy\u002Fbrowser-extension-security","Browser extension security"," for full details on what the extension accesses and when.",[15,105,107],{"id":106},"cookies-and-tracking","Cookies and tracking",[11,109,110],{},"The desktop app does not use browser cookies. MultiClaw Cloud uses session cookies only, which are strictly necessary to keep you signed in.",[11,112,113],{},"The marketing website at multiclaw.io uses analytics cookies that require your consent before they are set. MultiClaw does not use advertising or retargeting cookies on any of its properties.",[15,115,84],{"id":116},"data-sharing",[11,118,119],{},"MultiClaw does not sell your personal data. Data is shared with third parties only in the following circumstances:",[121,122,123,130,136],"ul",{},[124,125,126,129],"li",{},[22,127,128],{},"LLM providers",": when an agent runs a task, your prompts and task context are sent to the provider you configured (such as OpenAI, Anthropic, or Google). Those providers process data under their own terms and privacy policies.",[124,131,132,135],{},[22,133,134],{},"Infrastructure sub-processors",": MultiClaw uses a limited set of third-party infrastructure providers (cloud hosting, database, email delivery) engaged under data processing agreements that restrict them to processing data only on MultiClaw's documented instructions.",[124,137,138,141],{},[22,139,140],{},"Legal requirements",": MultiClaw may disclose personal data where required by applicable law, court order, or regulatory authority.",[11,143,144,145,49],{},"For the full list of sub-processors, see ",[81,146,148],{"href":147},"\u002Fhelp\u002Flegal-compliance\u002Fsubprocessors-and-third-parties","Subprocessors and third parties",[15,150,152],{"id":151},"personal-data-we-collect","Personal data we collect",[11,154,155],{},"MultiClaw Cloud holds the following personal data about you.",[157,158,159,178],"table",{},[160,161,162],"thead",{},[163,164,165,169,172,175],"tr",{},[166,167,168],"th",{},"Data type",[166,170,171],{},"Purpose",[166,173,174],{},"Legal basis",[166,176,177],{},"Retention",[179,180,181,198,213],"tbody",{},[163,182,183,189,192,195],{},[184,185,186],"td",{},[22,187,188],{},"Name and email address",[184,190,191],{},"Account creation and authentication",[184,193,194],{},"Performance of contract (GDPR Art. 6(1)(b))",[184,196,197],{},"While your account is active; purged within 30 days of account deletion request",[163,199,200,206,209,211],{},[184,201,202,205],{},[22,203,204],{},"Workspace metadata"," (member list, agent names, audit logs)",[184,207,208],{},"Workspace operation and governance",[184,210,194],{},[184,212,197],{},[163,214,215,220,223,226],{},[184,216,217],{},[22,218,219],{},"IP address and user agent",[184,221,222],{},"Server access logs",[184,224,225],{},"Legitimate interests — security and abuse prevention (GDPR Art. 6(1)(f))",[184,227,228],{},"90 days",[15,230,232],{"id":231},"your-data-rights","Your data rights",[11,234,235],{},"You have the following rights under applicable data protection law (including GDPR and UK GDPR).",[121,237,238,248,257,270,278,286],{},[124,239,240,243,244,49],{},[22,241,242],{},"Right to access",": request a copy of your data at any time by emailing ",[81,245,247],{"href":246},"mailto:privacy@multiclaw.io","privacy@multiclaw.io",[124,249,250,253,254,256],{},[22,251,252],{},"Right to erasure",": request deletion of your account and associated data by emailing ",[81,255,247],{"href":246},". MultiClaw responds to deletion requests within one calendar month.",[124,258,259,262,263,265,266,269],{},[22,260,261],{},"Right to rectification",": update your name or email address in ",[22,264,40],{}," on the ",[22,267,268],{},"Account"," card.",[124,271,272,275,276,49],{},[22,273,274],{},"Right to portability",": request a machine-readable export of the personal data you have provided to MultiClaw by emailing ",[81,277,247],{"href":246},[124,279,280,283,284,49],{},[22,281,282],{},"Right to restriction",": request that MultiClaw limit processing of your data in certain circumstances (for example, while the accuracy of your data is being contested) by emailing ",[81,285,247],{"href":246},[124,287,288,291,292,49],{},[22,289,290],{},"Right to object",": object to processing of your personal data where that processing is based on legitimate interests by emailing ",[81,293,247],{"href":246},[15,295,297],{"id":296},"data-retention-summary","Data retention summary",[157,299,300,310],{},[160,301,302],{},[163,303,304,307],{},[166,305,306],{},"Data",[166,308,309],{},"Retention period",[179,311,312,320,328,334],{},[163,313,314,317],{},[184,315,316],{},"Active account data",[184,318,319],{},"While your account is active",[163,321,322,325],{},[184,323,324],{},"Deleted account data",[184,326,327],{},"Purged within 30 days of deletion request",[163,329,330,332],{},[184,331,222],{},[184,333,228],{},[163,335,336,338],{},[184,337,29],{},[184,339,340,341,344],{},"Stored locally at ",[34,342,343],{},"~\u002F.multiclaw\u002Flogs\u002F","; not uploaded unless you share them",[15,346,348],{"id":347},"delete-your-data","Delete your data",[11,350,351,352,354],{},"You can delete individual conversations from the desktop app at any time. To request deletion of all your personal data from MultiClaw Cloud, email ",[81,353,247],{"href":246},". After you close your account, you have 30 days to export your data before deletion begins.",[11,356,98,357,361],{},[81,358,360],{"href":359},"\u002Fhelp\u002Flegal-compliance\u002Fdata-portability-and-export","Data portability and export"," for export options.",[15,363,365],{"id":364},"your-responsibilities","Your responsibilities",[11,367,368],{},"MultiClaw protects your data in transit and at rest, but some aspects of privacy depend on your choices:",[121,370,371,377,383],{},[124,372,373,376],{},[22,374,375],{},"Workspace sync",": if you connect to a workspace, conversations sync to MultiClaw Cloud. To keep conversations entirely local, don't connect to a workspace.",[124,378,379,382],{},[22,380,381],{},"LLM provider selection",": MultiClaw sends your prompts to the provider you choose. Review each provider's data-use policy before configuring an agent.",[124,384,385,388],{},[22,386,387],{},"Device security",": local data (config, conversations, agent definitions) is protected by OS file permissions. Enable full-disk encryption to protect it from physical access.",[11,390,391,392,49],{},"For a full breakdown of where platform protections end and yours begin, see ",[81,393,395],{"href":394},"\u002Fhelp\u002Fsecurity-privacy\u002Fshared-responsibility-model","Shared responsibility model",[11,397,398],{},"For deeper detail on related topics:",[121,400,401,408,415],{},[124,402,403,407],{},[81,404,406],{"href":405},"\u002Fhelp\u002Fsecurity-privacy\u002Fdata-encryption","Data encryption",": the full encryption model for local and cloud data.",[124,409,410,414],{},[81,411,413],{"href":412},"\u002Fhelp\u002Fsecurity-privacy\u002Fdata-residency-and-storage","Data residency and storage",": where each type of data is stored.",[124,416,417,421],{},[81,418,420],{"href":419},"\u002Fhelp\u002Flegal-compliance\u002Fprivacy-policy","Privacy Policy",": the full legal privacy policy.",{"title":423,"searchDepth":424,"depth":424,"links":425},"",2,[426,427,428,429,430,431,432,433,434,435,436],{"id":17,"depth":424,"text":18},{"id":28,"depth":424,"text":29},{"id":61,"depth":424,"text":62},{"id":88,"depth":424,"text":89},{"id":106,"depth":424,"text":107},{"id":116,"depth":424,"text":84},{"id":151,"depth":424,"text":152},{"id":231,"depth":424,"text":232},{"id":296,"depth":424,"text":297},{"id":347,"depth":424,"text":348},{"id":364,"depth":424,"text":365},"security-privacy","MultiClaw collects no telemetry, keeps conversations local by default, and gives you full control over your personal data.",false,"md",{},true,10,"\u002Fsecurity-privacy\u002Fprivacy-and-data-handling",[446,447,448],"security-privacy\u002Fdata-residency-and-storage","security-privacy\u002Fdata-encryption","security-privacy\u002Fhow-credentials-and-secrets-are-stored",{"title":6,"description":438},"privacy-and-data-handling","help\u002Fsecurity-privacy\u002F10.privacy-and-data-handling","2026-03-31","U_27RD9fX6Rl-0R0Bh_vHok-zaDdQn2B-bxYV-nsbaE","Privacy and data handling MultiClaw collects no telemetry, keeps conversations local by default, and gives you full control over your personal data.",[456,733,1148],{"id":457,"title":413,"body":458,"category":437,"description":721,"draft":439,"extension":440,"meta":722,"navigation":442,"order":723,"path":724,"relatedArticles":725,"seo":728,"slug":729,"stem":730,"updatedAt":452,"__hash__":731,"excerpt":721,"searchText":732},"help\u002Fhelp\u002Fsecurity-privacy\u002F05.data-residency-and-storage.md",{"type":8,"value":459,"toc":711},[460,466,470,473,510,514,517,545,547,550,557,563,567,578,584,592,604,608,614,619,623,626,631,635,638,689,692,698,702,706],[11,461,462,463,465],{},"MultiClaw stores data in two places: your local machine and ",[22,464,75],{},". Workflow recordings, API keys, and app configuration stay on your machine. Workspace metadata, agent definitions, and audit logs sync to the cloud when you connect to a workspace.",[15,467,469],{"id":468},"what-stays-local","What stays local",[11,471,472],{},"This data stays on your machine and doesn't sync to MultiClaw Cloud:",[121,474,475,483,491,498,504],{},[124,476,477,479,480],{},[22,478,89],{},": stored in ",[34,481,482],{},"~\u002F.openclaw\u002F",[124,484,485,479,488],{},[22,486,487],{},"API keys",[34,489,490],{},"~\u002F.openclaw\u002Fopenclaw.json",[124,492,493,479,496],{},[22,494,495],{},"App configuration",[34,497,490],{},[124,499,500,503],{},[22,501,502],{},"Desktop app binary and cache",": stored on your local filesystem",[124,505,506,509],{},[22,507,508],{},"Crash logs",": stored locally and not transmitted to MultiClaw Cloud",[15,511,513],{"id":512},"what-syncs-to-multiclaw-cloud","What syncs to MultiClaw Cloud",[11,515,516],{},"When you connect to a workspace, this data syncs to the cloud:",[121,518,519,524,533,539],{},[124,520,521,523],{},[22,522,204],{},": workspace name, member list, agent names, and settings",[124,525,526,529,530,532],{},[22,527,528],{},"Agent and skill definitions",": stored locally in ",[34,531,482],{}," and synced to enable team sharing and backup",[124,534,535,538],{},[22,536,537],{},"Audit logs",": a record of agent actions and approvals",[124,540,541,544],{},[22,542,543],{},"Usage events",": a record of workspace activity used for operational monitoring",[15,546,62],{"id":61},[11,548,549],{},"Where your conversation transcripts are stored depends on whether you're connected to a workspace.",[11,551,552,553,556],{},"If you are ",[22,554,555],{},"not connected to a workspace",", all transcripts stay on your machine. Nothing syncs to the cloud.",[11,558,552,559,562],{},[22,560,561],{},"connected to a workspace",", transcripts sync to MultiClaw Cloud. To keep conversation content local, don't connect to a workspace.",[15,564,566],{"id":565},"cloud-region-and-infrastructure","Cloud region and infrastructure",[11,568,569,570,573,574,577],{},"MultiClaw Cloud runs on ",[22,571,572],{},"AWS"," in the ",[22,575,576],{},"ap-southeast-2"," region (Sydney, Australia). All cloud-synced workspace data and cloud desktops are hosted in this region.",[11,579,580,581,583],{},"For cross-border data transfers, MultiClaw relies on Standard Contractual Clauses (SCCs) for EU data subjects and the UK International Data Transfer Agreement (UK IDTA) for UK data subjects. See the ",[81,582,420],{"href":419}," for details.",[11,585,586,587,591],{},"If your organisation processes personal data through MultiClaw and your users include EU or UK data subjects, you're entitled to a Data Processing Agreement (DPA) under GDPR Article 28 and UK GDPR. See ",[81,588,590],{"href":589},"\u002Fhelp\u002Flegal-compliance\u002Fdata-processing-agreement","Data Processing Agreement"," for how to request one.",[593,594,596],"callout",{"type":595},"note",[11,597,598,599,603],{},"If your organisation has specific data residency requirements beyond the current region, contact ",[81,600,602],{"href":601},"mailto:legal@multiclaw.io","legal@multiclaw.io"," to discuss your needs.",[15,605,607],{"id":606},"encryption-at-rest","Encryption at rest",[11,609,610,611,613],{},"Local files in ",[34,612,482],{}," — including config, conversations, and agent definitions — are stored as plain JSON, protected by OS file permissions. MultiClaw Cloud encrypts workspace data at rest using AWS-managed encryption keys, with additional AES-256 application-layer encryption for sensitive values like API keys.",[11,615,98,616,618],{},[81,617,406],{"href":405}," for the full encryption model and how to protect local files with full-disk encryption.",[15,620,622],{"id":621},"third-party-data-processing","Third-party data processing",[11,624,625],{},"When an agent runs a task, your prompts and task context are sent to the LLM provider you've configured (such as OpenAI, Anthropic, or Google). Those providers process data under their own terms of service and privacy policies. MultiClaw does not use your conversation content for model training.",[11,627,628,629,49],{},"For a list of third-party services that process data on MultiClaw's behalf, see ",[81,630,148],{"href":147},[15,632,634],{"id":633},"data-retention","Data retention",[11,636,637],{},"MultiClaw keeps cloud-synced data only as long as it's needed. The key retention periods are:",[157,639,640,649],{},[160,641,642],{},[163,643,644,646],{},[166,645,306],{},[166,647,648],{},"Retained for",[179,650,651,659,667,674,682],{},[163,652,653,656],{},[184,654,655],{},"Account data (name, email)",[184,657,658],{},"While your account is active; deleted within 30 days of account closure",[163,660,661,664],{},[184,662,663],{},"Workspace and team data",[184,665,666],{},"While the workspace subscription is active; deleted within 30 days of cancellation",[163,668,669,672],{},[184,670,671],{},"Server logs (IP, user agent)",[184,673,228],{},[163,675,676,679],{},[184,677,678],{},"Synced conversations",[184,680,681],{},"Until you delete them or close your account",[163,683,684,686],{},[184,685,537],{},[184,687,688],{},"1 year",[11,690,691],{},"Local data — including workflow recordings, agent definitions, and config files — stays on your machine until you delete it. MultiClaw does not manage retention of local files.",[11,693,694,695,697],{},"See the ",[81,696,420],{"href":419}," for the full retention schedule.",[15,699,701],{"id":700},"delete-cloud-synced-data","Delete cloud-synced data",[11,703,351,704,49],{},[81,705,247],{"href":246},[11,707,708,709,361],{},"After you close your account, you have 30 days to export your data before deletion begins. See ",[81,710,360],{"href":359},{"title":423,"searchDepth":424,"depth":424,"links":712},[713,714,715,716,717,718,719,720],{"id":468,"depth":424,"text":469},{"id":512,"depth":424,"text":513},{"id":61,"depth":424,"text":62},{"id":565,"depth":424,"text":566},{"id":606,"depth":424,"text":607},{"id":621,"depth":424,"text":622},{"id":633,"depth":424,"text":634},{"id":700,"depth":424,"text":701},"Workflow recordings and API keys stay local. Workspace data syncs to MultiClaw Cloud on AWS when you connect.",{},5,"\u002Fsecurity-privacy\u002Fdata-residency-and-storage",[447,726,727],"legal-compliance\u002Fprivacy-policy","legal-compliance\u002Fdata-processing-agreement",{"title":413,"description":721},"data-residency-and-storage","help\u002Fsecurity-privacy\u002F05.data-residency-and-storage","c80Kwl2mnNM_vd7HyxaMSi1UvbDq6XVGGnv6JUBwhQI","Data residency and storage Workflow recordings and API keys stay local. Workspace data syncs to MultiClaw Cloud on AWS when you connect.",{"id":734,"title":406,"body":735,"category":437,"description":1136,"draft":439,"extension":440,"meta":1137,"navigation":442,"order":1138,"path":1139,"relatedArticles":1140,"seo":1143,"slug":1144,"stem":1145,"updatedAt":452,"__hash__":1146,"excerpt":1136,"searchText":1147},"help\u002Fhelp\u002Fsecurity-privacy\u002F04.data-encryption.md",{"type":8,"value":736,"toc":1121},[737,740,744,749,797,802,843,845,850,860,863,869,872,882,885,889,892,960,964,967,970,973,977,980,1011,1015,1018,1086,1090,1103,1109,1115],[11,738,739],{},"MultiClaw encrypts credentials and API keys stored in MultiClaw Cloud and secures all external traffic in transit with TLS. Your local OpenClaw config file, conversation history, and agent definitions are stored as plain text on your device, protected only by OS file permissions.",[15,741,743],{"id":742},"protection-overview","Protection overview",[11,745,746],{},[22,747,748],{},"On your device:",[157,750,751,760],{},[160,752,753],{},[163,754,755,757],{},[166,756,306],{},[166,758,759],{},"Protection at rest",[179,761,762,772,780,790],{},[163,763,764,769],{},[184,765,766,767],{},"API keys and credentials in ",[34,768,490],{},[184,770,771],{},"Not encrypted (plain JSON, OS file permissions)",[163,773,774,777],{},[184,775,776],{},"Desktop app authentication bearer token",[184,778,779],{},"Not encrypted (WebView local storage)",[163,781,782,788],{},[184,783,784,785],{},"Conversations in ",[34,786,787],{},"~\u002F.openclaw\u002Fconversations\u002F",[184,789,771],{},[163,791,792,795],{},[184,793,794],{},"Agent definitions, skill files, workflow recordings",[184,796,771],{},[11,798,799],{},[22,800,801],{},"In MultiClaw Cloud (when connected to a workspace):",[157,803,804,812],{},[160,805,806],{},[163,807,808,810],{},[166,809,306],{},[166,811,759],{},[179,813,814,822,829,836],{},[163,815,816,819],{},[184,817,818],{},"LLM API keys and instance credentials",[184,820,821],{},"AWS disk encryption + application-layer AES-256",[163,823,824,826],{},[184,825,678],{},[184,827,828],{},"AWS disk encryption",[163,830,831,834],{},[184,832,833],{},"Synced agent definitions and skill files",[184,835,828],{},[163,837,838,841],{},[184,839,840],{},"Workspace and account metadata",[184,842,828],{},[15,844,607],{"id":606},[846,847,849],"h3",{"id":848},"local-device","Local device",[11,851,852,853,855,856,859],{},"Your local OpenClaw config file (",[34,854,490],{},") is stored as ",[22,857,858],{},"plain JSON"," on disk. It is not encrypted. Access is limited by OS file permissions. Only your user account can read the file.",[11,861,862],{},"The OpenClaw runtime stores all configuration as plain JSON files. MultiClaw reads and writes these files but does not apply its own encryption layer.",[11,864,865,866,868],{},"The desktop app's authentication bearer token is stored in the WebView's local storage. The bearer token is separate from the gateway workspace auth token, which is stored in ",[34,867,490],{}," alongside the API keys. Neither token is encrypted at rest on the local device.",[846,870,75],{"id":871},"multiclaw-cloud",[11,873,874,875,877,878,881],{},"Workspace data stored in MultiClaw Cloud is hosted on ",[22,876,572],{},", which encrypts storage volumes at rest using AWS-managed encryption keys. Sensitive values — such as LLM API keys and instance credentials — receive an additional layer of protection: they are encrypted at the application layer using ",[22,879,880],{},"AES-256"," before being stored. When MultiClaw Cloud syncs your configuration to a cloud desktop instance, it also encrypts API keys and credentials with AES-256-GCM in the sync payload, using a key derived from your instance token.",[11,883,884],{},"Application-layer encryption keys for credentials are managed by MultiClaw's infrastructure. Workspace members do not hold or control these keys.",[15,886,888],{"id":887},"encryption-in-transit","Encryption in transit",[11,890,891],{},"All traffic between MultiClaw components and external services travels over encrypted connections. The only exception is the link between the desktop app and the local OpenClaw gateway, which uses an unencrypted connection on localhost. This traffic never leaves your machine.",[157,893,894,904],{},[160,895,896],{},[163,897,898,901],{},[166,899,900],{},"Connection",[166,902,903],{},"Protocol",[179,905,906,917,928,939,949],{},[163,907,908,911],{},[184,909,910],{},"Desktop app ↔ MultiClaw Cloud (HTTP)",[184,912,913,916],{},[22,914,915],{},"HTTPS",": TLS 1.2 minimum, TLS 1.3 preferred",[163,918,919,922],{},[184,920,921],{},"Gateway ↔ MultiClaw Cloud (WebSocket)",[184,923,924,927],{},[22,925,926],{},"WSS"," (WebSocket Secure): TLS-encrypted",[163,929,930,933],{},[184,931,932],{},"Desktop app ↔ local OpenClaw gateway",[184,934,935,938],{},[22,936,937],{},"WS\u002FHTTP on localhost",": unencrypted, never leaves your machine",[163,940,941,944],{},[184,942,943],{},"Local gateway → LLM provider API",[184,945,946,948],{},[22,947,915],{},": TLS-encrypted",[163,950,951,954],{},[184,952,953],{},"Cloud desktop viewer (WebRTC)",[184,955,956,959],{},[22,957,958],{},"DTLS-SRTP",": standard encryption for peer-to-peer media",[15,961,963],{"id":962},"what-is-not-encrypted-locally","What is not encrypted locally",[11,965,966],{},"The local files listed in the protection overview use OS file permissions as their only protection. That's sufficient against remote access, but it doesn't protect against physical access to your device.",[11,968,969],{},"If your device is lost, stolen, or accessed by someone with your OS credentials, these files are readable. Full-disk encryption closes this gap.",[11,971,972],{},"When you connect to a workspace, conversations, agent definitions, and skill files sync to MultiClaw Cloud, where they receive AWS disk encryption.",[846,974,976],{"id":975},"enable-full-disk-encryption","Enable full-disk encryption",[11,978,979],{},"Full-disk encryption protects all files on your device, including the plain-text data listed above, from unauthorized physical access.",[121,981,982,992,1005],{},[124,983,984,987,988,991],{},[22,985,986],{},"macOS",": Open ",[22,989,990],{},"System Settings → Privacy & Security → FileVault"," and turn FileVault on.",[124,993,994,987,997,1000,1001,1004],{},[22,995,996],{},"Windows",[22,998,999],{},"Settings → Privacy & security → Device encryption",", or search for ",[22,1002,1003],{},"BitLocker"," on Pro and Enterprise editions.",[124,1006,1007,1010],{},[22,1008,1009],{},"Linux",": Most distributions offer LUKS encryption during installation. If your disk is not already encrypted, back up your data and reinstall with the encryption option enabled.",[15,1012,1014],{"id":1013},"shared-responsibility","Shared responsibility",[11,1016,1017],{},"MultiClaw encrypts your credentials and API keys in the cloud. Protecting your local device is your responsibility.",[157,1019,1020,1033],{},[160,1021,1022],{},[163,1023,1024,1027,1030],{},[166,1025,1026],{},"Area",[166,1028,1029],{},"Who handles it",[166,1031,1032],{},"Protection",[179,1034,1035,1046,1056,1066,1077],{},[163,1036,1037,1040,1043],{},[184,1038,1039],{},"API keys and credentials in MultiClaw Cloud",[184,1041,1042],{},"MultiClaw",[184,1044,1045],{},"AES-256 application encryption + AWS disk encryption",[163,1047,1048,1051,1053],{},[184,1049,1050],{},"Cloud storage volumes",[184,1052,572],{},[184,1054,1055],{},"AWS-managed disk encryption",[163,1057,1058,1061,1063],{},[184,1059,1060],{},"Traffic between MultiClaw and external services",[184,1062,1042],{},[184,1064,1065],{},"TLS 1.2+ for HTTP, WSS for WebSocket",[163,1067,1068,1071,1074],{},[184,1069,1070],{},"Local config, agent files, and conversations",[184,1072,1073],{},"You",[184,1075,1076],{},"OS file permissions + full-disk encryption",[163,1078,1079,1082,1084],{},[184,1080,1081],{},"Authentication tokens on your device",[184,1083,1073],{},[184,1085,1076],{},[846,1087,1089],{"id":1088},"what-you-can-verify","What you can verify",[11,1091,1092,1095,1096,1099,1100,49],{},[22,1093,1094],{},"Full-disk encryption",": Check your OS settings using the instructions above. On macOS, look for \"FileVault: On\" in ",[22,1097,1098],{},"System Settings → Privacy & Security",". On Windows, look for \"Device encryption is on\" in ",[22,1101,1102],{},"Settings → Privacy & security",[11,1104,1105,1108],{},[22,1106,1107],{},"Transit encryption",": All connections from the desktop app and Gateway to MultiClaw Cloud use HTTPS and WSS. You can confirm this with browser developer tools or a network monitoring tool — all external traffic will show TLS certificates issued to MultiClaw domains.",[11,1110,1111,1114],{},[22,1112,1113],{},"Cloud encryption at rest",": Application-layer encryption of cloud-stored credentials is handled transparently by MultiClaw's infrastructure. You cannot inspect it directly — this is a trust boundary inherent to any cloud-hosted service.",[593,1116,1118],{"type":1117},"tip",[11,1119,1120],{},"MultiClaw Cloud encrypts credentials and API keys stored in its database. Local files on your device — including config, conversations, and agent data — are not encrypted by MultiClaw. Full-disk encryption is the most effective way to protect them.",{"title":423,"searchDepth":424,"depth":424,"links":1122},[1123,1124,1129,1130,1133],{"id":742,"depth":424,"text":743},{"id":606,"depth":424,"text":607,"children":1125},[1126,1128],{"id":848,"depth":1127,"text":849},3,{"id":871,"depth":1127,"text":75},{"id":887,"depth":424,"text":888},{"id":962,"depth":424,"text":963,"children":1131},[1132],{"id":975,"depth":1127,"text":976},{"id":1013,"depth":424,"text":1014,"children":1134},[1135],{"id":1088,"depth":1127,"text":1089},"MultiClaw Cloud encrypts credentials and API keys with AES-256 and secures all traffic with TLS; local files are plain JSON protected only by OS file permissions.",{},4,"\u002Fsecurity-privacy\u002Fdata-encryption",[1141,1142,448,446],"security-privacy\u002Fsecurity-overview","security-privacy\u002Fnetwork-security",{"title":406,"description":1136},"data-encryption","help\u002Fsecurity-privacy\u002F04.data-encryption","PS01Cx_PLkHKehAf_-QLVhM6_dJhqwlHYiJ4B5fUh18","Data encryption MultiClaw Cloud encrypts credentials and API keys with AES-256 and secures all traffic with TLS; local files are plain JSON protected only by OS file permissions.",{"id":1149,"title":1150,"body":1151,"category":437,"description":1440,"draft":439,"extension":440,"meta":1441,"navigation":442,"order":1442,"path":1443,"relatedArticles":1444,"seo":1446,"slug":1447,"stem":1448,"updatedAt":452,"__hash__":1449,"excerpt":1440,"searchText":1450},"help\u002Fhelp\u002Fsecurity-privacy\u002F09.how-credentials-and-secrets-are-stored.md","How credentials and secrets are stored",{"type":8,"value":1152,"toc":1431},[1153,1156,1250,1253,1256,1262,1265,1268,1272,1281,1289,1292,1299,1319,1322,1328,1335,1338,1341,1352,1356,1359,1374,1377,1383,1387,1390,1404,1406,1409,1423],[11,1154,1155],{},"MultiClaw stores your LLM API keys encrypted in MultiClaw Cloud, auth tokens in local config files protected by OS file permissions, and session tokens in memory only. The table below shows where each secret lives, how it's protected, and how to clear it.",[157,1157,1158,1174],{},[160,1159,1160],{},[163,1161,1162,1165,1168,1171],{},[166,1163,1164],{},"Secret",[166,1166,1167],{},"Where it lives",[166,1169,1170],{},"Encrypted at rest",[166,1172,1173],{},"Cleared by",[179,1175,1176,1190,1208,1223,1236],{},[163,1177,1178,1181,1184,1187],{},[184,1179,1180],{},"LLM API keys",[184,1182,1183],{},"MultiClaw Cloud database",[184,1185,1186],{},"Yes — AES-256 application-level encryption",[184,1188,1189],{},"Removing the key from your agent's settings",[163,1191,1192,1195,1202,1205],{},[184,1193,1194],{},"LLM API keys (cloud desktop sync)",[184,1196,1197,1198,1201],{},"Cloud desktop instance config (prefixed ",[34,1199,1200],{},"enc:",")",[184,1203,1204],{},"Yes — AES-256-GCM per-instance key",[184,1206,1207],{},"Instance reset or re-sync from MultiClaw Cloud",[163,1209,1210,1213,1217,1220],{},[184,1211,1212],{},"Gateway workspace auth token",[184,1214,1215],{},[34,1216,490],{},[184,1218,1219],{},"No — OS file permissions only",[184,1221,1222],{},"Removing the user from the workspace",[163,1224,1225,1228,1231,1233],{},[184,1226,1227],{},"Desktop app bearer token",[184,1229,1230],{},"Desktop app WebView local storage",[184,1232,1219],{},[184,1234,1235],{},"Signing out of the desktop app",[163,1237,1238,1241,1244,1247],{},[184,1239,1240],{},"WebSocket session tokens",[184,1242,1243],{},"Memory only — not written to disk",[184,1245,1246],{},"N\u002FA",[184,1248,1249],{},"Connection close or token expiry",[15,1251,1180],{"id":1252},"llm-api-keys",[11,1254,1255],{},"MultiClaw Cloud stores your LLM provider API keys in its database, encrypted at rest with application-level encryption.",[11,1257,1258,1259,1261],{},"When MultiClaw syncs your configuration to a cloud desktop, it re-encrypts each API key with AES-256-GCM using a per-instance key derived through HKDF-SHA256. MultiClaw writes the encrypted value (prefixed ",[34,1260,1200],{},") to the instance's local config. At runtime, the gateway decrypts the key in memory to call your LLM provider.",[11,1263,1264],{},"The desktop app and gateway are designed not to log configuration values. Under normal operation, keys do not appear in diagnostic logs.",[11,1266,1267],{},"To add, update, or remove an API key, open your agent's settings in MultiClaw Cloud. Changes sync to connected cloud desktops on the next configuration push. Removing a key from MultiClaw Cloud deletes the encrypted copy from every synced instance.",[15,1269,1271],{"id":1270},"workspace-auth-token","Workspace auth token",[11,1273,1274,1275,1277,1278,1280],{},"When you sign in, MultiClaw Cloud issues a long-lived auth token stored in ",[34,1276,490],{}," as a plain JSON string. The gateway uses this token to authenticate WebSocket connections to MultiClaw Cloud. The token is not encrypted at rest. OS file permissions on ",[34,1279,482],{}," control read access.",[593,1282,1283],{"type":595},[11,1284,1285,1286,1288],{},"OS file permissions mean that only your operating system user account is intended to read the contents of ",[34,1287,482],{},". If you share an OS-level user account with other people, they may be able to read the token. Treat your OS user account as the trust boundary for this file.",[11,1290,1291],{},"The token is scoped to your user account and is not designed to permit access to another user's data.",[11,1293,1294,1295,1298],{},"To revoke access after a device is lost, a workspace owner can remove the user on the ",[22,1296,1297],{},"Users"," page in MultiClaw Cloud. MultiClaw does not currently offer per-device session revocation.",[593,1300,1301],{"type":1117},[11,1302,1303,1304,1306,1307,1310,1311,1314,1315,1318],{},"On macOS and Linux, verify your ",[34,1305,482],{}," directory permissions by running ",[34,1308,1309],{},"ls -ld ~\u002F.openclaw\u002F",". The output should show ",[34,1312,1313],{},"drwx------"," (owner-only access). On Windows, right-click the folder, open ",[22,1316,1317],{},"Properties → Security",", and confirm only your user account has read access.",[15,1320,1227],{"id":1321},"desktop-app-bearer-token",[11,1323,1324,1325,1327],{},"The desktop app uses a separate bearer token for its HTTP and real-time API calls to MultiClaw Cloud. It stores this token in its WebView local storage, not in ",[34,1326,490],{},", and does not encrypt it at rest.",[11,1329,1330,1331,1334],{},"This bearer token is distinct from the gateway workspace auth token. The gateway reads ",[34,1332,1333],{},"openclaw.json"," for its WebSocket connection, while the desktop app holds its own bearer token. Signing out of the desktop app clears the bearer token from local storage.",[15,1336,1240],{"id":1337},"websocket-session-tokens",[11,1339,1340],{},"Each WebSocket connection uses a short-lived HMAC-SHA256-signed token generated fresh for every session. These tokens exist in memory only while the connection is active and are not written to disk.",[11,1342,1343,1344,1347,1348,1351],{},"Token lifetime depends on the connection type: user session tokens expire after ",[22,1345,1346],{},"4 hours",", and daemon (cloud desktop) connection tokens expire after ",[22,1349,1350],{},"24 hours",". When a token expires, the system generates a new one automatically on reconnect.",[15,1353,1355],{"id":1354},"if-a-device-is-lost-or-compromised","If a device is lost or compromised",[11,1357,1358],{},"If you lose a device or suspect unauthorized access, take these steps in order:",[1360,1361,1362,1368,1371],"ol",{},[124,1363,1364,1365,1367],{},"Ask a workspace owner to remove your user account on the ",[22,1366,1297],{}," page in MultiClaw Cloud. This revokes the gateway workspace auth token stored on the device.",[124,1369,1370],{},"Sign in to MultiClaw Cloud from a trusted device and rotate any LLM API keys your agents use. Open your agent's settings, remove the current key, and add a new one.",[124,1372,1373],{},"If you use the same password elsewhere, change it. MultiClaw Cloud stores only a bcrypt hash of your password, but credential reuse remains a risk outside MultiClaw.",[11,1375,1376],{},"The desktop app bearer token is cleared when you sign out, but you cannot remotely sign out a lost device. Removing the user from the workspace is the primary revocation mechanism.",[593,1378,1380],{"type":1379},"warning",[11,1381,1382],{},"MultiClaw does not currently offer per-device session revocation. Removing a user from the workspace revokes all of that user's tokens across every device.",[15,1384,1386],{"id":1385},"what-multiclaw-does-not-store","What MultiClaw does not store",[11,1388,1389],{},"MultiClaw does not retain the following values in their original form:",[121,1391,1392,1398],{},[124,1393,1394,1397],{},[22,1395,1396],{},"Plaintext passwords",": MultiClaw Cloud stores only a bcrypt hash of your password. Neither MultiClaw Cloud nor the desktop app is designed to retain the original password.",[124,1399,1400,1403],{},[22,1401,1402],{},"Browser cookies and session tokens",": MultiClaw is not designed to store cookies or session tokens from pages recorded during a workflow.",[15,1405,365],{"id":364},[11,1407,1408],{},"MultiClaw encrypts API keys at rest, scopes tokens to your user account, and keeps session tokens short-lived. The protections above assume:",[121,1410,1411,1414,1417,1420],{},[124,1412,1413],{},"Your OS user account is not shared with other people.",[124,1415,1416],{},"Your device has full-disk encryption enabled (FileVault on macOS, BitLocker on Windows, LUKS on Linux).",[124,1418,1419],{},"You sign out of the desktop app before lending or decommissioning a device.",[124,1421,1422],{},"You keep your device locked when unattended.",[11,1424,1425,1426,1428,1429,49],{},"Without these measures, unencrypted tokens in ",[34,1427,1333],{}," and local storage are accessible to anyone with physical access to the device. For a full breakdown of where platform protections end and yours begin, see ",[81,1430,395],{"href":394},{"title":423,"searchDepth":424,"depth":424,"links":1432},[1433,1434,1435,1436,1437,1438,1439],{"id":1252,"depth":424,"text":1180},{"id":1270,"depth":424,"text":1271},{"id":1321,"depth":424,"text":1227},{"id":1337,"depth":424,"text":1240},{"id":1354,"depth":424,"text":1355},{"id":1385,"depth":424,"text":1386},{"id":364,"depth":424,"text":365},"API keys are encrypted in MultiClaw Cloud, auth tokens rely on OS file permissions, and session tokens live in memory only.",{},9,"\u002Fsecurity-privacy\u002Fhow-credentials-and-secrets-are-stored",[447,1141,1445,446],"security-privacy\u002Fauthentication-and-login-security",{"title":1150,"description":1440},"how-credentials-and-secrets-are-stored","help\u002Fsecurity-privacy\u002F09.how-credentials-and-secrets-are-stored","zk_b1Ew5T-ezUvHLnuGENrO82-pDLoeQaYbEfcU6ESI","How credentials and secrets are stored API keys are encrypted in MultiClaw Cloud, auth tokens rely on OS file permissions, and session tokens live in memory only.",1778463888180]