ClawHosters

Strong dedicated VPS isolation model. Docs state 'Every ClawHosters instance runs on its own dedicated Hetzner Cloud VPS in Germany. Your data never leaves German soil. There is no shared hosting, no multi-tenant containers, and no resource pooling between customers.' Chat data stays on user VPS and 'ClawHosters does not have access to the content of your AI conversations.' No mention of data being used for AI training. However, no third-party audit validates these claims, and the Privacy Policy mentions 'Regular security audits and penetration testing' without providing evidence or reports.

Docs describe Docker container isolation with 'No privilege escalation. Security flags prevent unauthorized privilege elevation' and 'No cross-instance communication.' However, there is no mention of prompt injection defenses, sandboxing for code execution beyond Docker, human-in-the-loop approval workflows, or memory integrity protections. The architecture relies on standard Docker security without agent-specific hijacking mitigations.

BYOK API keys are 'Encrypted with Rails credentials (AES-256-GCM)' at the application level. API tokens are 'Hashed, only shown once on creation.' Passwords hashed with bcrypt. FAQ states 'Your keys are stored encrypted and never logged.' However, gateway authentication uses HTTP basic auth with SHA256-hashed passwords (not bcrypt), and there is no mention of credential leak detection in outputs, credential rotation, or preventing credentials from appearing in AI model context.

No information found about guardrails against agent misbehavior. No mention of spending limits on API calls, approval workflows for agent actions, kill switches, rate limiting on agent operations, least-privilege tool access, or behavioral monitoring. The platform focuses on hosting infrastructure rather than agent safety controls.

Snapshots are created when instances are paused but 'kept for 3 days' only, after which instances are 'permanently deleted.' Data portability is addressed: 'Access your instance via SSH or the web UI and copy your conversation history' and config export is available. Backup add-on is 'Coming Soon' per the roadmap. FAQ states 'We don't offer formal SLA guarantees, but we take uptime seriously.' The 3-day deletion window after balance runs out is short and risky.

Transparent Claws-based billing system with clear daily rates (60/105/175 Claws per day). FAQ states 'We'll warn you at 7, 3, and 1 day of remaining balance.' Pricing page shows 'No hidden fees.' No markup on BYOK API costs: 'BYOK is free. You pay your API provider directly.' Terms reserve right to change terms with email notification. However, no hard spending caps on API usage, and the Claws system with variable EUR conversion rates adds some complexity.

All servers in Germany under GDPR with named data controller (Daniel Samer). Detailed GDPR compliance docs with all Article 15-21 rights documented. Sub-processors listed (Hetzner, Stripe, Coinbase). Server logs retained 90 days. Privacy Policy mentions 'Regular security audits and penetration testing' and 'Strict access control and employee training' but no audit reports provided. Responsible disclosure process exists via support tickets with 48-hour acknowledgment. No formal incident response timeline or breach notification SLA published.

Homepage states 'Auto-updates included' and architecture docs confirm 'pre-configured snapshot' deployments from a 'custom image extending the community OpenClaw Docker image.' No mention of dependency scanning, SBOM, MCP server vetting, supply chain verification, or image signing. The platform depends on upstream OpenClaw Docker images and multiple LLM providers (Anthropic, OpenAI, Google, DeepSeek, Groq, OpenRouter) without published data handling policies for each.

Detailed network security: 'default DROP policy on the INPUT chain,' rate limiting, brute force protection with auto-ban, cloud-level firewall as defense-in-depth. TLS for all web traffic. Password hashed with bcrypt. API tokens with Bearer auth over HTTPS. SSH key-based only (password login disabled). However, no MFA available yet (FAQ: 'We are planning to add two-factor authentication (2FA) in a future update'). HTTP basic auth for gateway is a weaker authentication mechanism. No mention of independent penetration testing results. Sole proprietor operation (Kleinunternehmer) limits organizational security maturity.

No information found about mitigations for AI hallucinations, output manipulation, approval workflows for high-impact agent decisions, or mechanisms to verify agent output reliability. The platform provides the hosting infrastructure but does not address trust exploitation or misinformation risks at the agent layer.