GetClaw.ai

Homepage claims 'isolated, encrypted environment' and 'no shared tenancy' and 'no data mining,' but provides zero technical details about how isolation is implemented (no mention of container technology, encryption algorithms, or access controls). The FAQ states 'Your data never leaves your instance. You own everything.' These are marketing assertions without documented specifics. No privacy policy exists (404). No mention of data retention policies, log sanitization, or employee access controls.

The '5 Mistakes' blog post discusses prompt injection risks and recommends tool allowlists, exec security allowlists, and approval flows — showing awareness of the problem. However, these are presented as user-configurable best practices, not as platform-enforced protections. No mention of hardware-enforced sandboxing, container escape prevention, memory integrity protection with provenance tracking, or separation of instructions from external data at the platform level. No documentation of how code execution is sandboxed.

The launch announcement claims BYOK model where 'Your API keys stay in your instance. We never see them, store them centrally, or have access to your AI provider accounts.' The 'OpenClaw ChatGPT Moment' post mentions 'Credentials are encrypted.' These are marketing claims without technical detail — no mention of what encryption is used, how keys are stored (HSM? KMS? environment variables?), whether credentials appear in logs, or credential rotation capabilities. No documentation of credential lifecycle management.

The '5 Mistakes' blog post provides the most detail here, discussing tool allowlists, exec security modes, approval flows for sensitive actions, rate limits, DM/group policies, per-channel tool restrictions, and a kill switch (/stop, /pause, restart). These are described as configurable OpenClaw features available through GetClaw. This is the strongest category, though evidence is still 'Claimed' since these features are described in a blog post rather than in technical documentation, and there's no way to verify the implementation.

Homepage and FAQ claim 'Export your entire config, data, and agent memory at any time' and '99.9% uptime SLA.' The 'OpenClaw ChatGPT Moment' post mentions 'Automatic restarts, health checks' and zero-downtime migration assistance. However, there is no documentation of backup procedures, disaster recovery, data deletion policies after cancellation, or what the SLA actually guarantees (no SLA document found). No terms of service exist. Provider stability is low — very new (launched Feb 8, 2026), small team, no funding information.

Pricing is clearly published on the homepage: $29/mo Starter, $49/mo Pro (coming soon). Specific instance specs are listed (t3.small/medium, RAM, vCPUs). The BYOK model means AI API costs are transparent and paid directly to providers. The launch post states 'No complicated tiers. No hidden fees. No per-message markup.' However, there are no documented hard spending caps, no usage monitoring/alerts, and no price change notification policy. Scored higher because pricing transparency is above average for the category, with specific infrastructure specs and no markup on API costs.

No privacy policy (404), no terms of service (404), no security page (404), no documentation (404), no about page (404). There is no information about data jurisdiction, GDPR compliance, audit logging, incident response processes, or breach notification timelines. The only contact method is hello@getclaw.ai. The founder is identified but there is no company registration information, no legal entity disclosed, and no accountability infrastructure whatsoever. This is a critical gap.

The platform is built on OpenClaw (open source, linked to GitHub). The blog mentions 'Managed updates' for OpenClaw security patches. However, there is no documentation of dependency scanning, MCP server vetting, build pipeline integrity, component inventory (SBOM), or how third-party tool security is assessed. The reliance on OpenClaw as open source is a positive signal for transparency, but the lack of any documented supply chain security practices keeps this score very low.

The login page shows basic email/password authentication with no MFA option visible. No documentation exists about the platform's security architecture — no mention of injection prevention, access control implementation, SSRF protection, TLS configuration, or security testing. The site does use HTTPS. No security headers were inspected but the absence of any security documentation, no penetration test results, and no MFA support are significant concerns for a platform that hosts autonomous agents with access to user credentials and accounts.

The '5 Mistakes' blog post discusses approval flows and escalation rules as configurable features, and the 'Soul Change' post is a thoughtful exploration of agent trust boundaries. The homepage mentions 'persistent memory' but doesn't discuss hallucination mitigation, output verification, or undo/rollback capabilities. The agent rogue mitigations (approval flows, allowlists) provide some indirect protection against misinformation-driven actions, but there is no explicit documentation of output verification, prompt injection monitoring, or transparency about AI uncertainty.