OpenClaw Cloud

Claims 'Each OpenClaw Cloud instance runs on a dedicated server in Germany (Hetzner data centers), fully GDPR compliant' and 'Your data is completely isolated from other users and never leaves the EU. We don't access, read, or analyze your conversations or files. Everything is encrypted at rest and in transit with SSL/TLS.' These are marketing assertions with no technical detail on how isolation is enforced, no encryption specification, and no mention of employee access controls or audit trails. The SOC 2 Type 2 claim on the security page refers to Hetzner's infrastructure, not the provider's own operations.

The security page documents specific OpenClaw upstream features: 'Tool policies whitelist allowed operations', 'Working directory restrictions prevent access outside designated folders', 'Human-in-the-loop approval for high-risk commands', and 'Optional Docker containerization for complete isolation.' It also shows a concrete tool policy YAML configuration example. However, these are features of the open-source OpenClaw software, not custom security measures by the hosting provider. No information on prompt injection mitigation or memory integrity protections specific to the hosted service.

States 'API keys stored encrypted at rest using your system's keychain or encrypted config files' and mentions 'Easy Rotation' and 'Expiry Warnings' for API tokens. However, the BYOK model means users enter API keys through a web dashboard, and there is no detail on how the provider encrypts or isolates these credentials on their infrastructure. No mention of credential leak detection in outputs or whether keys are excluded from AI model context. The security blog post advises 'Never commit keys to git' but this is self-hosting advice, not a hosted platform feature.

Documents specific guardrails: tool policy system with allowlists/denylists, per-user rate limiting with configurable 'daily_budget' and 'monthly_cap', human-in-the-loop approval for high-risk commands, and working directory restrictions. The YAML configuration examples for rate limits and tool policies are concrete. However, it is unclear which of these are pre-configured defaults on the managed service versus requiring user configuration, and there is no mention of an emergency kill switch or behavioral monitoring beyond what the upstream software provides.

Claims 'Automatic daily backups of your data. Encrypted and stored separately. Restore anytime from the dashboard' and 'data is retained for 7 days in case you change your mind, then permanently deleted' after cancellation. Also claims 'You can export all your data at any time before cancellation from the dashboard.' No details on backup testing, restore procedures, or what happens if the provider itself shuts down. The provider has no visible corporate entity, making provider stability a significant concern.

Pricing is clearly published: Starter $19/mo, Pro $39/mo, Max $79/mo with specific resource allocations. States '2-day free trial on all plans — no charge until day 3, cancel anytime' and 'AI credits sold separately or bring your own API keys.' The BYOK option plus documented rate limiting with 'daily_budget' and 'monthly_cap' configurations provide some cost control. However, no price change notification policy exists, and the lack of Terms of Service means pricing commitments are unenforceable.

No Terms of Service page exists. No legal entity name, address, or registration is disclosed anywhere on the site. The privacy policy lists only 'privacy@setupopenclaw.com' as contact. The footer disclaims 'Not affiliated with OpenClaw' on several pages. No incident response process, breach notification timeline, audit logging details, or compliance documentation is published. There is no identifiable data controller for GDPR purposes despite claiming 'fully GDPR compliant.' This is the most significant gap across all categories.

The provider relies on Hetzner for infrastructure, Polar.sh for payments, and the open-source OpenClaw project for the core software. States 'OpenClaw is open source. You can read every line of code on GitHub' in the security blog post. No mention of dependency scanning, update verification, MCP server vetting, or SBOM. Automatic updates are claimed ('Software updates: Automatic') but no detail on how updates are verified or whether there is a review process before deploying upstream changes to customer instances.

The cloud dashboard login at cloud.openclaw.you shows email/password authentication with no visible MFA option. Claims 'Managed SSL Certificates' with 'Automatic SSL certificate provisioning and renewal' and 'Isolated Server Environments' where 'Each OpenClaw Cloud instance runs in its own isolated container.' The security page claims '0 Exposed Ports' and '4 Security Layers' and 'E2E Encrypted' but these appear to describe the upstream OpenClaw architecture, not the web dashboard or API security. No mention of penetration testing, security audits, or independent security assessment of the hosting platform itself.

No mention of hallucination mitigation, output verification, approval workflows for high-impact decisions, or any measures to address AI-generated misinformation. The upstream OpenClaw project's human-in-the-loop for command execution partially addresses this for actions, but there is no discussion of output reliability, trust exploitation, or verification mechanisms for information the agent provides to users.