StartClaw

The FAQ states 'Every agent runs on its own isolated cloud server with encrypted connections (TLS 1.3) and AES-256 encryption at rest. You own your API keys and data — we never access them.' The privacy policy adds 'Isolated cloud instances for each customer' and notes agent data 'is not accessed by StartClaw staff except when required for technical support with your explicit consent.' The about page claims 'Privacy by Design' and 'We never train on your conversations or share your information.' However, these are marketing-level claims with no technical detail on how isolation is implemented (no mention of gVisor, Firecracker, or specific VM hypervisor). The deploy page mentions 'Isolated cloud VM with TLS 1.3' and 'AES-256 encrypted storage', which names specific technologies but without architectural detail on how per-user isolation is enforced, employee access is audited, or log sanitization works.

No information found on prompt injection defenses, memory integrity protection, human-in-the-loop for goal changes, output encoding/sanitization, or container escape prevention. The security blog post briefly mentions 'OpenClaw has built-in sanitization' for prompt injection but attributes this to the upstream open-source project, not to any StartClaw-specific mitigation. No mention of hardware-enforced sandboxing, separation of instructions from external data, or provenance tracking for agent memory.

The FAQ says 'You own your API keys and data — we never access them' and the deploy page states 'End-to-end encrypted'. The privacy policy mentions 'Secure storage of OAuth tokens' and 'Encryption in transit (TLS) and at rest.' The security blog lists 'Encrypted storage - Credentials encrypted at rest' as a StartClaw feature. However, there is no detail on how credentials are encrypted (what KMS, whether envelope encryption is used), no mention of credential leak detection in outputs, no credential rotation support, and no documentation of least-privilege access patterns. The claim of 'end-to-end encrypted' on the deploy page is unsubstantiated — true E2E encryption would mean StartClaw cannot access the data at all, which contradicts the privacy policy's allowance for staff access with consent.

The security blog mentions 'Set rate limits on actions' and 'Require approval for bulk operations' and 'Monitor activity logs' as mitigations, but frames these as user responsibilities rather than platform features. The features page mentions 'Scheduled Tasks' with 'Cron-style scheduling' but no kill switch, no behavioral monitoring, no least-privilege enforcement, and no high-risk tool classification or gating. There is no evidence of spending caps on agent actions, resource consumption limits, or emergency stop mechanisms built into the platform.

The privacy policy states data is retained 'for up to 30 days' after deletion for account recovery. Cancellation FAQ says 'You can delete your server immediately or keep it running until the end of your billing period.' The pricing page claims '99.9% Uptime' and the features page lists 'Data export/delete' under Enterprise Security. However, there is no detail on backup strategy, no mention of tested restores, no data export format or procedure documentation, and no information about what happens if StartClaw shuts down. The provider appears to be a small startup (founded 2024) with no disclosed funding or stability signals beyond user count claims.

Pricing is clearly documented: Starter at $49/mo with $15 credits, Pro at $99/mo with $25 credits, Done-For-You at $1,500 one-time. The pricing page states 'No hidden fees' and 'Cancel anytime. No questions asked.' Credits are explained: '1 credit = $0.01' and 'Unused credits roll over to the next month.' The FAQ explains what happens when credits run out: 'purchase additional credits anytime, or add your own API keys as a fallback.' The terms note 'We may change pricing with 30 days notice.' A 30-day money-back guarantee is offered. However, there are no hard spending caps, no usage monitoring alerts mentioned, and the credit system could lead to unexpected costs if agents consume credits rapidly without the user noticing.

The privacy policy lists standard data rights (access, correction, deletion, portability) and provides contact at privacy@startclaw.com. The terms mention 'StartClaw Inc.' as the operating entity. The privacy policy notes 'Your data may be transferred to and processed in countries other than your country of residence' with 'standard contractual clauses.' The security blog mentions 'Activity monitoring - Unusual patterns detected' but provides no detail on incident response processes, breach notification timelines, audit logging capabilities, or agent action audit trails. No GDPR-specific compliance documentation, no DPA offered, and no transparency reports.

No information found on MCP server or tool vetting, dependency scanning, SBOM, build pipeline integrity, or how third-party AI provider data policies are managed. The marketplace allows third-party templates (24 templates available, some paid) with no visible security review process or vetting criteria. No mention of how automatic updates are verified or how the supply chain for deployed agents is secured.

The login page shows Google OAuth and email/password authentication but no MFA option. The features page claims 'SOC 2 compliant' and the security blog says 'SOC 2 in progress' — these are contradictory claims (one says compliant, the other says in progress). No evidence of independent security testing, penetration testing, or bug bounty program. The deploy page mentions 'Isolated cloud VM' and 'Full root access' which, if true, provides some isolation but also increases attack surface. No mention of SSRF protection, injection prevention, secure defaults, or inter-agent communication security. Payments are processed via Stripe, which is a positive signal for payment security.

No information found on approval workflows, independent verification for high-impact decisions, output manipulation monitoring, undo/rollback capability, or transparency about AI uncertainty. The platform appears to be a straightforward deployment tool with no visible guardrails against hallucinations or trust exploitation.