TapnClaw

TapnClaw uses dedicated VPS instances per user (Hetzner), providing strong per-user isolation. The homepage states 'Your private AI assistant runs on a dedicated server that yours alone — your data never touches anyone elses' and the privacy policy confirms 'TapnClaw does not access, monitor, or store this data.' However, the claim that 'Theres no way for us to access your chats, even if we wanted to' is likely overstated since as the VPS provisioner they likely retain root/management access. No mention of encryption at rest, no data training exclusion policy, and no employee access audit trail.

No mention of prompt injection protections, sandboxing for code execution, human-in-the-loop for goal changes, memory integrity protection, or any agent-level security controls. The platform positions itself as pure infrastructure ('TapnClaw provides infrastructure to host OpenClaw but makes no warranties about its functionality') and defers all agent-level security to the user. The dedicated VPS model prevents cross-tenant interference but provides zero protections against hijacking of the agent itself.

The homepage claims 'Your passwords and keys stay on your server only — never stored by us' and the privacy policy confirms 'We do NOT store your API keys, bot credentials, or any data processed by your OpenClaw instance.' The dedicated VPS model means credentials are not in a shared database, which is structurally good. However, there is no mention of encrypted credential storage on the VPS, no credential rotation, no leak detection in outputs, and the security of credentials depends entirely on OpenClaw defaults.

No mention of any guardrails against agent misbehavior: no spending caps, no rate limiting, no kill switch, no behavioral monitoring, no least-privilege controls, no approval workflows. The risk disclosure explicitly states 'You are solely responsible for reviewing and validating all AI outputs before acting on them.' The proactive messaging design ('it messages you — not the other way around') increases rogue risk since the agent initiates actions autonomously.

'Daily backups' is listed as a feature for all plans, but the risk disclosure contradicts this by stating 'TapnClaw does not back up, monitor, or have access to this data.' A 7-day grace period before deletion is noted in the terms. No data export capability mentioned, no uptime SLA, and the provider is brand new (February 2026) with unknown stability.

Pricing is clearly documented: $19.99/month or $14.99/month quarterly ($44.97 billed every 3 months). Homepage and pricing page both state 'No setup fees. Cancel anytime.' Stripe handles payments and 'Your card details are never stored on our servers.' However, users must separately pay for their own AI API keys (Anthropic/OpenAI) which could lead to unexpected costs from agent resource consumption that TapnClaw does not cap or monitor.

Privacy policy references GDPR and CCPA rights and provides a contact email (privacy@tapnclaw.com). Terms specify Florida jurisdiction and binding arbitration. However, no company registration information, no named individuals, no physical address, no incident response process documented, no breach notification timeline, no audit logging of agent actions, and no security monitoring. The risk disclosure explicitly disclaims all liability.

The privacy policy discloses key dependencies: 'Google (authentication), Stripe (payments), Hetzner (VPS hosting), Cloudflare (DNS and tunneling), and Vercel (platform hosting).' This transparency is good. 'Automatic security updates' is claimed as a feature but with no details. No dependency scanning, SBOM, MCP server vetting, or build pipeline security mentioned. The risk disclosure notes 'OpenClaw is third-party open-source software not developed, maintained, or controlled by TapnClaw.'

HTTP headers show strong security configuration: Content-Security-Policy, Strict-Transport-Security with preload, X-Frame-Options DENY, X-Content-Type-Options nosniff, Referrer-Policy strict-origin-when-cross-origin, and Permissions-Policy restricting camera/microphone/geolocation. TLS via Google Trust Services. Authentication is Google OAuth only (no password to brute-force). Dashboard properly auth-gated. However, CSP includes unsafe-inline and unsafe-eval, no independent security testing mentioned, and no MFA beyond Google account security.

The risk disclosure honestly states 'AI assistants may produce inaccurate, misleading, or unexpected outputs' and 'TapnClaw makes no guarantees about the behavior, accuracy, or reliability of your AI assistant.' This is transparent but provides zero actual mitigations. No approval workflows, output verification, undo/rollback capability, hallucination detection, or mechanisms to prevent acting on false AI outputs. The proactive messaging model ('it messages you') increases risk.