FeaturesHow it worksPricingFAQJoin Waitlist

Security at ClawJolt

Data Handling

ClawJolt processes webhook payloads from external services (Stripe, GitHub, email providers) and routes them to your OpenClaw agents. Webhook payloads are held in memory during processing and not persisted after delivery. Trigger configurations and routing rules are stored encrypted per workspace.

Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). API keys and credentials are stored using industry-standard secret management.

Infrastructure

Hosted on European infrastructure. Application containers are isolated per deployment. No shared tenancy between customers.

Access Control

Each trigger has its own unique webhook URL and signing secret for payload verification. Triggers are scoped per workspace and cannot access other workspaces' agents. Third-party service credentials (Stripe keys, GitHub tokens) are stored in isolated vaults per user.

Compliance Roadmap

  • SOC 2 Type I — targeting Q3 2026
  • GDPR — compliant by design (EU hosting, data minimization, right to deletion)

Responsible Disclosure

Found a vulnerability? Email security@clawjolt.com. We respond within 48 hours.

Questions

For security inquiries, contact security@clawjolt.com.