OC
Back to Command Center
Privacy Manifesto

Professional-Grade Autonomy. Zero-Cloud Compromise.

This isn't a privacy policy. It's an engineering specification. Every privacy guarantee below is enforced by architecture, not by promise.

Our Promises

Architecturally enforced. Cryptographically verifiable.

No Data Transmission Without Explicit User Confirmation

Every byte leaving your device requires your explicit approval. No silent telemetry, no background syncs, no analytics payloads. Period.

Zero Telemetry by Design

No crash reporters. No usage analytics. No session recordings. We don't know how you use our product — and we never will.

AES-256 Hardware Encryption

All data at rest is encrypted with AES-256-XTS. Disk encryption via LUKS2 + TPM binding ensures data is inaccessible without your hardware key.

Air-Gapped Inference

LLM inference runs entirely on your local NPU and GPU. Models are loaded from encrypted storage and never transmitted over any network.

No Cloud Dependencies

Core functionality requires zero internet connectivity. Your AI agents operate on local data, local models, and local network services.

Auditable Supply Chain

Full Software Bill of Materials (SBOM) shipped with every device. Every binary, every dependency, every firmware module — verifiable and signed.

Technical Implementation

How the architecture enforces every promise above.

Data Storage

  • Session data stored in sessionStorage only (cleared on tab close)
  • No cookies, no localStorage persistence, no IndexedDB tracking
  • Cart state exists only in browser memory

Payment Processing

  • Stripe and LemonSqueezy handle checkout sessions externally
  • No credit card data touches our servers or your device
  • PCI compliance handled entirely by payment providers

Network Policy

  • Agent-to-agent communication on local network only (port 11434)
  • No outbound connections without user-initiated action
  • DNS queries optional — mDNS used for local device discovery

Authentication

  • WebAuthn Passkeys — no passwords stored anywhere
  • Auth tokens in HTTP-only cookies (session-scoped)
  • No PII stored in our database — only device IDs and subscription status

The OpenClaw Promise

“We believe privacy is not a feature toggle. It's an architecture decision.”