ClawTouch v0.10 / 2026 Documentation

Documentation / Data security & compliance

Data security & compliance

This page describes the safeguards ClawTouch applies to data across its full lifecycle — what touches it, how it moves, where it's stored, and how it's eventually disposed of — together with the product features that support personal-information compliance. This page is marked Preview v0.1; the final compliance language is the one in the formal v1.0 agreement.

01 · How data is classified

At runtime, ClawTouch handles three categories of data, each with its own storage and transport rules:

CategoryExamplesDefault locationLeaves the machine?
User credentials LLM API keys (bring-your-own setups), client login session Encrypted with Windows DPAPI on the local machine No
Operational context Task goals, text summaries of screen state, execution traces Client directory (%USERPROFILE%\.clawtouch\) Only minimum-necessary text summaries are sent to the LLM
Business output Text produced by tasks, exportable reports Client directory on the local machine No (unless the customer explicitly exports it)

02 · Local-first by design

ClawTouch is local-first. The desktop client does everything that matters on the customer's own machine:

  • Parsing and planning the task
  • Reading the screen — screenshots, UI element trees, OCR, vision-model inference
  • Dispatching HID commands and triggering the physical action
  • Storing run logs and task results

When the client calls an LLM — whether the built-in model or your own:

  • Only what's needed goes out: a text summary of state (visible UI elements, the task goal)
  • No raw screenshots, no source documents
  • Requests and responses are not mirrored to our backend

03 · Transport & storage

In transit

  • Client → LLM API: HTTPS (TLS 1.2 or newer), with certificate verification on by default
  • Client → ClawTouch backend (accounts, subscriptions, device metadata): HTTPS
  • Client → HID device: physical USB
  • Client → local browser (via the Sensor extension): local IPC — never leaves the machine

At rest

  • Windows credentials are encrypted with the system's DPAPI under a per-user key
  • Personal information on the server side (e.g. phone numbers) uses Fernet symmetric encryption (AES-128 + HMAC-SHA256)
  • Client logs stay on the customer's machine by default; retention and cleanup are configurable
  • Server-side backups are hosted on cloud resources inside mainland China and encrypted at rest

04 · Personal information

This section is Preview v0.1. The binding compliance language is the post-legal-review v1.0 agreement.

What we've already shipped at the product level:

  • Persisted consent. Terms-of-service and privacy-policy acceptance is recorded on the server. Major version changes trigger a re-consent flow.
  • Minimum-necessary collection. We collect only what we need to run the product — account info, device pairing, subscription, support tickets — and nothing tangential.
  • Right to export. Users can export all data associated with their account in one click.
  • Right to deletion. Users can request account and associated-data deletion. Anything we're contractually required to keep is retained for the statutory minimum period.
  • No cross-border transfer. No data crosses borders. Both production and backups stay inside mainland China.

The compliance frame:

  • We follow China's Personal Information Protection Law (PIPL), Data Security Law, and Cybersecurity Law.
  • We do not currently hold GDPR, SOC 2, or ISO 27001 certification — those require third-party audits we haven't undertaken — and we don't claim to be compliant with them.
  • Before any enterprise engagement, both sides sign a Master Service Agreement (MSA), a Data Processing Agreement (DPA), and a Service Level Agreement (SLA), which spell out the data-handling responsibilities on each side.

05 · Audit & observability

CategoryWhat's capturedWhere it lives
Client run logs Task execution traces, HID command records, error stack traces Local: %USERPROFILE%\.clawtouch\
Client crash records Abnormal-exit reports with stack snapshots Local
Server application logs Account, subscription, device, and ticket operations ClawTouch backend, archived monthly
Server alerting Application-layer ERROR-level alerts on a 60-minute cooldown Email (our side) + WeChat push (for subscribed users)
Compliance audit support
(custom add-on)		 Full operational log exports on demand Delivered per contract

06 · Customer-side controls

Once deployed inside your environment, you control the following knobs:

  • Outbound allowlist. The client can be locked to a specific set of LLM API domains.
  • Retention policy. Log retention duration and cleanup cadence are both configurable.
  • Managed-mode toggles. Certain managed-mode types (e.g. 24-hour continuous, recurring schedules) can be turned off.
  • Admin access control. The mini-program enforces per-account permission tiers; the custom desktop admin console supports multi-user roles.
  • Offline deployment (custom add-on): run entirely disconnected from our backend. See Offline private deployment.

Additional capabilities available as custom add-ons:

  • Anomalous-login alerts, unusual-activity monitoring, MFA hardening
  • Full operational log export for compliance audit support
  • Integration with your existing SIEM or audit system (built on request)