FeaturesHow it worksPricingFAQJoin Waitlist

Security at ClawSprout

Data Handling

ClawSprout collects your email address when you join the waitlist and stores agent configuration data (SOUL.md, AGENTS.md, HEARTBEAT.md) generated through the setup wizard. All configuration files are stored in encrypted, isolated workspaces per user. We do not retain copies of deployed agent configurations after export.

Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). API keys and credentials are stored using industry-standard secret management.

Infrastructure

Hosted on European infrastructure. Application containers are isolated per deployment. No shared tenancy between customers.

Access Control

Each user workspace is isolated at the container level. Agent configurations and deployment credentials are scoped per workspace and cannot be accessed by other users. One-click deploy credentials are short-lived and scoped to the target platform.

Compliance Roadmap

  • SOC 2 Type I — targeting Q3 2026
  • GDPR — compliant by design (EU hosting, data minimization, right to deletion)

Responsible Disclosure

Found a vulnerability? Email security@clawsprout.com. We respond within 48 hours.

Questions

For security inquiries, contact security@clawsprout.com.