BYOK architecture. Data residency. Audit logs. SLA guarantees. Parent-org controls. A security posture built for legal, financial, and regulated professional services.
You own your AI provider relationship. We provision the infrastructure; you control the intelligence layer.
Your AI provider API keys are entered directly into your OpenClaw instance on your own server. They are never transmitted to, stored on, or accessible through OpenClawInstall.AI infrastructure. Setup is the last time your keys are handled by our automation β and only then if you opt for guided installation.
Every OpenClaw instance runs on a dedicated server assigned exclusively to your organization. No shared tenancy. No cross-customer data exposure. All prompts, responses, and session state remain on your infrastructure from day one.
Rotate your API keys through OpenClaw's dashboard at any time. No involvement from OpenClawInstall.AI required. If you use OpenClaw Credits instead, no API keys are needed at all β we handle provider access on our own infrastructure.
OpenClaw supports Claude, GPT-4, Gemini, Kimi K2.6, MiniMax, and Ollama simultaneously. Switch models or providers without re-installing. Your deployment is provider-agnostic by architecture, not by promise.
| Capability | BYOK (Your Keys) | OpenClaw Credits | Shared-Key SaaS |
|---|---|---|---|
| API keys stored by vendor | β Never | β N/A (no keys) | β Yes |
| Data stays on your server | β Always | β Per-plan | β Vendor cloud |
| Direct provider billing | β Yes | β Handled by us | β No |
| Multi-model support | β All providers | β All providers | β Single provider |
| Key rotation control | β Instant | β Via dashboard | β Requires support |
| Enterprise audit trail | β Full | β Standard | β Limited |
Cloud deployments are available across seven regions. On-Site and Ship-In deployments keep all data on your hardware, in your facility.
Ashburn, VA β optimal for East Coast law firms, financial services, and Greater Philadelphia prospects.
California β for West Coast operations and firms with California jurisdictional requirements.
GDPR-resident. For EU-based firms or organizations with EU data governance requirements.
Post-Brexit UK residency for SRA-regulated law firms and UK professional services.
PIPEDA-compliant deployment for Canadian firms and federally regulated industries.
Your hardware. Your network. Zero data leaves your facility. Full physical control β ideal for privilege-sensitive practices.
For Australian firms and APAC operations requiring data locality within the region.
Every deployment is isolated, encrypted, and access-controlled from the first provisioning step.
SSH key-pair auth only, firewall locked to known IPs, automatic OS security patches, and no unnecessary services running. Every server ships locked down.
All inbound connections (Telegram, Discord, Signal, Slack, webhooks) are encrypted in transit. AI provider API calls are made over HTTPS with TLS 1.2+.
OpenClaw session logs are written to your server's local disk only. We do not receive, aggregate, or store your conversation logs on any external system.
OpenClaw is open-source. Every dependency, integration, and API call is inspectable at github.com/p intermed/openclow. No black-box AI processing.
Cloud deployments are backed by a 99.9% monthly uptime SLA. On-Site deployments carry no SLA from our side since the hardware is yours β but we provide documentation to build your own.
We maintain active alignment with major compliance frameworks. Current status for each is listed below.
Security, availability, and confidentiality trust service criteria
In Progress β 2026EU data protection regulation for EU-resident data processing
Active β EU regionUK data protection post-Breuit for UK-resident processing
Active β UK regionCanadian personal information protection for Canadian deployments
Active β CA regionArchitecture supports privilege-protected deployments (on-premise recommended)
Architecture ReadySigned DPA available for enterprise engagements upon request
Available on RequestMaster services agreement with custom liability, IP, and SLA terms
Available on RequestCalifornia Consumer Privacy Act alignment for CA residents' data
ActiveEnterprise customers get a complete, exportable audit trail of all administrative actions taken on their deployment.
Every server config change, user permission update, channel connection, and API key rotation is timestamped and logged locally on your server.
Export conversation histories in JSON or CSV for compliance archiving, litigation holds, or internal review β no data leaves your server.
See who accessed the admin panel, when, from what IP, and what was changed. Retained for 12 months locally.
Monthly AI usage reports broken down by model, user, and channel. Available via dashboard export for billing reconciliation.
Configurable alerts for unusual access patterns, new API key usage, or administrative changes outside business hours.
Annual data export package for auditors: access logs, config snapshots, and usage summaries in a ZIP archive.
Enterprise parent accounts manage billing, seat allocation, and rollout policy from a single dashboard β with granular controls over what each tier can and cannot do.
The parent org owns the master billing account, defines the default AI lane, and sets organization-wide policies (allowed channels, data residency, allowed AI models). The parent can enable or disable any per-seat capability globally.
Add seats in bulk or in cohorts. Stage the rollout by department, role, or geography. New seats inherit the organization's default AI lane but can be assigned custom lanes independently.
Each seat can run its own independent OpenClaw instance or share a team-scoped instance. Shared instances give the parent org visibility while keeping individual user sessions private.
Revoke any seat instantly from the parent dashboard. All API keys, session data, and channel integrations for that seat are deactivated. Data can be retained per the organization's retention policy.
Our incident response process is time-bound, transparent, and built around minimizing impact to your operations.
P1 incidents (core functionality down) are acknowledged within 1 hour during business hours, 4 hours off-hours. P2 incidents acknowledged within 4 hours. A support ticket is opened and a dedicated Slack/Teams channel is established for enterprise customers.
We identify affected systems, customer impact scope, and whether any customer data is at risk. You receive a status page update and direct notification if your organization is in the affected scope.
Affected services are isolated. API keys can be rotated by you at any time without our involvement. Temporary workarounds (channel switches, fallback model routing) are documented and shared.
Most incidents are resolved within 24 hours. If longer, we provide a concrete ETA, executive-level updates every 8 hours, and a root cause analysis within 5 business days of resolution.
Enterprise customers receive a written root cause analysis, timeline of events, and a preventive action plan with completion dates. Shared within 5 business days of incident resolution.
We run automated security scanning, maintain a vulnerability disclosure program, and apply patches systematically.
All OpenClaw releases are scanned for known vulnerabilities in dependencies before deployment. Infrastructure undergoes automated network-level scanning weekly.
Critical CVEs patched within 72 hours of disclosure. High-severity within 14 days. All patches tested in staging before production rollout.
Annual third-party penetration test conducted by a qualified security firm. Results shared with enterprise customers under NDA upon request.
Security researchers can report vulnerabilities via [email protected]. We acknowledge within 24 hours and target resolution within 90 days for valid findings.
The questions enterprise buyers ask before signing.
You own all data generated by your AI agent β prompts, responses, session logs, and any files processed. We claim no ownership, no license, and no rights to your data. Our automation only touches provisioning and infrastructure management, never the content of your sessions.
Yes. We provide a standard DPA and MSA for all enterprise engagements. For firms with specific requirements, we accommodate reasonable redlines. Standard turnaround on MSA review is 5 business days. Contact us at [email protected].
You can export all session logs, configuration files, and usage data at any time before cancellation. Within 30 days of account closure, we delete all customer-provisioned data from our infrastructure. On-Premise and Ship-In deployments leave zero data on our systems since all data stays on your hardware.
Only if you grant explicit, time-limited access through a support session you initiate. We do not have standing access to any customer deployment. All access is logged in the audit trail. Cloud deployments can be configured to block all remote access β in that mode, troubleshooting requires you to share specific logs voluntarily.
No. We do not use customer prompts, responses, or any session content to train, fine-tune, or improve any AI model β ours or any third party's. This is explicitly prohibited in our terms of service and our AI provider agreements.
Yes. Our current sub-processor list is available on request and includes: cloud infrastructure providers (Hetzner, Vultr), payment processor (Stripe), and support tooling (Discord, email). We notify enterprise customers 30 days before adding any new sub-processor.
We support any AI provider that offers a public API. Current first-class integrations include Anthropic (Claude), OpenAI (GPT), Google (Gemini), Moonshot (Kimi K2.6), MiniMax, and Ollama for local models. We do not favor any provider algorithmically in our recommendations. BYOK means you select β not us.
Talk to a solutions engineer about enterprise deployment, compliance requirements, or a custom MSA.
Enterprise sales: [email protected] Β· Response within 1 business day