Privacy & Security

ClawDesk was built from the ground up with privacy and security in mind. This guide explains how your data is protected — in plain English, no technical jargon.

The Big Picture

Here's the key thing to understand:

ClawDesk runs on your hardware. Your data stays on your hardware.

Unlike web-based AI tools where everything goes through company servers, ClawDesk runs natively on your machine — whether that's a laptop, a cloud VM, a Raspberry Pi, or a headless server. Your conversations, settings, and agent configurations are stored locally in a database on your machine.

What Data Stays Local

Everything ClawDesk stores is on your hardware, in a local database called SochDB:

Data	Stored Where	Who Can Access It
Your conversations	Your computer	Only you
Agent configurations	Your computer	Only you
Channel settings	Your computer	Only you
API keys (encrypted)	Your computer	Only ClawDesk
Downloaded models	Your computer	Only you
Skills & plugins	Your computer	Only you
Memory & context	Your computer	Only you

When Data Leaves Your Computer

Data only leaves your computer when you explicitly choose to use a cloud AI provider (like Claude, GPT-4, or Gemini). Here's exactly what happens:

When you use a cloud provider:

What gets sent: Your message, relevant conversation history, the system prompt
What doesn't get sent: Your API keys (sent as auth headers only), other conversations, personal files, system data

When you use a local model:

Nothing is sent anywhere. Everything happens on your machine.

The Four Layers of Security

ClawDesk uses a four-layer security system to protect you:

Layer 1: Access Control (Who Can Use Your Bot)

If you connect ClawDesk to messaging platforms (Telegram, Discord, etc.), you can control who's allowed to interact with your AI:

Allowlist mode — Only specific users can chat
Rate limiting — Limit messages per minute to prevent abuse
Channel restrictions — Bot only responds in specific channels

Why this matters: Without access control, anyone could find your bot and send thousands of messages, running up your API costs.

Layer 2: Content Scanning

Every message (incoming and outgoing) is scanned for safety:

Prompt injection detection — Catches attempts to trick your AI into doing something harmful
Sensitive data detection — Warns if someone is sharing passwords, API keys, or personal info
Content policy enforcement — Filters harmful or inappropriate content

In plain English: If someone tries to trick your bot into revealing its instructions or behaving badly, ClawDesk catches it.

Layer 3: Permission System

Each agent and user has specific permissions:

What tools an agent can use (file access, web search, code execution)
What channels each agent can respond on
What actions users are allowed to perform

Think of it like: App permissions on your phone. Just like you choose whether a phone app can access your camera or contacts, you choose what each agent can do.

Layer 4: Audit Trail

Everything that happens is logged with a tamper-proof record:

Every message sent and received
Every tool used by an agent
Every configuration change
Security events (login attempts, permission changes)

The audit trail uses a hash chain — like a chain where each link connects to the previous one. If anyone tries to modify the logs, the chain breaks and you'd know something was tampered with.

How Your API Keys Are Protected

When you enter an API key for Claude, OpenAI, or other providers:

The key is stored locally on your computer
It is never sent to ClawDesk servers (there are no ClawDesk servers!)
Keys are sent only to the respective AI provider during API calls
In the desktop app, keys are stored in your system's secure storage

tip

You can use environment variables instead of entering keys directly:

Set ANTHROPIC_API_KEY in your system
ClawDesk reads it automatically
The key never appears in any config file

Privacy Comparison

Feature	ClawDesk	ChatGPT Web	Claude Web	Gemini Web
Data stored locally	✅	❌	❌	❌
Works offline	✅ (local models)	❌	❌	❌
Open source (auditable)	✅	❌	❌	❌
No account required	✅	❌	❌	❌
No tracking/analytics	✅	❌	❌	❌
Conversations used for training	❌ Never	Opt-out	Opt-out	Check settings
Delete all data instantly	✅ (delete the folder)	Request needed	Request needed	Request needed

For Maximum Privacy

If privacy is your top priority, here's the most private setup:

Use local models only — No internet communication at all
Disable telemetry — Turn off all optional reporting in Settings
Don't connect channels — Keep everything in the desktop app
Encrypt your data directory — Use your OS's disk encryption (FileVault on macOS, BitLocker on Windows)
Review the code — ClawDesk is open source, so you (or someone you trust) can verify everything

Common Questions About Privacy

"Does ClawDesk send my data anywhere?"

No. ClawDesk is a local application with no "phone home" capability. The only time data leaves your computer is when you choose to use a cloud AI provider.

"Can ClawDesk read my files?"

Only if you explicitly give an agent the "file reader" skill and point it to specific files. Agents don't have access to your file system by default.

"What happens if I uninstall ClawDesk?"

All your data (conversations, configs, models) is stored in a local directory. You can delete it completely, and nothing remains. There's no cloud backup unless you set one up yourself.

"Is ClawDesk really free? What's the catch?"

There is no catch. ClawDesk is genuinely open-source software, free to use forever. The developers believe AI tools should respect user privacy. You may need to pay for cloud AI providers (like Claude or OpenAI), but ClawDesk itself is free.

"Can my employer see my ClawDesk conversations?"

No — unless they have physical access to your computer or have installed monitoring software. ClawDesk stores data locally and doesn't report to any server.

Security Best Practices

Keep ClawDesk updated — Updates include security fixes
Use strong API key management — Don't share keys or commit them to version control
Set up rate limiting on channels — Prevent abuse when connecting messaging platforms
Use allowlists for channels — Only let trusted users interact with your bots
Review agent permissions — Don't give agents more tools than they need
Encrypt your disk — Use your OS's built-in encryption for extra protection
Back up your data — ClawDesk can create encrypted backups of your conversations and settings
Review audit logs regularly — Check the Logs page for any unexpected activity

Next Steps

Running AI Locally → — The most private way to use AI
Understanding Agents → — Control what your agents can do
FAQ → — More common questions answered

The Big Picture​

What Data Stays Local​

When Data Leaves Your Computer​

When you use a cloud provider:​

When you use a local model:​

The Four Layers of Security​

Layer 1: Access Control (Who Can Use Your Bot)​

Layer 2: Content Scanning​

Layer 3: Permission System​

Layer 4: Audit Trail​

How Your API Keys Are Protected​

Privacy Comparison​

For Maximum Privacy​

Common Questions About Privacy​

"Does ClawDesk send my data anywhere?"​

"Can ClawDesk read my files?"​

"What happens if I uninstall ClawDesk?"​

"Is ClawDesk really free? What's the catch?"​

"Can my employer see my ClawDesk conversations?"​

Security Best Practices​

Next Steps​