Your messages don't visit our servers.

What we don't do

• No telemetry. The binary makes zero outbound connections to Neul Labs.
• No upload of conversations. Pi's context is local.
• No tracking pixels. This site uses no analytics by default.
• No account required. There's nothing to sign up for.

What does leave your machine

• LLM provider traffic. When you talk to Claude/GPT/Gemini, the prompt + tool calls go to that provider. Pick a provider with a privacy posture you trust.
• Channel APIs. Sending a WhatsApp reply means talking to WhatsApp's servers. That's how WhatsApp works.
• Software updates. If you opt in, npm/Docker registries see version pulls.

Encryption at rest

The credentials table is encrypted with a key stored in the OS keychain. The session database is not encrypted by default — if your filesystem isn't encrypted, encrypt it. We provide a one-flag option to wrap the whole database in an SQLCipher layer.

Threat model

We assume the following are out of scope:

• An attacker with root access to your machine.
• A compromised LLM provider.
• A compromised messenger (you trust WhatsApp's E2E claims as much as openclawOS does).

We protect against:

• Accidental disclosure (no logs include prompts or messages unless you opt in to verbose).
• Misconfigured bindings routing messages to the wrong agent (the Gateway double-checks sender identity).
• Prompt-injection-via-channel — Pi's tool execution is sandboxed and requires explicit binding approval for write-side tools.

Reporting a vulnerability

Email security@neullabs.com. PGP key on request. We acknowledge within 48h and aim to patch within 14 days; upstream patches are coordinated with the openclaw maintainers.