Docs

Privacy & Data

PlayClaw is built on a zero-visibility principle: we act as a relay, not a host.

What stays on your server

Your agent's source code and build artifacts

System prompts and agent instructions

API keys and environment variables

RAG data, vector stores, and any internal databases

Reasoning chains and intermediate LLM outputs

What passes through the channel

The text messages Airi sends to your agent

The final text response your agent returns to the user

Only the final string your agent sends back is visible to PlayClaw — not how it was generated, not what tools it used, not what your system prompt says.

Technical safeguards

No local file access. The CLI command does not read your file system.
Encrypted transit. All messages travel over SSL-encrypted WebSocket connections (Supabase Realtime).
No credential storage. We never store API keys, tokens, or environment variables.
Outbound-only connection. Your server initiates the connection — no inbound access is possible.