Serious buyers

Architecture and process: privacy, residency, and controls

For teams that need clear language about where data lives, what we can offer, and what stays on your side—without compliance badges we cannot back in writing.

OpenClaw Operations & trust Talk to Blackrack

Privacy by architecture

The typical deployment is self-hosted: OpenClaw and agreed apps run on a server you choose or that we operate under a defined scope. Work data usually lives in volumes and backups under that boundary; calls to cloud LLM providers are third-party traffic and bill separately.

  • We separate what stays on your host from what flows to AI vendor APIs when you use them.
  • Secrets (API keys, integrations) are stored on the server as agreed—not pasted into public channels.
  • Exact scope (services, channels, integrations) belongs in the proposal and per-environment handoff.

Data residency and regions

We can align deployment to a cloud region when the provider supports it and the budget covers it. We do not claim to satisfy a specific country’s legal framework unless that is contracted and reviewed for your case.

  • Managed VPS: we pick region with you from the provider’s available options (for example AWS or another).
  • BYO / on-prem: you define where the hardware lives; we install and document within that location.
  • If you need a specific DPA or regulatory review, that is discovery work and optionally outside counsel—not generic copy on this page.

Logging, retention, and customer access

What is configurable depends on the product and infrastructure provider. We align expectations in writing instead of promising a default enterprise SIEM.

  • On managed hosts: OS and health logging as agreed; retention matched to risk and storage cost.
  • You can request configuration exports and backup paths in handoff for your own archive or internal review.
  • Blackrack access to the server is operational and on agreed channels—not blanket standing access by default.

Human-in-the-loop

Serious deployments usually combine automation with human review: what the assistant may do, in which channels, and which actions require human confirmation in your org.

  • Channel and integration boundaries: we configure with you, not as a vague promise.
  • Inbound messaging allowlists when the product supports them, to reduce abuse surface.
  • Sensitive changes (new providers, large credential moves) fit better as a controlled change with explicit confirmation.

Least privilege

System and service users with minimum necessary access; SSH keys where applicable; firewall with explicit ports; secrets off chat and off plain tickets.

  • Separate accounts for operations vs. application use when the environment requires it.
  • Secret rotation and storage per agreed project policy.
  • Enterprise teams can tighten this in a scoped project—there is no “compliance mode” switch.

Segmented trust boundaries (OpenClaw / gateway)

Aligned with conservative OpenClaw-style setups: a dedicated gateway instance per trust environment, dedicated assistant channels or numbers, and crisp separation between contexts.

  • Isolate instances when you need strong separation between contexts (for example work vs. personal).
  • Document what connects to what and where traffic terminates (host vs. third-party APIs).
  • For day-to-day operational detail, the operations & trust page carries the diagram and runbook excerpt.

Backup, restore, and responsibilities

RPO/RTO targets and restore drills depend on plan and environment. We write them down; you retain responsibility for data in third-party accounts we do not host.

  • Blackrack: volume and configuration backups within managed scope; restore drills per plan.
  • Customer: cloud account access, domains, and LLM API billing for models you use.
  • Exit: coordinated handoff and export so you can operate without us (see also the operations page).

What we do not claim here

We do not publish “we are HIPAA / SOC 2 / ISO certified” unless a report or contract exists scoped to your case. If your industry requires it, we treat it as discovery and a signed proposal.

This page describes typical practices and engagement options, not legal advice. What binds is the signed contract or proposal for your environment.