Terms of Service
Last updated: March 23, 2026
1. Acceptance of Terms
By accessing or using the Clawvisor cloud service ("the Service") or the Clawvisor self-hosted software ("the Software"), you agree to be bound by these Terms of Service. If you do not agree, do not use the Service or the Software.
2. Description
Clawvisor is a credential-vaulting gateway that sits between AI agents and external APIs. It provides credential vaulting, purpose-based authorization, human-in-the-loop approvals, and audit logging. Clawvisor is available as a hosted cloud service at app.clawvisor.com and as self-hosted software you deploy and operate on your own infrastructure. Local daemon installations connect to the Clawvisor cloud relay by default for remote access; push notifications are enabled when you pair a mobile device.
3. Accounts
To use the cloud service, you must create an account. You agree to provide accurate and complete information and to keep your account credentials secure. You are responsible for all activity that occurs under your account.
4. Your Responsibilities
- You are responsible for all actions taken through your account or instance, including actions initiated by AI agents you configure.
- You are responsible for registering your own API credentials with third-party providers (Google, GitHub, Slack, etc.) and complying with their terms of service.
- Self-hosted: You are responsible for securing your instance, including the vault key, database, and server environment.
- Relay traffic: The cloud relay is enabled by default for local daemon installations. Traffic between your daemon and connecting clients is encrypted in transit (TLS). Certain routes — including agent gateway requests, task management, and connection requests — additionally enforce end-to-end encryption, meaning the relay server cannot read their contents. Other routes, including MCP tool calls and dashboard API requests, are encrypted in transit but are readable by the relay server. Credentials stored in your local vault are never transmitted to the relay.
- Key management: You are responsible for safeguarding your daemon's cryptographic keys (
daemon-ed25519.keyanddaemon-x25519.key). Loss of these keys requires re-pairing your device. - You must not use the Service or the Software for any unlawful purpose or in violation of any applicable laws.
5. Credentials and Security
Cloud service: API credentials you store are encrypted with AES-256-GCM on our infrastructure. Credentials are decrypted only in memory during request execution and are never logged.
Self-hosted: Credentials are stored encrypted on your infrastructure. We have no access to your credentials, data, or server environment. Credentials are decrypted only in memory during request execution and are never logged.
Cloud relay: When a daemon connects to the cloud relay, all tunnel traffic is encrypted in transit via TLS. A subset of routes — agent gateway requests, task operations, and connection requests — additionally enforce end-to-end encryption between the client and daemon, making their contents unreadable by the relay. Other routes, including the MCP protocol used by IDE plugins, are protected by TLS only. Credentials stored in the local vault are never transmitted to the relay.
6. Cloud Relay and Push Notifications
Local daemon installations connect to the Clawvisor cloud relay by default for remote access. Push notifications are enabled when you pair a mobile device. These services are provided on a best-effort basis. We do not guarantee uptime, availability, or uninterrupted operation of the relay or push services.
We reserve the right to suspend or revoke relay access for any instance that violates these Terms or engages in abuse, including but not limited to: proxying traffic unrelated to Clawvisor's intended purpose, or generating excessive connection volume.
The relay is intended solely for tunneling Clawvisor gateway traffic between your daemon and authorized clients. It must not be used as a general-purpose proxy or VPN.
7. Service Availability
For the cloud service, we use reasonable efforts to maintain availability but do not guarantee uninterrupted or error-free operation. The Service may be temporarily unavailable for scheduled or unscheduled maintenance.
8. Termination
For the cloud service, either party may terminate at any time. We may suspend or terminate your access if you violate these Terms. Upon termination, your data will be deleted after a reasonable period. You may request immediate deletion by contacting support@clawvisor.com.
9. No Warranty
The Service and the Software are provided "as is" without warranty of any kind, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, and non-infringement. We do not warrant that the Service or the Software will be uninterrupted, error-free, or that it will prevent all unauthorized agent actions.
10. Limitation of Liability
To the fullest extent permitted by law, Clawvisor and its maintainers shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of data, revenue, or profits arising from your use of the Service or the Software. This includes damages resulting from actions taken by AI agents, credential exposure, or service interruptions.
11. AI Feature Disclaimers
The intent verification feature uses a third-party LLM to check whether agent requests are consistent with approved purposes. This check is best-effort and may not catch all misuse. It is not a substitute for careful task scope design and human oversight.
Chain context tracking: When enabled, the output of API calls executed on your behalf — which may include email bodies, message content, file contents, contact details, and other data returned by third-party APIs — is sent partially or in full to the configured LLM provider to extract structural references such as IDs, email addresses, and phone numbers. Credentials are never sent. Self-hosted users select their own LLM provider and are responsible for reviewing that provider's data handling policies. On the cloud service, this processing occurs within Clawvisor's Google Cloud infrastructure.
Task risk assessment: When enabled, task purpose descriptions and authorized action scopes are sent to the configured LLM for risk evaluation. This assessment is advisory and does not guarantee that high-risk tasks will be blocked.
12. Changes to Terms
We may update these Terms from time to time. Changes will be posted on this page with an updated date. Continued use of the Service or the Software after changes constitutes acceptance of the revised Terms.
13. Contact
For questions about these Terms, contact us at support@clawvisor.com.