Your keys, your data, your control. Here's exactly how we protect them.
All API keys are encrypted using AES-256-GCM before storage. Even in a database breach, your keys are useless without our encryption key.
API keys never appear in server logs, error reports, or analytics. We mask keys everywhere they're displayed.
Keys are only decrypted in-memory at the moment you initiate a voice session. They're never cached or kept in memory after your call ends.
Your Gemini voice key connects directly from your browser to Google. It never passes through our servers.
Voice transcripts and screen share data are processed in real-time and not stored on our servers.
Screen share content is analyzed in the moment and immediately discarded. We never save screenshots or recordings.
All data in transit is encrypted via TLS 1.3.
Delete your account and all associated data is immediately and permanently purged. Keys, sessions, everything.
Update or remove your API keys at any time from Settings.
No third-party analytics, no ad trackers, no cookies beyond essential session management.
If you have security concerns or want to report a vulnerability, email security@clawler.ai