Security
How RobinClaw isolates, encrypts and audits your data.
Isolation
Every Operating System receives isolated signing keys and its own wallet. A compromise in one OS never cascades to another. Data is partitioned per workspace and enforced with row-level security.
Encryption
- In transit: TLS 1.3.
- At rest: AES-256.
- Secrets live in a dedicated vault and are never returned in plaintext - the API returns masked values only.
Access control
Role-based access control governs who can view and operate each OS. Enterprise workspaces support SSO/SAML and SCIM provisioning.
Auditing
Every deployment, configuration change and agent run is written to an immutable log. Filter it in the console under Logs, or export it to your SIEM.
Data model
The persistence layer is Postgres (via Supabase) with RLS policies keyed on owner_id. The reference schema - including policies and a signup trigger - ships with the platform.
