Platform
Most secure execution in the industry.
Isolated runtime. Encrypted secrets. Separated state.
Runtime isolation
Dedicated Worker plus container sandbox per instance. No shared process or memory.
Storage isolation
Per-instance database and R2 namespace. Cross-tenant reads blocked at the runtime layer.
Secret isolation
AES-256-GCM encrypted. Decrypted only inside the runtime. Never plaintext at rest.
Access isolation
Admin routes behind Cloudflare Access. Scoped gateway tokens for server-to-server flows.
Verified posture
On-demand pen testing probes the runtime from the outside. 24/7 operators watch between runs.
Compliance foundation
Runs on Cloudflare's SOC 2, ISO 27001, and PCI DSS attested edge. Custom Claw covers NDA specifics.
FAQ
What makes this the most secure in the industry?
Four guarantees: runtime, storage, secret, and access isolation. Every layer is enforced, not a permission check. No shared-runtime peer combines all four.
How are secrets stored?
AES-256-GCM encrypted. Decrypted only inside the runtime at request time. Never plaintext at rest.
How are instances isolated?
Each instance gets its own Worker, container sandbox, database namespace, and storage namespace. Cross-instance reads are blocked at the runtime.
SOC 2 or ISO 27001?
Cloudflare's edge holds SOC 2 Type II, ISO 27001, and PCI DSS. getclaw's own program is in progress. Specifics shared under NDA on Custom Claw.
Related: pen testing · 24/7 ops · cloud compute · routing
Ready to launch a managed instance?
Production OpenClaw or Hermes, live in under 5 minutes. Pricing starts at $20/month.