← home

About PrivateClaw

PrivateClaw gives you a dedicated, managed OpenClaw instance running inside a Confidential VM. Your data is encrypted in memory using AMD SEV-SNP — not even the cloud provider can see it. Inference is also private, running in a separate Trusted Execution Environment. The result: end-to-end private AI, from your terminal to the model and back.

What You Get

See pricing for tier details and credit limits.

Motivation

AI coding assistants are powerful, but they require sending your code to third-party servers. For sensitive work — proprietary code, regulated industries, personal projects you want to keep private — that's a non-starter.

PrivateClaw solves this by running everything in a Trusted Execution Environment (TEE). The VM's memory is hardware-encrypted. Inference happens through a private endpoint that also runs in a TEE. Your code and prompts stay yours.

How It Works

  1. ssh privateclaw.dev — connect to the management TUI
  2. Subscribe via Stripe ($60/month)
  3. Your Confidential VM is provisioned automatically
  4. SSH directly to your VM and run openclaw onboard
  5. Use OpenClaw with complete privacy

How Privacy Works

PrivateClaw provides end-to-end privacy through two Trusted Execution Environments connected privately:

┌──────────────┐      SSH (encrypted)      ┌─────────────────────────┐
│ Your Computer│─────────────────────────▶ │ PrivateClaw Orchestrator │
│              │                            │ (billing + provisioning  │
│              │                            │  only — never sees your  │
│              │                            │  code or prompts)        │
└──────┬───────┘                            └─────────────────────────┘
       │
       │ SSH (encrypted)
       ▼
┌──────────────────────────────┐    TLS (encrypted)    ┌───────────────────────┐
│ Your Confidential VM         │──────────────────────▶│ Private Inference      │
│ (AMD SEV-SNP TEE)            │                       │ (also runs in TEE)     │
│                              │                       │                        │
│ • Memory hardware-encrypted  │                       │ • Processes your prompt│
│ • Only your SSH key connects │                       │ • Returns completion   │
│ • OpenClaw runs here         │                       │ • No data stored       │
│ • Your code & prompts live   │                       │                        │
│   here                       │                       │ Powered by Lunal       │
└──────────────┬───────────────┘                       └───────────────────────┘
               │
               │ E2E encrypted (optional)
               ▼
       ┌───────────────┐
       │WhatsApp/Signal│
       │ (messaging)   │
       └───────────────┘

How SSH Keys Work

PrivateClaw uses SSH keys as your identity — no passwords, no accounts, no email required.

  1. When you run ssh privateclaw.dev, your SSH public key identifies you.
  2. When your VM is provisioned, that same public key becomes the only key authorized to connect.
  3. No one else — not even PrivateClaw — can SSH into your machine.
  4. If you need to use a different key, you can re-register by connecting to ssh privateclaw.dev with your new key.

Architecture

Each customer gets a dedicated Confidential VM (AMD SEV-SNP). The orchestrator handles billing, provisioning, and the SSH management interface. Your VM is isolated — only your SSH key can access it.

Caveats

Help

SSH Keys

PrivateClaw requires an SSH key to connect. Most Macs do not have an SSH key pair by default.

Check if you have an SSH key:

ls ~/.ssh/id_ed25519.pub

If you see "No such file or directory", you need to create one.

Create an SSH key (one command, no interaction needed):

ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -N '' -q

Then connect:

ssh privateclaw.dev

Connection Errors

If you see Permission denied (publickey) when running ssh privateclaw.dev, it means your SSH key is not being sent. This usually happens when: