Clawbyte AI

Trust & Safety

Security

How we protect your data and our commitment to security

Overview

Our Security Commitment

Security is at the core of Clawbyte AI. We implement industry best practices to protect our infrastructure, your data, and the integrity of our security analysis.

Infrastructure

Infrastructure Security

Encryption

In Transit

All data transmitted using TLS 1.3 encryption (HTTPS)

At Rest

Database encryption using AES-256

API Communications

Encrypted connections to Solana RPC endpoints

Access Controls

Role-based access control (RBAC) for internal systems
Multi-factor authentication (MFA) for team members
Principle of least privilege for all access
Regular access audits and reviews

Infrastructure

Hosted on secure, SOC 2 compliant cloud infrastructure
Automated security patching and updates
DDoS protection and rate limiting
Isolated production and development environments
Regular backups with encrypted storage

Application

Application Security

Code Security

Regular dependency scanning for vulnerabilities
Automated security testing in CI/CD pipeline
Code review process for all changes
Static application security testing (SAST)

API Security

Rate limiting

10–50 requests/hour depending on tier

Input validation and sanitization
Protection against common attacks

SQL injection, XSS, CSRF

API authentication for enterprise users

Read-Only Analysis

Clawbyte AI performs read-only blockchain queries. We never request your private keys, seed phrases, or transaction signatures for scanning. Wallet connection is only required for optional Safety Badge minting.

Data

Data Privacy & Protection

What We Never Store

Private keys or seed phrases
Wallet passwords or authentication credentials
Full transaction histories beyond scoring needs
Personally identifiable information (PII)

Data Minimization

Wallet addresses

Public blockchain data only

Scan results and timestamps
Badge mint transactions

Public on-chain data

Retention

Scan reports

Retained for shareable links - deletable upon request

Usage logs

90 days

Security logs

1 year

Operations

Monitoring & Incident Response

Real-Time Monitoring

24/7 automated security monitoring
Anomaly detection for suspicious activity
Error tracking and alerting
Performance and uptime monitoring

Incident Response Plan

01
Detection

Automated alerts trigger investigation

02
Containment

Immediate action to limit impact

03
Assessment

Determine scope and affected data

04
Remediation

Fix vulnerabilities and restore services

05
Notification

Inform affected users within 72 hours if applicable

06
Post-Mortem

Document and improve processes

Vendors

Third-Party Security

Cloud infrastructure

Enterprise-grade security certifications

AI/ML providers

SOC 2 compliance and data protection agreements

RPC providers

Reputable Solana infrastructure providers

Automated vulnerability scanning

Dependabot + Snyk on all dependencies

Regular updates to latest secure versions

On-Chain

Smart Contract Security

Third-party security audit

Audits available upon request

Open source code for community review
Immutable after mainnet deployment
Extensively tested on devnet before mainnet

Compliance

Compliance & Certifications

SOC 2 Type IIIn Progress
GDPRCompliant
CCPACompliant
ISO 27001Planned

Research

Responsible Disclosure Policy

We appreciate the security research community and welcome responsible disclosure. If you discover a security issue, please follow these steps:

How to Report

01

Contact us privately

Email security@clawbyteai.xyz - PGP key available on request

02

Provide details

Steps to reproduce, impact assessment, and any proof-of-concept

03

Allow time for remediation

Give us 90 days to address the issue before public disclosure

04

Act in good faith

Don't access user data, disrupt services, or publicly disclose before we've patched

What We Promise

Acknowledgment

Response within 48 hours

Updates

Regular status updates on remediation progress

Credit

Public acknowledgment (if desired) after fix is deployed

No Legal Action

We won't pursue legal action for good-faith research

Bug Bounty Program

A formal bug bounty program is planned for 2026. Researchers who report critical vulnerabilities may be eligible for rewards. Stay tuned for details.

Scope

Out of Scope

Social engineering attacks against our team
Denial of Service (DoS) attacks
Rate limiting behavior

This is intentional by design

Missing security headers on non-sensitive pages
Open-source dependencies with available patches

We monitor and patch these proactively

Issues affecting outdated browsers not in our support matrix

Users

Security Best Practices

When Using Clawbyte AI

Never share your private keys or seed phrases with anyone
Only connect wallets for badge minting

Not required for scanning

Use official wallet extensions

Phantom, Solflare - from verified sources only

Verify the domain before wallet connection
Review transaction details before signing badge mints

General Wallet Security

Use hardware wallets for large holdings
Enable multi-signature for treasuries
Regularly scan your wallets for security posture changes
Be cautious of phishing attempts and fake websites
Keep your devices and browsers updated

Contact

Questions?

Security issuessecurity@clawbyteai.xyz
Support channels