Join the alpha

Security

ESCLAVE is built for bounded desktop automation on real machines. This page explains how local execution, account access, stored data, payments, and abuse controls are handled in plain operational terms.

Local desktop execution

Automations run on the user's own machines through CLAVE. ESCLAVE does not operate like a cloud remote-control service that takes over a desktop from a remote browser session.

That matters because execution stays tied to the user's own environment, permissions, and on-device context. ESCLAVE coordinates the product surface around those runs, but routine execution does not depend on remote screen streaming and the desktop execution boundary remains local.

Account and access security

  • Email-based accounts are used to identify users and control access to ESCLAVE services.
  • Optional two-factor authentication (2FA) is available in the app for additional account protection.
  • Sensitive account, billing, and management actions are gated behind access checks, and if those checks do not pass the action does not proceed.
  • Users should still protect their email accounts and keep their devices updated, since local machine security remains part of the overall posture.

Data and storage protections

ESCLAVE stores account data, automation metadata, and billing or purchase records in managed infrastructure. Reporting and telemetry are designed to be metadata-first, such as what ran, when it ran, and whether it completed, rather than public logs of everything shown on screen.

Sensitive report artifacts are not treated as public assets. Access to stored data and operational surfaces is limited with least-privilege controls so people and systems only receive the access they need.

Payments and billing security

Payments are processed by Stripe. ESCLAVE never stores card numbers or CVV.

Billing and purchase handling stay behind verified application flows and controlled access paths rather than informal manual handling. See the Economy page for how the automation economy works.

Application and platform hardening

ESCLAVE uses safer handling when opening external links and related outbound content so routine actions do not silently hand off control to unsafe destinations.

Known unsafe URL schemes and similar risky content paths are blocked rather than opened. The goal is to reduce avoidable risk while keeping normal workflows predictable.

Responsible use and abuse

ESCLAVE enforces acceptable-use rules and may remove content, restrict features, or suspend accounts used for malware, abusive automation, illegal activity, credential abuse, or attempts to bypass security controls. See the Terms for full details.

Contact for security questions

If you have a security question, concern, or vulnerability report, email [email protected] with "Security" in the subject line.