Minimum data.Narrowest permissions.By design.
Four guarantees, by design.
Client-only scope
We watch only the threads on your watchlist. Your bank, your family, your vendors, never touched.
Bank-grade encryption
AES-256 at rest. TLS 1.3 in transit. SOC 2-aligned controls. GDPR compliant from day one.
Client never knows
Replies send from your inbox, in your voice. No third-party branding. No fingerprints. Ever.
Your data leaves with you
Cancel any time. We send you a 12-month report of every signal we caught and every commission we protected, yours to keep.
The least-privilege table.
Exactly what we can and cannot do, written in your provider's permission terms, not ours.
| Capability | ClawbackVault |
|---|---|
| Read email metadata | Watchlist threads only |
| Read email content | In memory · never persisted |
| Send email | Never autonomously |
| Modify or delete email | Never |
| Access non-watchlist threads | Blocked at first filter |
| Trigger actions without your input | Never |
| Revoke access at any time | One click in your provider |
Process the signal. Drop the message.
Email bodies are read into volatile memory, scored, and discarded within seconds. They never hit disk.
Only signal metadata, sender, timestamp, signal type, risk band, is stored. AES-256 encrypted.
TLS 1.3 on every connection between your inbox provider, our service, and your devices.
The detail brokers actually ask about.
What happens if I remove a client from the watchlist?
They become invisible to the system immediately. Existing signal metadata is purged within 24 hours.
Where is data stored?
EU data residency by default (Frankfurt). Optional US region for North American firms.
Do you train AI models on my data?
No. Your inbox content is never used to train shared or external models, full stop.
What's your incident response window?
Confirmed incidents are disclosed to affected customers within 24 hours, with a full root-cause report within 7 days.