Data & Security Boundary

"Where does my data go" is the question to answer before handing work to AI. MotiClaw's answer is a single clear boundary: inside it is your device, where data and agents live by default; outside it are exactly two kinds of requests you explicitly know about.

What always stays local

• Your library: material, notes, files, and archived chats are stored on your own device.
• Agent config and memory: every AI employee's role, skills, and working memory stay on the machine.
• Execution: task runs, intermediate artifacts, and logs do not leave the device by default.

The two kinds of network requests

• Channel traffic: messages for channels you explicitly connect (such as Feishu), scoped by what you grant at setup.
• Model calls: inference requests carry only the context needed for the current task - never a bulk upload of your library.

Three tightening levels

1. Default: MotiClaw hosted models, ready out of the box - billing covered in Plans & Limits.
2. Self-managed: bring your own model gateway or API key; model traffic runs on your own bill and compliance domain.
3. Isolated: for deliveries, deploy inside the client network with channels and model endpoints pointing at client-side infrastructure.

Acceptance advice for deliveries

• Align on the boundary first: what stays in the intranet, what egresses, and what the egress contains.
• Demo one full chain with a real task at acceptance so the client sees only task context in model requests.
• Write the boundary into the delivery doc - future scaling and audits will rely on it.