Your personal AI agent — for anything you'd rather not do yourself
Cancels trials. Fills forms. Books travel.
Writes code. Pays bills. Asks before it clicks submit.
“Your credentials live in a room we locked ourselves out of.”
A personal AI agent that does whatever you ask — handles admin, fills forms, drives browsers, runs code. Every submit, charge, or cancel waits on a one-tap screenshot approval from you.
We’re onboarding a founder cohort first — we’ll reach out when a seat opens.
On it. Draft below — tap confirm to send.
Six portals. Four passwords. One tap from you.
How a task actually runs
Give it a task. Approve the screenshot. Done.
Hand over the chore
Paste a renewal link, drop a PDF, or chat the task. The agent reads the page, pulls the right credentials from your vault, and signs in.
parsed renewal · opened verizon.com/myaccount
Watch it fill, not submit
It completes forms, selects plans, applies codes — and pauses at the final step. You see a screenshot of the exact page before anything is sent.
form ready · waiting on approval (1/1)
One tap ships it
Approve to submit, reject to edit, or ask for a change in plain English. Receipts and confirmation numbers land back in the conversation.
approved 9:41pm · conf #A4J-20931 saved
How the vault is built
Your credentials live in a room we locked ourselves out of.
Three decisions shape every request. They are boring on purpose.
Your own isolated runtime
Solo accounts get a dedicated Google Cloud Run container. Family and Pro share one container only across the seats on that plan. Sessions, cookies, and scratch memory never cross plans.
Per-user IAM on every secret
Passwords, 2FA seeds, and payment details sit in Google Secret Manager with IAM scoped to your user ID. Our backend engineers have no read grant — attempts are denied at the Google layer and logged.
Nothing submits without you
Every form submit, charge, and cancellation stops at a human-approval gate. You see the rendered page as a screenshot and tap once. Skipping the gate is not an option we expose, even to ourselves.
Fair warnings
Four honest questions.
Four plain-spoken answers.
URL drop → the agent inspects the page, tells you what fields it sees, and asks what to fill. Credential login into saved sites. Form fill from your encrypted vault. Subscription cancellation where the portal supports it. Chat-based tasks that combine any of the above.
Not yet shipped: Plaid-powered bill tracking and email-inbox ingestion. Those are wired as stubs and turn on when we flip the flag. The homepage will say so when they're live.
It stops at the step that blocked it, saves the state, and hands the conversation back to you in plain English — “the site asked for a code I don't have” or “this portal changed its layout, I need guidance.” Nothing is half-submitted. The audit log shows the exact step it reached.
Every credential value lives in projects/go-claw-prod/secrets/user-{uuid}-{kind}-{key} inside Google Secret Manager, with IAM bindings scoped to a service account that belongs to your container only. Our Postgres database stores labels and references — never the values. If the database leaks, nothing sensitive leaks with it.
Cancel inside the app — it opens the Stripe customer portal, one click. Your subscription stays active through the end of the billing period, then stops renewing. Vault contents stay intact. Full account delete wipes every secret, every action, every row within 30 days.
Paste the next renewal.
Watch it fill. Approve the tap.
Invite-only beta today. Tell us what the agent should handle for you and we’ll reach out when a seat opens.