Sigil is your personal MCP — one secured endpoint every AI you use connects through. Apply your sigil to grant access on your terms. Revoke it whenever you choose. Scoped, time-bound, audited.
Sigil is a credential-management application for personal AI assistants. It lets a user securely connect their AI tools — including Claude Desktop, OpenClaw, Cursor, and ChatGPT — to their Google account and other services, without giving those AI tools direct access to the user's Google data.
When a user connects a Google account to Sigil, Sigil acts as a permission layer between the user's Google data and the user's AI assistants. The user grants narrow, time-bound permissions through Sigil — for example, allowing an AI to send a single email on the user's behalf, rather than granting the AI read access to the user's entire inbox.
Every action a user's AI takes through Sigil is recorded in an audit log accessible to the user in real time. Sigil itself does not access, store, or process Google data on its own behalf — every API call is initiated by a user-authorised AI assistant at the user's direction.
calendar scope.
Sigil's data handling, retention, and deletion practices are described in detail in our Privacy Policy (https://joinsigil.com/privacy). Sigil's security model — including how user OAuth tokens are encrypted, who can decrypt them, and what to do if you find a flaw — is documented in our Security Policy (https://joinsigil.com/security). Sigil's Terms of Service are at https://joinsigil.com/terms.
Sigil is the one place you keep your data for AI to use. Plug Gmail, Calendar, your bank — anything — into Sigil once. Every AI you use connects through Sigil with your permission. One audit trail. One revoke button. Every AI.
Autonomous AI agents now sit on your laptop with raw access to your email, calendar, files, banking, and identity. They hold your OAuth tokens in plaintext. They run skills downloaded from the internet. They follow instructions hidden inside the web pages they read.
When one of them gets compromised — and they do, daily — the blast radius is everything. An attacker who hijacks the agent can drain accounts, send messages, read everything you have ever written. Your credentials were never meant to live inside a system that takes commands from strangers.
The fix is the same one operating systems learned forty years ago. Stop giving the agent the keys. Give it a key holder.
Sigil is a personal MCP server, managed for you. It holds your credentials, your identity, and your permissions in one place. Every AI you use connects to Sigil for what they need, when they need it — and you decide what is allowed.
OAuth tokens, API keys, and access secrets live inside Sigil. Agents query Sigil; they never see the keys. Prompt injection cannot exfiltrate what the agent does not have.
Grant your AI permission to read this calendar, send no email, spend up to this amount — for one hour, one week, or until you say otherwise. Withdraw any grant in a single click.
See every action your AI takes on your behalf, the moment it happens. Anomaly alerts when an agent behaves out of character. The visibility autonomous tools have never given you.
Sigil is built to disappear into your workflow. You will not feel it most of the time. You will be glad it is there the rest.
Link Gmail, Calendar, Files, and the other places your AI needs to reach. OAuth handled cleanly — credentials never touch your devices.
Claude, ChatGPT, Cursor, OpenClaw — each AI gets its own connection to Sigil, with its own permissions and its own audit trail.
Grant each AI the access it needs, on the terms you set. Scopes, time limits, spending caps, step-up approvals for sensitive actions.
A live feed of every action your AIs take. Revoke a grant the moment something looks wrong. Sleep better knowing exactly what is running on your behalf.
OpenClaw's integrations work great inside OpenClaw. The moment you also use Claude Desktop, or Cursor, or whatever ships next, you're reconnecting Gmail four times — and there's no single place to see what all of them did, or to revoke them all at once.
Sigil is the layer underneath every AI. Connect Gmail once. Every agent borrows from Sigil with the permissions you set. One audit log. One off-switch.
One-tool MCP servers (Gmail-only, Calendar-only, Bank-only) end with you running eight processes on your laptop, each holding tokens, each its own little failure mode. Most have no audit, no permission layer, and no way to revoke a single agent without tearing the whole thing down.
Sigil is the aggregation point: one MCP, every connector. Managed hosting. Tokens encrypted at rest with hardware-backed keys. Permissions and audit baked in. Free for personal use.
They might. But you wouldn't want them to. The whole point of Sigil is being neutral — your data lives in a layer that isn't owned by your AI vendor.
The same reason you wouldn't want your password manager built by Google or Apple, you don't want your AI permission layer owned by the company whose agents are asking for access. Sigil is on your side of the table.
If you use exactly one AI tool, you don't share data across devices, and you don't need an audit trail — your AI's native integrations are simpler and free. Sigil is for people who use two or more AI tools, teams who need a single compliance surface, or anyone who wants one button to revoke every agent at once.
The team behind Maturo.ai, the AI-native SaaS generator on Azure Marketplace. We have shipped production infrastructure for real customers. Sigil applies the same discipline to the layer above the AI itself.
Private beta opens in June 2026. Early access prioritises power users of OpenClaw, Claude, Cursor, and ChatGPT. Tell us where to reach you.