Infrastructure Overview
Last Updated: 2026-02-12
Data Center Location#
All cloak.business infrastructure is hosted exclusively in Germany, European Union. This guarantees full EU data residency for all customer data, with no data transfers outside the European Economic Area (EEA).
| Attribute | Detail |
|---|---|
| Location | Germany, EU |
| Data center certification | ISO 27001:2022 certified facility |
| Data residency | All processing and storage within Germany |
| Jurisdiction | Subject to GDPR and German federal data protection law (BDSG) |
Architecture#
cloak.business uses a microservices architecture with dedicated services for each processing function. This design provides isolation between components, independent scaling, and fault containment.
Core Services#
| Service | Function |
|---|---|
| Analysis Service | Detects PII entities in submitted text using pattern-based recognizers and NLP models |
| Anonymization Service | Applies anonymization operators (replace, redact, hash, encrypt, mask) to detected entities |
| Image Processing Service | Performs OCR text extraction and PII redaction on uploaded images |
| Structured Data Service | Processes structured data formats (CSV, spreadsheets) for PII detection and anonymization |
| Web Application | Serves the user-facing web interface with server-side rendering |
| API Gateway | Handles MCP and programmatic API access with authentication and rate limiting |
Design Principles#
- Service isolation -- Each processing service runs independently; a failure in one does not affect the others
- In-memory processing -- Submitted text and images are processed in server memory only; no customer content is written to disk
- Stateless processing -- Analysis and anonymization services do not maintain state between requests
- Encrypted communication -- All inter-service and external communications use encrypted channels
Request Limits#
The Analysis Service enforces backend request limits to prevent resource exhaustion and ensure fair usage across all clients.
| Limit | Value |
|---|---|
| Entity types per request | 250 |
| Custom recognizers per request | 50 |
| Regex patterns per recognizer | 10 |
| Context words per recognizer | 30 |
| Total regex patterns per request | 200 |
Requests exceeding these limits receive a validation error. Limits are discoverable via the /limits API endpoint.
Availability#
| Metric | Target |
|---|---|
| Uptime SLA | 99.9% |
| Planned maintenance | Scheduled outside peak hours with advance notice |
| Health monitoring | All services continuously monitored with automated health checks (5-minute interval, 15-second timeout) |
| Auto-recovery | Services automatically restart on failure with configurable restart delay |
Backups#
| Aspect | Detail |
|---|---|
| Schedule | Automated daily backups |
| Retention | Multiple retention periods for different data categories |
| Encryption | Backups are encrypted at rest |
| Recovery testing | Backup restoration procedures are tested regularly |
| Scope | Database, configuration, and application state |
Note: Submitted text and images are never backed up because they are processed in memory only and not stored.
Monitoring#
| Capability | Description |
|---|---|
| Service health checks | Continuous automated monitoring of all services |
| Performance metrics | Response times, throughput, and resource utilization tracked |
| Error alerting | Automated alerts for service errors, failures, and anomalies |
| Security monitoring | Access logging, intrusion detection, and anomaly detection |
| Uptime monitoring | External availability monitoring with notification on downtime |
Monitoring operates 24/7 with automated alerting to ensure rapid response to any issues.
Security#
Network Security#
- Encrypted connections -- All external traffic is encrypted using TLS 1.2/1.3 with ECDSA certificates, forward secrecy (X25519/ECDHE), and modern AEAD ciphers only (AES-256-GCM, CHACHA20-POLY1305)
- Firewall protection -- Network-level access controls restrict traffic to authorized services only
- DDoS mitigation -- Protection against distributed denial-of-service attacks
- Service isolation -- Backend processing services are not directly accessible from the public internet
System Security#
- Regular patching -- Security updates are applied promptly to all system components
- Hardened configuration -- Systems are configured following security best practices with unnecessary services disabled
- Access control -- Administrative access is restricted and requires strong authentication
- Audit logging -- All administrative actions and security events are logged
Application Security#
- Input validation -- Comprehensive validation and sanitization of all user inputs, with Pydantic model constraints and backend-enforced request limits
- Authentication -- Secure password hashing, optional multi-factor authentication, cryptographically signed session tokens
- Rate limiting -- Per-endpoint rate limiting prevents abuse (60 req/min API, 5 req/s auth endpoints)
- Content security -- Full Content-Security-Policy with nonce-based script sources, X-Frame-Options, X-Content-Type-Options, HSTS with preload, Permissions-Policy, COEP, CORP, COOP headers
- Penetration tested -- Regular external pentesting with industry-standard tools (nmap, testssl.sh, nikto, sqlmap, nuclei)
NLP and AI Models#
All AI and machine learning models used by cloak.business run entirely on our own servers in Germany. No customer data is sent to any third-party AI provider.
| Aspect | Detail |
|---|---|
| Model hosting | All models hosted on cloak.business infrastructure |
| Third-party AI services | None -- no data sent to external AI/ML providers |
| NLP engines | Multiple NLP engines for named entity recognition across languages |
| OCR engine | Text extraction from images with support for 37 languages |
| Model updates | Models are updated on our servers; no external API calls during processing |
This self-hosted approach ensures that:
- Customer text is never transmitted to external model providers
- Processing latency is minimized (no external API round-trips)
- Data residency guarantees are maintained end-to-end
- The platform remains fully operational independent of third-party AI service availability
Updates and Maintenance#
| Practice | Detail |
|---|---|
| Security patches | Applied promptly upon release; critical patches applied within 24 hours |
| Platform updates | Regular feature and improvement releases |
| Dependency management | Third-party libraries monitored for vulnerabilities and updated as needed |
| Change management | All changes follow a documented change management process |
| Rollback capability | Deployment procedures support rapid rollback in case of issues |
Compliance#
The infrastructure is designed and operated to support compliance with:
- ISO 27001:2022 -- Information Security Management System certification
- GDPR (EU) 2016/679 -- General Data Protection Regulation
- BDSG -- German Federal Data Protection Act
- EU Data Residency -- All data remains within Germany/EU
Document maintained by cloak.business Contact: support@cloak.business