Skip to content

GDPR Compliance

cloak.business is fully compliant with the EU General Data Protection Regulation (GDPR). We take your privacy seriously.

Our GDPR Compliance Measures

EU Data Residency

All data is processed and stored on servers located in Germany. Your data never leaves the European Union.

ISO 27001:2022 Certified

Our infrastructure and processes are certified to ISO 27001:2022 standards, demonstrating our commitment to information security.

Data Minimization

We do not store your original text content during processing. The optional History feature is off by default; if you enable it, your saved entries are encrypted (AES-256-GCM) and can be deleted at any time. Otherwise, only necessary metadata is retained.

Security of Processing (Article 32)

AES-256-GCM encryption at rest for sensitive data, TLS 1.2+ in transit, role-based access control, two-factor authentication support, and audit logs that never contain raw text — all aligned with ISO 27001:2022 controls.

Your Rights Under GDPR

Right to Access

Request a copy of your personal data.

Right to Rectification

Correct inaccurate personal data.

Right to Erasure

Delete your account and data.

Right to Portability

Export your data in standard formats.

Right to Restriction & Objection

Limit or object to certain processing of your data.

Right to Withdraw Consent

Opt out of marketing communications at any time.

Exercise Your Rights

To exercise any of these rights, please use our contact form and select "Privacy Inquiries".

Subprocessors

We rely on a small set of vetted subprocessors: Hetzner (hosting, Germany), Stripe (payments), and PayPal (payments). Data Processing Agreements and Standard Contractual Clauses are in place as applicable.

Need a Data Processing Agreement?

Enterprise customers can request our standard DPA (Article 28). It covers processor obligations, subprocessors, technical and organizational measures, breach notification, and audit rights.

Request DPA