GDPR Compliance
cloak.business is fully compliant with the EU General Data Protection Regulation (GDPR). We take your privacy seriously.
Our GDPR Compliance Measures
EU Data Residency
All data is processed and stored on servers located in Germany. Your data never leaves the European Union.
ISO 27001:2022 Certified
Our infrastructure and processes are certified to ISO 27001:2022 standards, demonstrating our commitment to information security.
Data Minimization
We do not store your original text content during processing. The optional History feature is off by default; if you enable it, your saved entries are encrypted (AES-256-GCM) and can be deleted at any time. Otherwise, only necessary metadata is retained.
Security of Processing (Article 32)
AES-256-GCM encryption at rest for sensitive data, TLS 1.2+ in transit, role-based access control, two-factor authentication support, and audit logs that never contain raw text — all aligned with ISO 27001:2022 controls.
Your Rights Under GDPR
Right to Access
Request a copy of your personal data.
Right to Rectification
Correct inaccurate personal data.
Right to Erasure
Delete your account and data.
Right to Portability
Export your data in standard formats.
Right to Restriction & Objection
Limit or object to certain processing of your data.
Right to Withdraw Consent
Opt out of marketing communications at any time.
Exercise Your Rights
To exercise any of these rights, please use our contact form and select "Privacy Inquiries".
Subprocessors
We rely on a small set of vetted subprocessors: Hetzner (hosting, Germany), Stripe (payments), and PayPal (payments). Data Processing Agreements and Standard Contractual Clauses are in place as applicable.
Need a Data Processing Agreement?
Enterprise customers can request our standard DPA (Article 28). It covers processor obligations, subprocessors, technical and organizational measures, breach notification, and audit rights.
Request DPA