cloak.business

Security & Compliance

Enterprise-grade security with ISO 27001:2022 certification, GDPR compliance, and German data residency. Your data protection is our top priority.

ISO 27001:2022
Certified
GDPR
Compliant
Made in Germany
EU Data Residency
AES-256-GCM
Encryption

Security Features

Comprehensive security measures at every level of our infrastructure

ISO 27001:2022

Certified information security management system with comprehensive policies and controls.

View Security Details

GDPR Compliance

Full compliance with EU General Data Protection Regulation including DPA support.

View Security Details

German Infrastructure

All data processed in Hetzner's ISO 27001-certified data centers in Germany.

View Security Details

Encryption

TLS 1.2+ in transit, AES-256-GCM at rest. Your data is encrypted at every step.

View Security Details

Two-Factor Auth

Optional 2FA with TOTP or email codes for enhanced account security.

View Security Details

How We Handle Your Data

Transparency is key. Here's exactly what happens to your data.

We Do

  • Process your text in memory only
  • Encrypt all data in transit (TLS 1.2+)
  • Encrypt sensitive data at rest (AES-256-GCM)
  • Maintain audit logs for compliance
  • Process data only in Germany (EU)

We Don't

  • Store your original text content
  • Train AI models on your data
  • Send data to Meta, Google, or any third-party AI provider
  • Transfer data outside the EU
  • Keep logs of processed content

Frequently Asked Questions

Where is my data processed?

All data is processed on ISO 27001:2022 certified servers in Falkenstein, Germany (Hetzner). Data never leaves the EU. No third-party sub-processors handle your text data.

Is cloak.business GDPR compliant?

Yes. We are fully GDPR compliant with a dedicated Data Processing Agreement (DPA), EU-only data residency, and transparent data handling. We process data as a data processor on your behalf.

Does cloak.business store my text data?

No. Text submitted for analysis is processed in memory and immediately discarded. We do not log, store, or retain any text content. Only metadata (token counts, timestamps) is stored for billing.

What encryption standard is used?

All data in transit uses TLS 1.3. Reversible encryption uses AES-256-GCM with user-held keys (zero-knowledge architecture). The Desktop App uses XChaCha20-Poly1305 for local vault encryption.

Is the infrastructure ISO 27001 certified?

Yes. Our hosting provider (Hetzner) holds ISO 27001:2022 certification. The infrastructure includes dedicated servers (not shared cloud), encrypted storage, and automated security monitoring.

Need More Details?

Explore our comprehensive security documentation or contact us for specific compliance requirements.