GDPR Compliance
cloak.business is designed with GDPR compliance at its core: data minimization, purpose limitation, EU data residency (Germany), and ISO 27001:2022-aligned controls.
Data Minimization & Purpose Limitation
Text submitted for analysis/anonymization is processed in memory and not stored. We use your data solely to provide the service—no training on your data, no secondary use.
EU Data Residency
All processing occurs on ISO 27001-certified Hetzner data centers in Germany. No transfers outside the EU—eliminating Schrems II concerns.
Security of Processing (Article 32)
AES-256-GCM encryption at rest (sensitive data), TLS 1.2+ in transit, RBAC, 2FA support, audit logs (no raw text), and ISO 27001:2022-aligned controls.
Data Subject Rights
- Access: request a copy of your personal data
- Rectification: correct inaccurate data
- Erasure: delete your account and associated data
- Portability: export data in a portable format
- Restriction/Object: limit or object to certain processing
- Withdraw consent: opt out of marketing at any time
To exercise your rights, please use our contact form and select "Privacy Inquiries".
Data Processing Agreement (Article 28)
Our standard DPA is available for customers. It covers processor obligations, subprocessors, TOMs, breach notification, and audit rights.
Subprocessors
Hetzner (hosting, Germany), Stripe (payments), PayPal (payments). DPAs and SCCs (as applicable) are in place.