Verifying receipts without trusting us.
How ECDSA-P-256 + a public JWKS lets your auditor verify every signed receipt offline, with no CloakAPI account.
Writing on privacy-preserving AI, PII tokenisation, verifiable cryptographic receipts and GDPR — how CloakAPI keeps personal data out of AI providers, and how we build it.
How ECDSA-P-256 + a public JWKS lets your auditor verify every signed receipt offline, with no CloakAPI account.
Why CloakAPI is outside the HIPAA BA definition, and how we maintain that by never receiving plaintext.
The sub-tag system lets receipt consumers understand what happened at each layer without a CloakAPI account.
Why no Packagist library solved our byte-compatibility requirement, and how we verified the GF(2^8) arithmetic.
On the gap between "we take privacy seriously" as a marketing claim and privacy as an engineering invariant.
Moat 11 explained. What the K3 cross-tenant isolation guarantees, and what the honest residual risk is.