Blog.

Writing on privacy-preserving AI, PII tokenisation, verifiable cryptographic receipts and GDPR — how CloakAPI keeps personal data out of AI providers, and how we build it.

All Engineering Trust Spec Company Postmortems Founder letters
Verifying receipts without trusting us.
Engineering

Verifying receipts without trusting us.

How ECDSA-P-256 + a public JWKS lets your auditor verify every signed receipt offline, with no CloakAPI account.

Shamir 3-of-3 key custody: why we built our own.
Engineering

Shamir 3-of-3 key custody: why we built our own.

Why no Packagist library solved our byte-compatibility requirement, and how we verified the GF(2^8) arithmetic.

Why we started CloakAPI.
Company

Why we started CloakAPI.

On the gap between "we take privacy seriously" as a marketing claim and privacy as an engineering invariant.

Subscribe to new posts. No tracking pixels, no third-party email providers.