Legal & Trust

Legal Hub

Every policy, agreement, and assurance document CloakAPI publishes. Linkable, versioned, and downloadable as PDF on request.

Last reviewed: 2026-05-23

Core agreements

Privacy Policy
What we collect, what we never see, retention, GDPR/UK-DPA basis, DSAR.
Terms of Service
Acceptable use, liability, term & termination, governing law.
Data Processing Addendum
GDPR Art. 28 processor terms, SCCs, transfer mechanism.
Business Associate Agreement
HIPAA BAA for covered entities handling PHI through CloakAPI.

Security & assurance

Security Policy
Controls, coordinated disclosure, scope, acknowledgments.
Sub-processors
Current list of vendors with access to encrypted-at-rest data.
Business Continuity Plan
RPO/RTO, failover region, DR drill cadence.
CAIQ (CSA)
Cloud Security Alliance Consensus Assessments Initiative Questionnaire.
Insurance Summary
Cyber liability, E&O, and general liability coverage at a glance.
Service Level Agreement
Uptime commitment, credits, exclusions.

Data-subject & regulatory

DSAR (Data Subject Access Request)
Self-service access & erasure with signed deletion receipts, plus the email route.
Data map & record of processing
Exactly what we hold, why, and for how long — and our GDPR Art. 30 record.
Legitimate Interest Assessment
LIA covering cold-outreach marketing under GDPR Art. 6(1)(f).