Legal · Security

Security posture.

A consolidated reference for security review teams. The operational mirror, with live disclosure programme and security.txt, is at security.cloakapi.io.

Posture version 1.4 · Reviewed 2026-04-29 · Next review 2026-07-29

1. Threat model in one paragraph

CloakAPI assumes the AI provider is an adversary. The architecture removes identifiable data on the customer device before the prompt is transmitted — in WebAssembly the customer can audit for the chat and browser extension, native Rust for the desktop app and the local proxy. The CloakAPI gateway is a blind token relay: it forwards only the tokens your device sends, never inspects or tokenises content on our servers, and never stores clear-text payload. Compromise of the gateway does not expose customer prompts or responses — there is no plaintext there to expose. Compromise of the AI provider exposes only the redacted, tokenised prompt.

2. Cryptography

Encryption-in-transit

Encryption-at-rest

Receipt-signing keys

3. Identity & access

4. Software supply chain

5. Network & perimeter

6. Vulnerability management

7. Incident response

8. Audit attestations

FrameworkStatusNext milestone
GDPR Art. 25 (by-design)DocumentedContinuous
NIS2 readinessSelf-assessed compliantRe-assess 2026-Q4
HIPAABAA available on requestOn request
PCI DSS 4.0Out-of-scope (Stripe-tokenised)n/a

9. Insurance

Cyber liability and errors & omissions (E&O) insurance: not currently carried. No policy is in force and no carrier engagement is under way today; see /legal/insurance for our coverage intent. No coverage amount is stated here until a policy is in force.

10. Reporting a vulnerability

Email security@cloakapi.io (PGP at security.cloakapi.io/pgp-key.asc) or submit via the disclosure form at security.cloakapi.io. We acknowledge within 24 hours.

Related documents