Trust Portal

Every artefact.
One index.

This page is the single source of truth for CloakAPI's compliance, legal, and security documentation. Each row shows the artefact, its honest status, a link, and when it was last updated. Nothing is inflated.

Procurement packet request

If you need a curated PDF packet for internal procurement review, a custom vendor questionnaire response, or an evidence package for a specific control, contact trust@cloakapi.io. We respond to enterprise procurement requests within 2 business days.

01 — Compliance & Certification

Compliance artefacts

The documents and controls that exist today. We publish what's real and won't display an attestation we don't hold.

ArtefactStatusUpdatedAction
PCI DSS v4.0
Payment card industry data security standard
Out of scope (SAQ-A) 2026-07-10 Details
HIPAA BAA
Business Associate Agreement template — free for any customer to download
Published 2026-05-01 Open
CAIQ-lite (CCM v4)
Cloud Security Alliance self-assessment, 50 controls
Published 2026-05-01 Open
02 — Legal & Contractual

Legal Documents

Contracts, templates, and data agreements available now.

ArtefactStatusUpdatedAction
Terms of Service
Master service agreement covering gateway, portal, and desktop client
Published 2026-05-01 Open
Privacy Policy
Data collection, GDPR basis, retention windows, your rights
Published 2026-05-01 Open
Data Processing Addendum (DPA)
GDPR Article 28 — pre-signed template, request counter-signed copy
Published 2026-05-01 Open
HIPAA Business Associate Agreement
BAA template — free for any customer to download and counter-sign
Published 2026-05-01 Open
Sub-processor List
All sub-processors, region, purpose, 30-day change notifications
Published 2026-05-01 Open
03 — Service & Operational

Service Commitments

Uptime, performance, support tiers, credits, and disaster recovery.

ArtefactStatusUpdatedAction
Service Level Agreement (SLA)
99.9% uptime target, p95 ≤500ms latency, credits, support tiers
Published 2026-05-01 Open
Business Continuity & DR Plan
Architecture, backups, RTO 4h / RPO 6h, annual DR drill
Published 2026-05-01 Open
Live Status Page
Real-time service health, incident history, postmortems
Live Real-time Open ↗
04 — Security

Security Posture

Security policy, vulnerability disclosure, and independent verification tools.

ArtefactStatusUpdatedAction
Security Policy
Acceptable use, incident response, key management, access control
Published 2026-05-01 Open ↗
Vulnerability Disclosure Policy
Coordinated disclosure, safe harbour, scope, hall of fame
Published 2026-05-01 Open ↗
Receipt Verifier
Verify any CloakAPI cryptographic receipt offline — no account needed
Live Real-time Open ↗
Transparency Log
Append-only per-tenant seed feed for signing key rotation audit
Live Real-time Details
Page maintained by trust@cloakapi.io. Status reflects current state as of each row's "Updated" date. Subscribe to change notifications: email trust@cloakapi.io with subject "Trust portal notifications".