Privacy Policy

When you register, we collect:

• Email address: for account verification, password recovery, and policy updates
• Username: your display identity on the platform (max 32 characters, alphanumeric)
• Password: stored as a bcrypt salted hash, never in plaintext
• Date of birth: to verify you are at least 13 years old (COPPA compliance)
• Invite code: used during our beta period to manage access

You may optionally provide:

• Profile avatar and icon images
• Status message

All profile information is user-provided and visible to other Cloak users.

Messages you send are encrypted on your device before they leave it. Our servers store only the encrypted ciphertext. Cloak cannot decrypt, read, or access the plaintext content of your messages. This applies to:

• Direct messages: encrypted using the Signal Protocol (Curve25519 key exchange, Double Ratchet algorithm)
• Channel and server messages: encrypted using AES-256-GCM with per-server shared keys and per-message random IVs
• File attachments: transmitted via encrypted WebTransport streams
• Voice and video calls: end-to-end encrypted using WebRTC Insertable Streams with AES-256-GCM

• Authentication tokens: JWT-based session tokens for account security (24-hour expiry)
• Email verification status: timestamp indicating when your email was verified
• Subscription status: your plan tier and payment status (payment details handled by Stripe)

If you subscribe to a paid plan, we additionally collect:

• Billing address: street address, city, state, postal code, and country — stored by Stripe and on our servers to process your subscription
• Payment history: transaction amounts, payment status (succeeded or failed), and timestamps — stored on our servers for your records
• Stripe customer ID: a unique identifier linking your Cloak account to your Stripe customer record

Card summary details (brand, last 4 digits, and expiration date) are retrieved from Stripe for display in your account settings but are not stored on Cloak's servers.

If you submit feedback or a report, we collect:

• Your user ID and username
• Feedback type and message content
• Optional attachments or screenshots you choose to include
• For reports: the reported user's information and your notes

• Your real name or phone number
• Browser fingerprints, cookies, or tracking pixels
• Browsing behavior, page views, or session analytics
• Contact lists from other services
• IP addresses (we do not log IPs)

We do not use Google Analytics or any other third-party tracking software on our website or in our application.

• Direct messages use the Signal Protocol, employing Curve25519 key exchange and the Double Ratchet algorithm for forward secrecy
• Server and channel messages use AES-256-GCM with a random initialization vector (IV) generated for each message
• Voice and video use end-to-end encryption via WebRTC Insertable Streams, ensuring media is encrypted before leaving your device

Your encryption keys are stored locally on your device, encrypted using your operating system's keychain (macOS Keychain, Windows DPAPI, or Linux Secret Service). Keys are never sent to or stored on Cloak's servers.

When you first set up your account, a 64-character secret key is generated. This key is required for identity recovery and can be exported as a PDF. If you lose this key and lose access to all your devices, your encrypted data cannot be recovered. Cloak does not have a copy of your secret key.

Passwords are hashed using bcrypt with an automatically generated salt before storage. We never store passwords in plaintext. Password requirements include a minimum of 10 characters with at least one uppercase letter, one number, and one special character.

All communication between your device and our servers uses HTTP/3 WebTransport over TLS 1.3, providing both encryption in transit and low-latency real-time messaging.

Processes subscription payments. Your billing address is stored on our servers and shared with Stripe. Card summary information (brand, last 4 digits, expiration) is retrieved from Stripe to display in your account settings but is not stored on Cloak's servers. Your Stripe customer ID is stored to manage your subscription, and payment amounts and statuses are stored locally for your transaction history.

Privacy policy: https://stripe.com/privacy

Delivers transactional emails including account verification, password recovery, and subscription receipts. Only your email address and the email content are shared.

Privacy policy: https://resend.com/legal/privacy-policy

Cloak uses BugSplat for crash reporting. This is fully opt-in. By default, no crash data is sent. You can control this in your user settings:

• Off (default): no crash data is sent
• On: crash logs, stack traces, app version, and basic OS information are sent to BugSplat

You can change this setting at any time.

Powers GIF search within the application. Your search queries are sent to Tenor's API. GIF favorites are stored on our servers, not shared with Tenor.

You additionally have the right to:

• Request a copy of your personal data
• Object to processing of your data
• Request restriction of processing
• Data portability: receive your data in a machine-readable format
• Withdraw consent at any time
• Lodge a complaint with your local data protection authority

We do not sell or "share" (as defined by the CPRA) your personal information for cross-context behavioral advertising.

We do not collect: protected classifications, biometrics, geolocation, professional/employment info, education records, or inferences.

Your CCPA/CPRA rights:

• Right to know: what data we collect and how we use it (see above)
• Right to delete: request deletion of your data at any time
• Right to opt-out of sale: we do not sell your data, so there is nothing to opt out of
• Right to non-discrimination: we will not treat you differently for exercising your rights

To exercise any of these rights, contact us at admin@cloak.chat.