Compliance & Regulatory Alignment

CloakAI is designed with transparency, data minimisation, security, and human oversight at its core — principles that underpin the regulations shaping AI use across the UK and EU.

EU AI Act Alignment

CloakAI is designed with the principles of the EU Artificial Intelligence Act in mind, including transparency, data minimisation, security, and human oversight.

  • Conversations are encrypted end-to-end and stored using zero-knowledge encryption
  • User data is not used for model training
  • No behavioural profiling or data resale
  • Clear user control over inputs and outputs
  • Designed to support responsible and lawful AI use within organisations

As the EU AI Act continues to be implemented, CloakAI is committed to maintaining alignment with applicable requirements and best practices.

GDPR Compliance

CloakAI's architecture is built around data minimisation and user control — core principles of the General Data Protection Regulation (GDPR).

  • Zero-knowledge encryption means we cannot access your personal data
  • Data processing is limited to stateless AI relay — no logs, no retention
  • Encrypted data is stored in the UK (London); AI processing in the EU (Sweden)
  • Users can access, export, and permanently delete their data at any time
  • No profiling, no behavioural tracking, no secondary data use
  • Optional analytics are anonymised and can be disabled entirely

For full details on data handling, see our Privacy Policy.

UK AI Regulation

As a UK-based company, CloakAI is built in line with the UK's pro-innovation approach to AI regulation and the principles set out by the UK government and relevant regulators.

  • Safety and security: zero-knowledge architecture with no master key
  • Transparency: clear documentation of how data is handled and processed
  • Fairness: no profiling, no discrimination, no opaque decision-making
  • Accountability: UK-registered company (Chapman AI Ltd) with clear contact points
  • Contestability: users maintain full control and can delete all data at any time

Data Residency

CloakAI keeps data within the UK and EU at every stage of processing.

Encrypted storage

UK (London) — Google Cloud europe-west2. Only encrypted ciphertext is stored.

AI processing

EU (Sweden) — Microsoft Azure Sweden Central. Zero data retention. No training on customer data.

Stateless relay

UK (London) — Routes requests between browser and AI service. No logs, no data retention.

Human Oversight & Control

CloakAI is an AI assistant — not an autonomous agent. Users maintain full control at every stage.

  • Users decide what to share, what to keep, and what to delete
  • AI outputs are suggestions — users review and act on them
  • No automated decision-making that affects users without their input
  • Business admins set policies, control access, and review audit logs
  • All encryption keys are held by users, not by CloakAI

Questions about compliance?

We are happy to discuss how CloakAI meets your regulatory requirements.

Contact UsView security details →