Privacy Policy

Last updated: 28 March 2026

Overview

CloakAI is designed with privacy as a fundamental principle. This policy explains how we handle your data and protect your privacy when you use our software and services.

CloakAI is developed and operated by Chapman AI Ltd, a company registered in the United Kingdom.

Data We Do Not Store

CloakAI is designed to minimise data collection and retention. We do not:

  • Store your documents, files, or conversation content on our servers
  • Log, retain, or record your prompts or AI responses after processing
  • Use your data for profiling, model training, or any secondary purpose
  • Sell any data to third parties

Data Storage

The following data is stored securely:

  • Conversation history: All conversations are stored in an encrypted vault that only you have the key to access. Messages are encrypted in your browser before being stored. When you send a message for AI processing, its content is transmitted via our stateless relay but is not retained in readable form on our servers. You can delete your conversation history at any time.
  • Settings and preferences: Your application settings are stored locally.
  • Licence key: Your licence key is stored locally in encrypted form for subscription validation.

Data We May Collect

We may collect minimal, anonymised data for product improvement:

  • Usage analytics: Anonymous usage statistics such as feature usage counts, app opens, and crash reports. This data does not contain any content from your conversations or documents.
  • Account information: If you create an account or subscribe, we collect the information necessary to manage your subscription (email address, payment information processed by our payment provider).

You can opt out of analytics collection in the application settings.

How We Use Your Data

The limited data we collect is used to:

  • Manage your subscription and provide customer support
  • Improve the product based on aggregate usage patterns
  • Send important product updates and security notices

We do not use your data for advertising purposes.

How Your Data Is Processed

When you send a message, CloakAI transmits your request via a stateless relay hosted in the UK (London). This relay forwards your request to the configured AI service in the EU (Sweden) for processing and returns the response to your device.

  • The relay is stateless: it does not log, store, or retain your requests or responses
  • Data is encrypted in transit using modern TLS protocols
  • Your data is never used for profiling, model training, or any secondary purpose

Web Search

CloakAI offers an optional web search feature for Vault subscribers. When the AI uses web search:

  • Search queries are routed through our stateless relay server, which acts as an anonymising proxy — no user identifiers, IP addresses, or device information are shared with the search provider
  • Search queries and results are not logged, stored, or retained on our servers
  • Search results are displayed during your session only and are not stored in your encrypted vault
  • The search feature is available only to authenticated Vault subscribers

Data Security

We implement appropriate security measures including:

  • Zero-knowledge encrypted vault — all conversations are encrypted in your browser before storage, and the server only ever sees ciphertext
  • Secure HTTPS connections for all network communications
  • Regular security reviews and updates

Your Rights

Under applicable data protection laws, you have rights regarding your personal data, including:

  • The right to access your data
  • The right to correct inaccurate data
  • The right to delete your data
  • The right to data portability
  • The right to object to certain processing

Since your conversation data is stored in an encrypted vault that only you can access, you can exercise many of these rights directly through the application.

Data Retention

Your encrypted vault data remains accessible to you until you delete it. Account and subscription data is retained for as long as necessary to provide the service and comply with legal obligations.

For server-side processing, CloakAI operates a strict zero-retention policy. No prompts, responses, or conversation content is stored, logged, or retained on our servers after processing is complete.

Children's Privacy

CloakAI is not intended for use by children under 16. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes through the application or by email.

Contact Us

If you have questions about this privacy policy or your data, please contact us at hello@usecloakai.com.

Chapman AI Ltd
34 High Street, Walsall, West Midlands, England, WS9 8LZ