Built for Security

CloakAI processes your requests via a stateless relay hosted in secure EU infrastructure (Sweden). Data is encrypted in transit and discarded immediately after processing—nothing is logged, stored, or retained on our servers.

Your conversations are stored locally on your device, not on our servers. This means there is no server-side data to breach, subpoena, or misuse.

Sensitive data stored locally, such as API credentials, is encrypted using industry-standard encryption algorithms. Even if someone gained access to your device, this data would remain protected.

All network communications from CloakAI use HTTPS with modern TLS protocols. This includes licence validation, update checks, and any optional connections you configure.

We use certificate pinning for critical connections to prevent man-in-the-middle attacks.

We do not log, track, or analyse the content of your conversations or documents. Your prompts and responses are transmitted for processing but are never retained, logged, or stored on our servers.

Optional anonymised usage analytics (which you can disable) contain only aggregate metrics like feature usage counts—never your actual content.

All CloakAI releases are digitally signed by Chapman AI Ltd. The application verifies signatures before installing updates to ensure you receive only authentic software.

We provide SHA256 checksums for all downloads so you can independently verify file integrity.

If you discover a security vulnerability in CloakAI, please report it to us at security@usecloakai.com. We take all reports seriously and will respond promptly.