Privacy Policy

• No account. There is no sign-up, no email, no phone number, no password.
• No wallet connection on marketing pages. The landing page does not ping your wallet or request signatures.
• No seed phrase, ever. Keys are generated in your browser or on your device. They do not leave it.
• No balance data. Balances are derived from on-chain commitments that we have no ability to decrypt.
• No third-party analytics with PII. We do not embed Google Analytics, Mixpanel, Segment, or any tool that fingerprints visitors.

• Server logs. Standard HTTP logs at the CDN edge (timestamp, IP, user agent, path). Retained 14 days for abuse/DDoS mitigation, then deleted.
• Aggregate error telemetry. Crash reports are batched, IP-stripped, and deduplicated before storage. Individual users are not identifiable.
• Support correspondence. If you email us, we keep the thread. Delete on request.
• On-chain public data. Pool commitments, nullifiers, and roots are public by the nature of the blockchain. We do not "collect" them — they are simply readable from Solana.

• CDN. Traffic to this site flows through Cloudflare. Their privacy policy applies to their logs.
• BIN sponsor. When you mint and use a card, the BIN sponsor (Sutton Bank) records authorization events. That data is governed by the sponsor's own privacy policy, not this one.
• Apple / Google. If you provision a card to Apple Pay or Google Pay, they handle your device binding. Cloak does not see DPANs.

If we are served with a subpoena, court order, or other lawful request for data, we will:

1. Review it for validity with counsel and narrow its scope where legally possible.
2. Produce the minimum necessary data. In practice, this is almost always "we don't have that."
3. Notify the affected user when legally permitted. Where a gag order is attached, we publish an aggregate transparency report monthly.

Our transparency report is published at cloak.app/transparency.

This site uses localStorage and IndexedDB for your shielded keys, encrypted with a passphrase you set. Nothing about this data is transmitted. We do not use tracking cookies.

Cloak is not directed at children under 13 and we do not knowingly collect information from them. If you believe a minor has used the service, contact us and we will take appropriate steps.

Material changes are announced via the site banner and on our GitHub repository. Previous versions are archived at github.com/cloakfi/legal/privacy.

Privacy questions: privacy@cloak.app. PGP key is the same as our security contact (fingerprint published at /security).