Security & Responsible Disclosure

Last updated June 2, 2026

Cloackit takes the security of the platform and your data seriously. This page summarizes our measures and how to report issues responsibly.

Our measures

Encryption in transit (TLS) for the dashboard, API, and hosted pages.
Hashed passwords and scoped API keys you can rotate at any time.
Least-privilege access controls and activity logging.
Regular dependency and infrastructure updates.

Reporting a vulnerability

If you discover a security issue, please report it privately to security@cloackit.com before disclosing it publicly. Include enough detail to reproduce it.

Safe harbor

We will not pursue good-faith security research that respects user privacy, avoids service disruption and data destruction, and gives us reasonable time to remediate.

Out of scope

Do not run denial-of-service tests, access other users' data, or social-engineer our staff or customers.

More policies

Terms of Service Acceptable Use Policy Privacy Policy Cookie Policy Data Processing Addendum Refund & Cancellation Policy Disclaimer Copyright / DMCA Policy Service Level Commitment Subprocessors AML & KYC Policy Anti-Spam & Communications Policy Fair Use & Rate Limits Accessibility Statement Children's Privacy