The short version
- Cloak captures audio and screenshots only while you're using it.
- Everything captured stays on your Mac unless you send a prompt to a configured AI provider.
- We do not sell, share, or train on your data. We could not — we do not have it.
- We collect a small amount of anonymous telemetry that you can disable in Settings.
Data we never touch
The following stays exclusively on your device, in your local app data folder and the macOS Keychain:
- Raw audio buffers from the microphone or system audio.
- Screenshots and screen-region captures.
- Live and historical transcripts.
- Conversation history and meeting summaries.
- Bring-Your-Own-Key API credentials.
- Your resume, job description, and any documents you load into Cloak Pro Workspace.
Data we process when you send a prompt
Cloak is an AI client. When you ask it a question, the prompt and any attachments need to reach a model. The path depends on the provider you configure:
- BYOK (OpenAI, Anthropic, Google, Groq): Your prompt goes from your Mac directly to the provider's API over TLS using your key. Cloak does not see or proxy this traffic. Their privacy policy applies.
- Managed Cloak tier: Your prompt is sent to our Cloudflare Worker, which attaches an upstream model key and forwards it. We do not log the prompt or response body. We log request metadata (timestamp, model, token counts) for 30 days for billing and abuse prevention, then delete it.
- Speech-to-text: If you pick a hosted STT engine (ElevenLabs, Groq, Google Cloud STT, or hosted Whisper), short audio chunks are sent to that provider for transcription. Local Whisper avoids any network call.
Accounts, licenses, and payments
If you buy Cloak Pro, our licensing service stores the email address you provided at checkout, a hashed license key, your plan tier, and your activation history (machine fingerprint + first / last activation timestamps). This lets us validate seats and let you move between machines.
Payments are handled by our payment processor (Stripe). Cloak never sees your card number; we only receive a webhook confirming a successful charge tied to your customer ID.
Telemetry
Cloak sends anonymous, aggregate event counts to PostHog so we can understand which features are used and which are broken. Specifically:
- App launch, version, OS version, locale.
- Feature used (e.g. "speech_manual_answer_clicked") with no payload.
- Error type and stack frame (no user content).
We do not send the contents of prompts, transcripts, screenshots, or model responses. You can disable telemetry in Settings → Privacy. Telemetry is opt-out, not opt-in, because launch-level signals are how we keep crash-on-startup bugs from sitting unpatched.
Third-party services we use
- Cloudflare — DNS, edge CDN, and the managed-tier API worker.
- Stripe — payment processing for Cloak Pro.
- PostHog — anonymous product telemetry.
- GitHub — source distribution, releases, update checks, and issue tracking.
- Your chosen AI / STT provider — when you send a prompt.
Your rights
Because the bulk of your data never leaves your Mac, you control it directly. You can:
- Clear all local transcripts and history in Settings → Data → Erase.
- Uninstall Cloak (drag-to-Trash) and remove the app data folder at
~/Library/Application Support/com.cloak.app/. - Email hvsolanki27@gmail.com to request deletion of your Pro account, license history, and any associated billing records.
Children
Cloak is not directed at children under 13 and we do not knowingly process data from children.
Changes to this policy
If we materially change what we collect or how, we will update this page and bump the "Updated" date at the top. Major changes will also appear in release notes.
Contact
Questions or concerns: hvsolanki27@gmail.com.