Legal

Privacy Policy

Effective June 1, 2025

CloakLoc, Inc. (“CloakLoc,” “we,” “us,” or “our”) is built on a single architectural constraint: your real location data never leaves your device. This policy explains what limited information we do collect at the infrastructure level, how we handle it, and the rights you have over it.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your email address and a hashed password. We do not collect your name, phone number, physical address, or payment card details directly — billing is processed by our payment processor (Stripe) and subject to their privacy policy.

1.2 Subscription and Billing

Stripe processes all payments. We receive a customer ID, subscription status, and the last four digits of your payment method for display purposes. We never see or store full card numbers.

1.3 App Usage Metadata

To operate the service, our servers receive minimal session signals: encrypted session tokens, app version, operating system version, and a timestamp of last sync. We do not receive your GPS coordinates, cell tower data, Wi-Fi scan results, or any location-derived information. All location processing happens exclusively on your device.

1.4 Support Communications

If you contact us by email or through in-app support, we retain the content of that correspondence to resolve your issue. You may request deletion at any time.

1.5 Aggregate Analytics

We collect anonymized, aggregate counts — for example, number of active sessions per day — to operate and improve the service. This data cannot be tied to any individual user.

2. Information We Do Not Collect

  • Your real GPS coordinates
  • Your location history (real or synthetic)
  • Cell tower or Wi-Fi scan data
  • Bluetooth proximity data
  • Contacts, messages, photos, or microphone input
  • Advertising identifiers (we have no advertising SDK)
  • Behavioral or interest profiles

3. How We Use Your Information

We use account and billing information solely to:

  • Authenticate you and manage your subscription
  • Send transactional emails (receipts, password resets, service notices)
  • Respond to support requests
  • Comply with legal obligations

We do not use your information for advertising, profiling, or sale to third parties. Period.

4. Data Sharing

We share your information only in the following limited circumstances:

  • Service providers: Stripe (payments), our cloud infrastructure provider for authentication and billing infrastructure. All providers are contractually prohibited from using your data for any purpose other than providing the service to us.
  • Legal compliance: If we receive a valid, legally enforceable order requiring disclosure, we will notify you to the extent permitted by law. Because we do not hold location data, any such order cannot compel us to produce records of your movements — we do not have them.
  • Business transfers: If CloakLoc is acquired or merges with another company, user data will be subject to this same privacy policy. You will be notified of any material change.

We do not sell, rent, or trade your personal information to any third party.

5. Data Retention

Account data is retained for the duration of your subscription and deleted within 30 days of account closure upon request. Support correspondence is retained for up to 12 months, then deleted. Aggregate analytics data is retained indefinitely in de-identified form.

6. Security

All data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256. Access to production systems is restricted to a minimum number of engineers using multi-factor authentication and hardware security keys. We operate on a zero-trust internal network model.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your account and associated personal data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing where we rely on legitimate interest
  • Restriction: Request that we restrict processing while a dispute is resolved

To exercise any of these rights, email us at privacy@cloakloc.com. We will respond within 30 days.

8. California Residents (CCPA / CPRA)

California residents have the right to know what personal information we collect and how it is used, the right to delete personal information, the right to opt out of sale (we do not sell personal information), and the right to non-discrimination for exercising these rights. To submit a request, email privacy@cloakloc.com or write to us at the address below.

9. European Residents (GDPR)

For users in the European Economic Area, our lawful basis for processing personal data is: (a) contract performance for account and billing data; (b) legitimate interest for aggregate analytics; and (c) your consent where explicitly requested. CloakLoc, Inc. is the data controller. You may lodge a complaint with your local supervisory authority if you believe we have processed your data unlawfully.

10. Children

CloakLoc is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us data, contact us immediately and we will delete it.

11. Changes to This Policy

We may update this policy to reflect changes in our practices or the law. We will notify you by email and post a notice in the app at least 14 days before material changes take effect. Continued use of the service after the effective date constitutes acceptance of the revised policy.

12. Contact

CloakLoc, Inc.
Privacy Inquiries
privacy@cloakloc.com