Skip to content
CloakAPI docs

What is CloakAPI

CloakAPI is a privacy-preserving AI gateway. You point your existing OpenAI or Anthropic SDK at https://api.cloakapi.io instead of api.openai.com / api.anthropic.com, and CloakAPI handles three things between you and the upstream model:

  1. Tokenises sensitive structures (names, emails, IDs, addresses, free-form PII) using a deterministic, privacy-preserving algorithm before any request leaves your perimeter. The provider sees <EMAIL_482> rather than alice@meridian.example.
  2. Routes requests with provider failover, cost-aware arbitrage, per-tenant quotas, and per-request rate limiting.
  3. Signs every response with an ecdsa-p256-sha256 envelope chained to the previous response, so auditors can cryptographically verify any receipt months later — using only the public JWKS at /.well-known/cloakapi-receipt-pubkeys.jwks.

Architecture in one paragraph

CloakAPI ships as a Laravel-based gateway (api.cloakapi.io) backed by PostgreSQL + Redis, fronted by a customer self-serve portal (app.cloakapi.io), a marketing surface (cloakapi.io), and an OIDC identity layer. Receipts are anchored against a public protocol spec at signedreceipts.org and verifiable from any browser at /receipt-verifier.

Compliance posture

  • SOC 2 Type II — in audit, target Q3 2026.
  • HIPAA Business Associate Agreement available on request.
  • Data residency: EU-only (Hetzner Nuremberg) by default; US and APAC available via BYOC.
  • GDPR: data minimisation by design — the gateway never persists customer payloads; only structure-level tokens.