Security & Responsible Disclosure
Security pages build trust when they stay honest. This one explains the current public-site scope, what kind of reports we want, and how to raise them responsibly.
Current scope
Cloak is early and the public site is primarily an informational and pilot-request surface. We still take security, abuse, and privacy reports seriously, especially if they affect submitted information or the public website itself.
What we are protecting
The current public surface includes the marketing site, beta request flow, and the information submitted through that form. We work to keep those systems reasonably protected, limit unnecessary access, and avoid claiming security guarantees we cannot honestly support yet.
How to report a concern
If you need to report a security or privacy concern, use the beta request path for now and clearly label the message as a security, privacy, or legal request. A dedicated public contact address will be added when launch channels are live.
Responsible disclosure
Please do not disrupt the site, access information that is not yours, or perform destructive testing. Good-faith reports that help us protect the site and its users are welcome.