Cloak encrypts files, manages software-sandbox or HSM-backed keys, applies DRM policy, and signs documents — automatically, on behalf of your team and your AI agents. File encryption and KMS key operations return signed audit receipts today; Vault and Batchsign receipts are coming.
{
"actor": "claude-desktop / agent-session-A7F2",
"operation": "file_protected",
"file_type": "pdf",
"policy": "professional-workspace-v2",
"key_ref": "kms://kms.cloakapps.com/keys/k-9a3b",
"timestamp": "2026-04-30T09:14:22Z",
"receipt_id": "rcpt_4xKmP9vLq2Yw",
"signature": "MEYCIQDx4... (AATL)",
"verify_url": "https://cloakapps.com/verify/rcpt_4xKmP9vLq2Yw"
}Cloak Files and Cloak KMS operations produce a tamper-evident signed receipt — human or agent. Vault and Batchsign receipts coming soon.
The same friction that stopped file encryption before — agents remove it entirely.
Protect client tax files, payroll records, and PII automatically during collection season. Agent classifies, encrypts, and receipts — human approves policy once.
Cloak Files →Protect privileged documents before upload, email, or AI review. DRM controls who reads, prints, or forwards. Receipts prove chain of custody.
Cloak Vault →Give AI coding agents scoped signing and key operations without exposing raw secrets. Start in the software sandbox; move to HSM custody when needed.
Cloak KMS →Agent-assisted approval workflows, AATL-signed PDFs, and controlled document release with full human oversight and audit logs that satisfy regulators.
Batchsign →Each product solves a specific problem. Together, they cover the full data protection workflow.
End-to-end file encryption for professionals. Web, Android, iOS. Files encrypted on the client — the server never sees plaintext. Optional HSM-backed keys via Cloak KMS.
KMS for software-key trials and multi-HSM custody. Free users start in a SoftHSM sandbox; try a smartcard HSM, then move to YubiHSM 2, AWS CloudHSM, or BYO HSM. Consultation and integration assistance available.
File DRM and secure sharing. Control read-only, no-download, expiry, and revoke access — on PDF, images, markdown, and text. True end-to-end encryption.
Server-side Adobe AATL-compliant PDF signing. Batch workflows with signing receipts. Integrates with Cloak KMS for HSM-backed certificate custody.
Start with Cloak Files for file protection and a SoftHSM sandbox key for development. When keys must never leave hardware, try a smartcard HSM, then move to YubiHSM 2, AWS CloudHSM, or BYO HSM for regulated industries, enterprise compliance, or AI agents that need cryptographic trust anchors. Same API, same receipts, stronger custody path — with consultation available if you'd like a hand.
Six steps from request to verified receipt. Humans set policy once; agents operate within it.
Human or agent asks to protect a file, key, PDF, or signing task. Natural language or structured JSON.
Local AI classifies the data sensitivity and recommends the protection policy. No content leaves the network.
Human approves budget, policy, and any sensitive operation outside pre-approved scope.
Agent calls Cloak Files or Cloak KMS APIs (Vault and Batchsign agent surfaces coming soon). Operations run inside approved policy.
System returns a signed JSON/PDF audit receipt with actor, policy, key reference, timestamp, and verification URL.
Revoke, rotate, re-sign, reclassify, or export audit logs. Policy evolves; receipts remain verifiable.
AI agents — Claude, Cursor, AutoGen, your own pipelines — can call Cloak Files and Cloak KMS directly using the Model Context Protocol. Cloak Vault and Batchsign MCP surfaces are coming next. No API key gymnastics. Scoped credentials with expiry, rotation, revocation, and a full audit trail per session.
/.well-known/mcp.json and llms.txt for agent discoveryStart free. Pay when you protect things that matter.
CLI, SDK, Agentic AI (MCP) in a SoftHSM software-key sandbox, sample receipts. Strict limits — not for production.
Start freeSmartcard HSM custody, up to 10 keys, unlimited file ops, and Agentic AI (MCP) on all your keys. One account.
Start free →Cloak Gateway with your user-owned HSM devices, up to 50 keys, 5 seats, Agentic AI, and consultative setup.
Book a consultation →Enterprise HSM & signing from $2,000/month. View all plans →
Cloak publishes a public governance charter: three filters every product decision and every agent operation passes through. Data sovereignty, equal agent access, and verifiable societal benefit — not marketing language, operational constraints.
No support agent, sales agent, or external service accesses raw key material or decrypted customer content.
Use cases involving malware, credential theft, non-consensual surveillance, or evasion of lawful access are blocked.
Every protected operation produces an audit receipt understandable by both humans and machines.
Free developer tier starts in a SoftHSM software-key sandbox. Try a smartcard HSM, then move to YubiHSM 2, AWS CloudHSM, or BYO HSM — with consultation and integration assistance for enterprises and businesses.
Cloak Pte. Ltd. · Paya Lebar Square #06-28 · Singapore 409051 · sales@cloakapps.com