Cloak encrypts files, manages HSM-backed keys, applies DRM policy, and signs documents — automatically, on behalf of your team and your AI agents. Every operation returns a signed audit receipt.
{
"actor": "claude-desktop / agent-session-A7F2",
"operation": "file_protected",
"file_type": "pdf",
"policy": "professional-workspace-v2",
"key_ref": "hsm://kms.cloakapps.com/keys/k-9a3b",
"timestamp": "2026-04-30T09:14:22Z",
"receipt_id": "rcpt_4xKmP9vLq2Yw",
"signature": "MEYCIQDx4... (AATL)",
"verify_url": "https://cloakapps.com/verify/rcpt_4xKmP9vLq2Yw"
}Every protection operation — human or agent — produces a tamper-evident signed receipt.
The same friction that stopped file encryption before — agents remove it entirely.
Protect client tax files, payroll records, and PII automatically during collection season. Agent classifies, encrypts, and receipts — human approves policy once.
Cloak Files →Protect privileged documents before upload, email, or AI review. DRM controls who reads, prints, or forwards. Receipts prove chain of custody.
Cloak Vault →Give AI coding agents HSM-backed signing and key operations without exposing raw secrets. MCP interface, scoped credentials, audit logs, key rotation.
Cloak KMS →Agent-assisted approval workflows, AATL-signed PDFs, and controlled document release with full human oversight and audit logs that satisfy regulators.
Batchsign →Each product solves a specific problem. Together, they cover the full data protection workflow.
End-to-end file encryption for professionals. Web, Android, iOS. Files encrypted on the client — the server never sees plaintext. Optional HSM-backed keys via Cloak KMS.
HSM-as-a-Service. Generate, protect, and operate keys behind real hardware security modules without owning HSM infrastructure. Native MCP for AI agents.
File DRM and secure sharing. Control read-only, no-download, expiry, and revoke access — on PDF, images, markdown, and text. True end-to-end encryption.
Server-side Adobe AATL-compliant PDF signing. Batch workflows with signing receipts. Integrates with Cloak KMS for HSM-backed certificate custody.
Start with Cloak Files for file protection. Upgrade to the HSM-Protected Workspace when keys must never leave hardware — for regulated industries, enterprise compliance, or AI agents that need cryptographic trust anchors. Same API, same receipts, keys now backed by real HSM hardware.
Six steps from request to verified receipt. Humans set policy once; agents operate within it.
Human or agent asks to protect a file, key, PDF, or signing task. Natural language or structured JSON.
Local AI classifies the data sensitivity and recommends the protection policy. No content leaves the network.
Human approves budget, policy, and any sensitive operation outside pre-approved scope.
Agent calls Cloak Files, KMS, Vault, or Batchsign APIs. Operations run inside approved policy.
System returns a signed JSON/PDF audit receipt with actor, policy, key reference, timestamp, and verification URL.
Revoke, rotate, re-sign, reclassify, or export audit logs. Policy evolves; receipts remain verifiable.
AI agents — Claude, Cursor, AutoGen, your own pipelines — can call Cloak tools directly using the Model Context Protocol. No API key gymnastics. Scoped credentials with expiry, rotation, revocation, and a full audit trail per session.
/.well-known/mcp.json and llms.txt for agent discoveryStart free. Pay when you protect things that matter.
CLI, SDK, MCP demo, test keys, sample receipts. Strict limits — not for production.
Start freeFile protection, PDF policy, receipts, dashboard, email support. For accountants, lawyers, consultants.
Start trial →MCP access, HSM-backed key option, audit API, higher limits, agent session billing.
See details →Enterprise HSM / signing from $2,000/month. View all plans →
Cloak publishes a public governance charter: three filters every product decision and every agent operation passes through. Data sovereignty, equal agent access, and verifiable societal benefit — not marketing language, operational constraints.
No support agent, sales agent, or external service accesses raw key material or decrypted customer content.
Use cases involving malware, credential theft, non-consensual surveillance, or evasion of lawful access are blocked.
Every protected operation produces an audit receipt understandable by both humans and machines.
Free developer tier. No credit card. MCP tools available in minutes.
Cloak Pte. Ltd. · Paya Lebar Square #06-28 · Singapore 409051 · sales@cloakapps.com