Cloak Vault · Document DRM and access policy

Control your documents
after you send them.

Cloak Vault applies DRM policy to any document — read-only, no-download, no-print, time-limited. Policies are enforced server-side, not by the file. Revoke access remotely, any time, even after the recipient has a copy.

Start free → Book a demo
Server-enforced policy Remote revoke any time Every view is logged
Vault — Document Policy
Protected document
Due_Diligence_Report_Q2.pdf
Protected · 2.4 MB
Access policy
Read only No download No print Expires 2025-09-30
Recipients
buyer@investco.com Opened · 3 times
legal@investco.com Not yet opened

Stop losing control of sensitive documents

Once you email a file, you've lost control — unless you sent it through Vault.

Due diligence data rooms

Share financial models, due diligence packs, and confidential business plans with buyers under read-only policy. Auto-revoke when the deal closes or collapses. Know exactly who read what and when.

Client report delivery

Deliver consultant reports, legal opinions, and strategy documents to clients without them forwarding to competitors. Read-only policy means they see the content but can't extract it.

Regulatory disclosures

Share audit-required documents with regulators or external auditors under strict time limits. The access log is your compliance evidence — every open, every denial, timestamped and signed.

IP-sensitive creative work

Designers and agencies can share unreleased assets with clients for review without the work leaking. No-download, watermarked preview mode keeps your IP under control through the approval cycle.

Board and executive packs

Distribute board packs with market-sensitive information. Auto-revoke after the meeting. Log which directors accessed materials before the meeting — useful for insider trading governance.

Automated via API Coming soon

Coming soon: a Vault API and MCP surface that let your CRM or AI agent protect documents programmatically — accepting any file type and returning a policy-wrapped version plus a signed receipt in a single call. Today, Vault is browser- and client-app-only.

Server-enforced — not file-enforced

Traditional DRM bakes restrictions into the file. Vault enforces policy server-side — so it works even after the file has been forwarded, downloaded, or copied.

Traditional file-level DRM
  • Restrictions embedded in file — can be stripped
  • No way to revoke after delivery
  • No view log — you can't see who opened it
  • Forwarding bypasses all restrictions
Cloak Vault server-enforced DRM
  • Policy lives on server — impossible to strip from the file
  • Remote revoke at any time — even after forwarding
  • Full view log — who, when, which device
  • Forwarding is irrelevant — key stays on server

Simple Vault pricing

Protect up to 100 documents free. Upgrade when your team needs more.

Team
$19/mo

5 users · 100 protected docs

  • Read-only + no-download policy
  • View log + remote revoke
  • Email + link sharing
Email for quote →
Recommended
Business
$49/mo

Unlimited users · unlimited docs · API access

  • Everything in Team
  • REST API + MCP tools (coming soon)
  • CSV / JSON export for compliance
  • Priority support
Email for quote →
View full pricing including bundles →

Cloak Vault — free apps

Vault free tier ships in the desktop and mobile apps. No web signup required — install, create an account inside the app, and start protecting documents.

Windows
Windows 10 / 11
macOS
macOS 11+
Linux
.deb (Debian / Ubuntu)

Mobile apps: search "Cloak Vault" on the App Store or Google Play.

All apps are free. A paid Team or Business plan adds team management and policy controls — email us for a quote.

Take back control of your documents

Free Cloak Vault is available in the mobile and desktop apps — no web signup. For team or business deployments, email us for a quote.

Download free app ↓ Email for team/business quote

Governed by the OMMAU Charter — humans authorize, agents execute, receipts prove it.