Privacy Policy

Last updated: 24 April 2026

Cloak VPN is built around a simple idea: the less we know, the less we can leak. This page is a plain-English description of exactly what we collect, how we store it, and what we hand over to third parties. If anything here changes, we will update the "Last updated" date above and note the change in our warrant canary.

What we collect

We collect the minimum information required to charge you for a subscription and provision a VPN tunnel.

• Email address — collected by Stripe during checkout. We use it only to (a) associate a subscription with a device configuration, (b) deliver your welcome instructions and magic-link sign-in, and (c) send service-critical notices (e.g. expiring card). We do not send marketing email.
• Stripe customer ID — an opaque identifier that lets us check whether your subscription is currently active when you request a device configuration.
• Subscription tier and expiry date — so we know how many device slots you are allowed and when to revoke access if your subscription lapses.
• WireGuard public keys that we issue to your devices. These are not linked to you by name — only by your account record. A public key is not secret and cannot be used to decrypt traffic.
• Internal VPN IPs that we assign to each device (e.g. 10.99.0.5). These are private addresses inside our own subnet and are not related to your real-world IP address.

What we do not collect

• Your real IP address when you connect to the VPN. We do not log it. Cloudflare sees it for the cloakvpn.ai marketing site and Stripe sees it at checkout; we never receive it ourselves after that.
• Traffic logs. We do not record which sites you visit, DNS queries you make, bytes transferred, or timing of any connection.
• Connection logs. We do not record when you connect or disconnect.
• Device identifiers. We do not collect IMEI, advertising IDs, MAC addresses, or device model information.
• Real name, address, or phone number. We do not ask for any of these and our checkout form does not request them.

How logs are stored (or not)

Our VPN concentrators run standard Linux servers. System journals (/var/log) are mounted as tmpfs, meaning they live only in RAM and are wiped on every reboot. We do not forward system logs to any external service. WireGuard and Rosenpass do not produce per-connection logs by default, and we have not changed that. We do not use any application-level logging that records user activity.

Third parties we rely on

• Stripe, Inc. — processes payments and holds your payment instrument. We never see your card details. Stripe's privacy policy applies to that data: stripe.com/privacy.
• Cloudflare, Inc. — serves our marketing website (cloakvpn.ai) and provides TLS. Cloudflare sees the IP of visitors to our site, same as any CDN. Cloudflare does not sit between you and our VPN concentrators — those connections go directly to our servers.
• Hetzner Online GmbH — hosts our VPN concentrators in Finland and Germany. Hetzner has no access to what runs inside your encrypted tunnel.

Retention

We keep your account record (email, Stripe customer ID, subscription tier, and device public keys) only while your subscription is active and for 30 days after it ends, to handle refunds and resubscriptions cleanly. After 30 days of inactivity, the record is permanently deleted. You can request earlier deletion by emailing [email protected] — we will process it within 7 days.

Your rights

• Access: email support and we will send you every row we hold tied to your account. There will be one row.
• Deletion: email support and we will delete your record and revoke all active device configs within 7 days.
• Correction: email support if any field is wrong (most likely: your email address).
• Portability: same as access — we send you the row in JSON.

Cookies on this site

cloakvpn.ai uses a single first-party cookie set by Cloudflare for DDoS protection. We do not use analytics, tracking pixels, session replay, or advertising cookies. We do not embed social media widgets. The checkout flow redirects to Stripe, which sets its own cookies necessary to complete payment.

Children

Cloak VPN is intended for users 18 and older. We do not knowingly collect data from anyone under 18.

Legal requests

If we ever receive a legal demand for user data, we will disclose only what we have, which by design is very little. We maintain a warrant canary on this site at /canary.html; if that page is ever removed or not updated on its posted schedule, treat that as a signal.

Changes to this policy

If we change what we collect or how we handle it, we will update the "Last updated" date at the top and note the change in the warrant canary so existing users can see the diff. Material changes will also be emailed to active subscribers.

Contact

Email us at [email protected].