Security & Responsible Disclosure
Last updated June 26, 2026
Cloackit takes the security of the platform and your data seriously. This page summarizes our measures and how to report issues responsibly.
Our measures
- Encryption in transit (TLS) for the dashboard, API, and hosted pages.
- Hashed passwords and scoped API keys you can rotate at any time.
- Least-privilege access controls and activity logging.
- Regular dependency and infrastructure updates.
Reporting a vulnerability
If you discover a security issue, please report it privately to security@cloackit.com before disclosing it publicly. Include enough detail to reproduce it.
Safe harbor
We will not pursue good-faith security research that respects user privacy, avoids service disruption and data destruction, and gives us reasonable time to remediate.
Out of scope
Do not run denial-of-service tests, access other users' data, or social-engineer our staff or customers.
Operator of Cloackit
OXIZO COMMERCE LLC
JURE KALFIC, Sole Member
900 Bonita Dr
Aspen, CO 81611
United States
support@cloackit.com
JURE KALFIC, Sole Member
900 Bonita Dr
Aspen, CO 81611
United States
support@cloackit.com
More policies
Terms of ServiceAcceptable Use PolicyPrivacy PolicyCookie PolicyData Processing AddendumRefund & Cancellation PolicyDisclaimerCopyright / DMCA PolicyService Level CommitmentSubprocessorsAML & KYC PolicyAnti-Spam & Communications PolicyFair Use & Rate LimitsAccessibility StatementBilling & Payment ProcessingCompliance & Restricted UsesChildren's Privacy