CloakShare CloakShare
Log in Get API Key

Security

Cloak is built security-first. Here's how we protect your documents and videos at every layer.

Canvas-based rendering

Documents are rendered to images server-side, then drawn to an HTML Canvas element in the browser. This prevents right-click save, drag-and-drop, and DOM-based content extraction. The original file is never transmitted to the viewer.

Video security

Videos are transcoded to HLS (HTTP Live Streaming) with multiple quality tiers. Each segment is served via time-limited signed URLs that expire after 60 seconds and are refreshed per-request. A canvas overlay draws the viewer's email as a watermark on every frame of the video.

  • + Per-segment signed URLs prevent direct download of video files
  • + Canvas watermark overlay is separate from the video stream (cannot be stripped)
  • + Picture-in-Picture and download buttons are disabled
  • + Context menu disabled on video container
  • + Safari/iOS uses dynamic manifests with pre-signed URLs baked in

Dynamic watermarks

Every document page and video frame is watermarked with the viewer's email, date, and a unique session ID. Watermarks are rendered diagonally across the canvas, making screenshots traceable back to the specific viewer and session.

Signed URLs

Page images are served via time-limited signed URLs that expire after 5 minutes. Video segments use 60-second signed URLs refreshed per request. They cannot be bookmarked or shared. Each viewer session generates fresh URLs.

Print & screenshot protection

CSS @media print rules hide content during print. The Permissions-Policy: display-capture=() header blocks browser-level screen capture APIs. Context menus are disabled on the viewer.

Access controls

Links support email gates, domain restrictions (e.g., only @acme.com), password protection, view count limits, and time-based expiry. Access can be revoked instantly via API. Teams with RBAC ensure only authorized members manage links.

Encryption & infrastructure

All data is encrypted in transit (TLS 1.3) and at rest. API keys are hashed with SHA-256. Passwords are hashed with bcrypt (12 rounds). Webhook payloads are signed with HMAC-SHA256.

Audit log

Every action is recorded in an immutable audit log: link creation, view events, settings changes, team membership updates, and API key rotations. Available via API and dashboard.

GDPR compliance

Cloak provides a GDPR data deletion endpoint (DELETE /v1/viewers/:email) that removes all view records and sessions for a given email address. View data is stored only for the purpose of analytics and can be deleted at any time.

Open source

Cloak's core is open source (MIT license). You can audit the code, self-host on your own infrastructure, and verify every security claim. No black boxes.