Privacy Policy

1. Overview

This Privacy Policy (“Policy”) describes how Cloakworth LLC, a Wyoming limited liability company (“Cloakworth,” “we,” or “our”), collects, uses, discloses, and protects personal information through our website at www.cloakworth.com (the “Site”) and our digital security services (the “Services”). By using the Site or Services, you agree to this Policy.

2. Information We Collect

2.1 Information You Provide

We collect information you submit directly, including:

• Contact details: name, email, phone, mailing address.
• Intake information: referral source, security concerns, household members, advisory team contacts.
• Account and financial identifiers necessary for SIM swap protection, account hardening, and credit monitoring.
• Payment information (processed by third-party processors; we do not store full card numbers).
• Communications with Cloakworth, including emails, call logs, and consultation notes.

2.2 Information Collected Through Service Delivery

In performing the Services, we collect:

• Data broker exposure: your information as listed on data broker sites, people-search engines, and public records databases (addresses, phone numbers, family members, estimated net worth, property records).
• Dark web and breach data: compromised credentials and PII discovered through monitoring.
• Public records: government databases, corporate filings, FAA/FEC records, court filings.
• Device and network data: device inventories, OS versions, network configurations, security key assignments, SIM lock status.
• Digital footprint data: social media exposure, EXIF metadata, fitness app routes, transaction visibility settings, MLS photos.
• Incident response data: forensic data and communications with carriers, financial institutions, and law enforcement generated during incident response.

2.3 Automatically Collected Information

When you visit the Site, we collect device and browser information (IP address, browser type, OS), usage data (pages visited, referring URLs), and strictly necessary cookies for site functionality. We do not use advertising cookies or cross-site tracking.

2.4 Third-Party Sources

We receive information from referring professionals (name, contact information, general description of needs), data brokers and public sources (as part of assessment and monitoring), credit bureaus (with your authorization), and telecommunications carriers (in connection with SIM swap protection).

3. Use of Information

We use personal information to:

• Deliver the Services, including assessments, data broker removal, monitoring, account hardening, and incident response.
• Communicate with you regarding service updates, security incidents, and emerging threats.
• Coordinate with your designated professional advisors as you authorize.
• Process payments and maintain business records.
• Improve our services and develop threat detection methodologies.
• Comply with legal obligations and enforce our contractual rights.

4. Disclosure of Information

We disclose personal information only as follows:

• Service providers: vetted vendors assisting in service delivery (data broker removal platforms, monitoring services, cloud providers, payment processors), each bound by confidentiality obligations.
• Your professional advisors: with your authorization, we share security status and reports with your designated wealth advisors, attorneys, CPAs, and family office personnel.
• Carriers and financial institutions: as necessary to perform SIM swap protection, account hardening, and incident response on your behalf.
• Legal requirements: where compelled by law, regulation, legal process, or enforceable governmental request, or where necessary to prevent physical harm or financial loss.
• Business transfers: in connection with a merger, acquisition, or sale of assets, subject to the commitments in this Policy.
• With your consent: in other circumstances with your explicit authorization.

5. No Sale of Personal Information

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

6. Data Retention

We retain personal information for the duration necessary to fulfill its purpose:

• Engagement records: duration of engagement plus seven (7) years.
• Assessment and remediation documentation: duration of engagement plus three (3) years.
• Incident response records: minimum seven (7) years from incident date.
• Billing records: seven (7) years.
• Non-client consultation inquiries: two (2) years.
• Automatically collected site data: thirteen (13) months.

Expired data is destroyed using industry-standard methods.

7. Security

We implement measures that meet or exceed industry standards, including: encryption in transit (TLS 1.2+) and at rest (AES-256), multi-factor authentication on all internal systems, role-based least-privilege access controls, regular penetration testing, SOC 2-compliant cloud infrastructure, and binding confidentiality agreements for all personnel. No security system is impenetrable, and we cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict processing of, port, or object to processing of your personal information, and to withdraw consent where processing is consent-based. To exercise these rights, contact us at hello@cloakworth.com. We will respond within the timeframe required by applicable law. Given the sensitive nature of our Services, we may require enhanced identity verification.

9. State Privacy Disclosures

California residents have rights under the CCPA/CPRA, including the right to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell or share personal information as defined under the CCPA/CPRA. Residents of other states with comprehensive privacy laws (including Colorado, Connecticut, Texas, Virginia, and others) may exercise rights under their applicable statutes by contacting us.

10. Children

The Site is not directed to individuals under eighteen (18). Our Services may include protections for minor children within a client household, authorized by a parent or legal guardian, limited to the scope of the engagement agreement. Contact us immediately if you believe we have collected a child’s information without proper authorization.

11. International Transfers

Cloakworth is based in the United States. Information may be transferred to and processed in the United States, where data protection laws may differ from your jurisdiction. Where required, we implement appropriate safeguards for cross-border transfers.

12. Changes

We may update this Policy at any time by posting the revised version on the Site. Active clients will receive direct notice of material changes. Continued use constitutes acceptance.

13. Contact

Cloakworth LLC | hello@cloakworth.com | www.cloakworth.com

14. Governing Law

This Policy is governed by the laws of the State of Wyoming, without regard to conflict of law principles, except as superseded by applicable federal law or mandatory state privacy laws.