Short version: For the website, we collect the minimum we need to respond to school enquiries and send the newsletter. For the Cloak Check browser extension, we collect nothing at all — every check runs locally in your browser and no data is transmitted anywhere. We don't sell data, we don't use trackers, and you can ask us to delete anything we hold about you at any time.

1. Who we are

Cloak is a cyber safety education brand for teenagers. It's a product of Solid Code Solutions Ltd, an IT consultancy based in Leamington Spa, UK.

For the purposes of UK GDPR and the Data Protection Act 2018, the data controller for this website is:

2. What we collect

We only collect personal data when you choose to give it to us.

When What we collect Why
You register interest as a parent or school Your name, email, school or organisation, role, and anything you choose to write in the optional "what would be most useful?" field To follow up about Cloak's school programme as it takes shape
You subscribe to the newsletter Your email address To notify you when we publish new content
You email us directly Your email address and anything you choose to put in the message To reply to you
You visit any page Standard server logs (IP address, browser type, pages viewed, timestamp) held by our hosting provider Security, abuse prevention, basic operational diagnostics

We do not currently use website analytics (e.g. Google Analytics), advertising trackers, or social media pixels. If we add any of these in future, we'll update this policy and add a cookie consent banner first.

The table above covers the website only. The Cloak Check browser extension is covered separately in section 10 — it transmits no data of any kind and is not represented in any row above because there is nothing to collect.

3. Why we use it (lawful basis)

4. If you're under 18

Cloak is aimed at teenagers aged 13–18. We're aware that many of our visitors are minors, and we follow the ICO's Age Appropriate Design Code (the "Children's Code").

What that means in practice:

5. Who we share data with

We don't sell your data. We share it only with the providers we use to actually run the site and respond to you:

We may also disclose data where we're legally required to (for example, in response to a court order, or to protect someone from serious harm).

6. Cookies and tracking

This website does not currently set any cookies on your device, and we don't use analytics or advertising trackers.

Third-party services we link to or embed (TikTok, YouTube, Instagram) will set their own cookies once you click through to them. Their cookie policies apply on their own sites.

7. How long we keep data

8. International transfers

Some of our service providers (notably Netlify and Google) are based in the United States and may process your data there. Where this happens, transfers are protected by the EU–US / UK Data Privacy Framework or by Standard Contractual Clauses, in line with UK GDPR requirements.

9. Your rights

Under UK GDPR, you have the right to:

To exercise any of these, email us using the address in section 12. We'll respond within one month.

If you're unhappy with how we've handled your data, you have the right to complain to the Information Commissioner's Office (ICO), the UK's data protection regulator. We'd appreciate the chance to put things right first, but it's your call.

10. The Cloak Check browser extension

Cloak Check is a free, open-source browser extension we publish on the Chrome Web Store. It scans the page you're currently looking at for cyber security signals (HTTPS use, lookalike domain tricks, missing security headers, phishing patterns, and so on) and shows you a traffic-light verdict in plain English.

The extension is built around one promise: nothing about your browsing leaves your browser.

What the extension reads

To produce a verdict for the page you're on, the extension reads:

This inspection happens locally inside your browser. The extension does not record what you read, what you type, what you click, or which pages you visit over time.

What the extension stores

Scan results are written to chrome.storage.session, a per-session RAM-only area provided by Chrome that is wiped automatically when you close the browser. The extension does not use chrome.storage.local, IndexedDB, or any other persistent storage, and writes nothing about your browsing to disk.

What the extension transmits

Nothing. The extension makes no network requests to our servers or to anyone else's, because there is no server. Cloak Check has no backend, no telemetry, no analytics, no error reporting, no remote configuration, and no update channel beyond the Chrome Web Store's standard distribution. The source ships unminified, so any of this can be verified by inspecting the unpacked extension.

Permissions, in plain English

Chrome asks you to approve the following permissions when you install the extension. Each one is used for the specific purpose described below and nothing else:

Children and the extension

Because the extension transmits no data of any kind, it does not collect personal information from anyone, including under-18s. Nothing about the analysis or the storage changes based on who's using it. A parent or guardian who wants to verify the extension's behaviour can inspect the source or contact us at the address in section 12.

If this ever changes

If a future version of the extension changes any of the above — for example, if we were ever to add an opt-in feature that transmitted data — we would update this policy first, update the Chrome Web Store listing, and ask for explicit consent within the extension before any new data flow began.

Reporting an issue

Bugs, wrong verdicts, or anything else about the extension can be reported on the Cloak Check support page.

11. Changes to this policy

If we change this policy in a way that materially affects you (for example, if we add analytics or change who processes your data), we'll update the "last updated" date at the top of this page and, where appropriate, notify you by email or with a banner on the site.

12. Contact us

For anything privacy-related — data requests, questions, complaints, or concerns about a young person's data — get in touch: