# Cloaked
> A mobile app and API for privacy-first onchain accounts with multisig.
## Cloaked
### The Problem
Onchain activity is public by default. If someone knows one of your addresses, they can see your balance, who you pay, who pays you, and your full transaction history. ENS names, social profiles, and even a single transaction can link your identity to all of this.
### What Cloaked Does
Cloaked uses stealth addresses to separate your financial activity from your public identity. Every payment you receive goes to a fresh address that only you can control — keeping your balances, counterparties, and transaction history confidential by default.
Cloaked handles the complexity — address derivation, blockchain scanning, balance aggregation, transaction construction — while you keep full custody of your funds. The service coordinates; only you hold the keys.
### Benefits
* **Per-payment addresses** — each deposit lands at a unique address, so your transaction history stays private
* **Confidential balances** — people who pay you don't see what you hold or who else pays you
* **ENS-native** — receive funds at `username.clkd.eth` or share a `username.clkd.id` payment page; privacy happens automatically
* **Self-custody** — Cloaked never holds your funds or private keys; everything is recoverable via the [open-source SDK](https://recovery.clkd.xyz/)
* **Passkey or wallet** — register with a biometric passkey or connect an existing wallet
* **Teams** — multisig accounts with k-of-n threshold signing for organizations
* **API & SDK** — programmatic access for server-to-server integrations, agents, and automated operations
### Supported Networks & Tokens
Cloaked currently supports **Ethereum** and **Base**. Supported tokens come from the [Uniswap default token list](https://tokenlists.org/) — a curated allowlist of established ERC-20s — plus native ETH on every chain. If you're interested in additional networks, [reach out](support@clkd.xyz).
### Use Cases
* **Individuals** — use the browser wallet to send and receive with stealth addresses → [Using Cloaked](/docs/using-cloaked)
* **Teams & organizations** — multisig accounts with API access → [Developers](/docs/developers)
* **Builders** — integrate stealth address payments into your app via API/SDK → [API Reference](/docs/api-reference)
### How It Works
See [How It Works](/docs/how-it-works) for a full technical deep dive into stealth addresses.
## How It Works
Cloaked supports stealth addresses by separating **coordination** from **control**.
The system is designed so a server can handle the heavy operational work required for stealth addresses (such as address derivation, scanning, balance tracking, and transaction construction) without ever gaining the ability to move funds.
This is achieved using a capability-based key derivation model.
### Key Derivation Model
When you register, your wallet signs a Cloaked-specific message that is bound to your device and protected by your PIN. On the client, this signature is deterministically transformed into two **scoped cryptographic capabilities**:
* **Viewing capability**\
Shared with the service. Allows detection of which stealth addresses belong to you, enables balance tracking, and allows the service to derive new stealth addresses.
* **Spending capability**\
Retained entirely by the client. Required to authorize and sign transactions from stealth addresses.
These capabilities are not wallet private keys. They are derived, scoped, and re-derivable from your wallet, and only your wallet can authorize spending. The spending capability never leaves your device.
This separation allows the service to coordinate stealth addresses on your behalf without custody or signing authority.
### Receiving Funds
When someone sends you funds, they use your [ENS](https://ens.domains/) name.
Behind the scenes, the service:
* Derives a unique stealth address for each payment
* Monitors the blockchain for funds sent to that address
* Aggregates balances across all stealth addresses associated with you
Each payment lands at a distinct onchain address. Observers cannot easily link payments together or associate them with your identity or ENS name.
Senders never see your other stealth addresses, past or future.
Advanced
##### Stealth Address Derivation
Stealth addresses are derived using elliptic-curve Diffie–Hellman (ECDH), following the principles described in [ERC-5564](https://eips.ethereum.org/EIPS/eip-5564) and related implementations (e.g. Umbra).
Address creation requires only public data derived from your spending and viewing keys. No private keys are shared with senders.
In Cloaked’s architecture, address derivation and scanning are handled off-device for performance and UX, while spending authority remains entirely client-side.
### Sending Funds
Stealth addresses fragment your balance across many independent addresses. Sending funds requires safely recombining those balances.
At a high level, the service:
* Selects funds from one or more stealth addresses
* Constructs a transaction covering the send amount and fees
* Routes any change to a newly derived stealth address to avoid reuse
Your self-custody wallet authorizes and signs all transactions.
Advanced
Cloaked uses [EIP-7702](https://eips.ethereum.org/EIPS/eip-7702) to upgrade stealth EOAs into [Porto](https://porto.sh/) smart accounts, imbuing Cloaked stealth addresses with the flexibility of smart accounts such as in-kind gas sponsorship and support for operations like swaps and bridging. This makes it practical to combine funds from many stealth addresses into a single send while preserving privacy and avoiding address reuse. All execution is explicitly authorized by the user’s wallet, while the service handles transaction coordination without requiring the user to deploy or manage smart contracts.
{/* Auto-generated by scripts/generate-api-reference.ts — DO NOT EDIT */}
import { ServerSelector, BearerTokenInput } from '../../components/api-reference/AuthPanel';
import { EndpointCard } from '../../components/api-reference/EndpointCard';
## API Reference
Download OpenAPI Spec
### Authentication
The API accepts two types of Bearer tokens:
* **JWT** — Obtain one instantly by completing the Sign-In with Ethereum (SIWE) flow below (GET /nonce → POST /verify). JWTs are short-lived session tokens.
* **API Key** — Long-lived platform keys for server-to-server integrations. Contact us at [support@clkd.xyz](mailto\:support@clkd.xyz) to request one.
Pass either token in the `Authorization` header — the server auto-detects the format.
**Important:** The address used for authentication must be the address derived from your private spending key (`privateKeyToAccount(p_spend)`), NOT your connected wallet address. The server identity is this derived auth address — your wallet address never touches the server.
Endpoints marked with 🔒 require a valid Bearer token.
#### Get HPKE public key
#### Validate invite code
#### Get nonce
#### Verify sign-in
#### Logout
### Account Management
Account creation, signers, subdomains, and setup
#### Check subdomain availability
#### Create account
#### Get account
#### List account signers
#### Add account signer
#### Get account config
#### Set subdomain
#### Generate subdomain
### Recovery
Optional recovery hierarchy — orgs recover teams, teams recover accounts. Without a team, an account can only be recovered by its own signers.
#### Create team
#### Get team
#### Add team account
#### Create org
#### Get org
### Receive
Payment address generation, receive pages, and ENS resolution
#### Get receive page
.clkd.id).","parameters":[{"schema":{"type":"string"},"in":"path","name":"username","required":true,"description":"Username/subdomain"}],"responses":[{"status":"200","description":"HTML page with stealth address and QR code","schema":{"type":"string"}},{"status":"400","description":"Default Response","schema":{"type":"object","properties":{"error":{"example":"Bad request","type":"string"},"message":{"type":"string"},"code":{"example":"BAD_REQUEST","type":"string"}},"required":["error","message"]}},{"status":"404","description":"Default Response","schema":{"type":"object","properties":{"error":{"example":"Not found","type":"string"},"message":{"type":"string"}},"required":["error","message"]}}],"requiresAuth":false}} />
#### Create payment address
#### Resolve ENS
### Send
Quoting, submitting, and managing transactions
#### Get quote signer public key
#### Create quote
#### List quotes
#### Submit quote signatures
#### Submit transaction
#### Unlock spendables
#### Get max sendable
### Balance & Activity
Balance queries, transaction history, and supported tokens
#### List supported chains
#### Get token catalog
#### Get balances
#### Get chain balances
#### Get token balance
#### Get activities
### Swap
#### Get max swappable
#### Create swap preview
#### Create swap quote
### Bridge
#### Get bridge status
#### Get bridge swaps
#### Create bridge swap
## Developers
Cloaked provides API and SDK access for integrating Cloaked into your application or automating operations for teams. This page covers account types, authentication methods, API access, and signing flows.
### Account Types
#### Individual
Created automatically on registration. One signer, threshold of 1. Everything described in [How It Works](/docs/how-it-works) applies — an individual account is the default.
#### Team
Multiple signers with k-of-n threshold signing. Team accounts are created via the API and support:
* Configurable signer count and threshold (e.g. 2-of-3)
* API-key authenticated operations (payment address generation, quotes)
* Async signature collection — signers don't need to be online simultaneously
* Auto-relay when the signing threshold is met
### Authentication Methods
Cloaked's key model requires a single high-entropy secret to derive viewing and spending capabilities. The SDK is agnostic about where that secret comes from — any source that can produce a deterministic, reproducible value works.
#### Wallet Signatures
Sign a deterministic message with any EOA wallet (MetaMask, Rabby, hardware wallets, etc.). The signature is transformed into scoped capabilities via the same derivation described in [Key Derivation](/docs/how-it-works#key-derivation-model). A [PIN](/docs/faq#what-is-the-pin) is also required when using wallet connect — it is combined with your wallet address to construct the message your wallet signs, adding an explicit confirmation step that protects against blind signing. Passkey users do not need a PIN since the biometric prompt itself serves as the confirmation step.
#### Passkey PRFs
The [WebAuthn PRF extension](https://w3c.github.io/webauthn/#prf-extension) allows passkeys to return a deterministic secret bound to a relying party. No wallet required — biometric authentication (Face ID, fingerprint, Windows Hello) produces the entropy directly. Browser-native, phishing-resistant, and works on any device with a platform authenticator.
#### Embedded Wallets & Agents
For programmatic and agent use cases, embedded wallet providers (Privy, Turnkey, Fireblocks, etc.) can supply the signing entropy. This enables:
* Automated payment address generation
* Server-initiated sends via API keys
* Agent-driven operations without human-in-the-loop signing
### API Access
Team accounts authenticate via API keys for server-to-server integration. The API supports:
* **Payment addresses** — generate stealth addresses programmatically
* **Quotes** — coin selection and fee estimation
* **Sends** — build transactions, collect signatures, auto-relay
Individual accounts can also use API keys for the same operations.
### Signing Flow
#### Individual
The client signs the transaction directly, and it is relayed immediately.
#### Team
1. A quote locks the stealth addresses needed to cover the send amount
2. A transaction intent (the unsigned transaction details) is created from the quote, producing a digest
3. Each signer retrieves their derived key material and signs the digest
4. When the threshold is met, the transaction is assembled and relayed automatically
Signers can submit signatures independently and asynchronously — no coordinated online session is required.
## Frequently Asked Questions
### What is a stealth address?
An Ethereum address that only the recipient can recognize and control, generated using the recipient's public keys. Each payment uses a unique stealth address, so your transaction history and balances aren't publicly visible. [Learn more](https://eips.ethereum.org/EIPS/eip-5564).
### What is ENS?
A decentralized naming system that maps human-readable names (like `username.eth`) to Ethereum addresses and other resources. Cloaked uses ENS as a public entry point for generating stealth addresses. [Learn more](https://ens.domains/).
### What is the PIN?
A 4-digit PIN required only if you register with a connected wallet (MetaMask, Rabby, etc.). Passkey users do not need a PIN — the biometric prompt itself serves as the confirmation step.
The PIN is combined with your wallet address to construct a Cloaked-specific message that your wallet signs. That signature is then used to derive your viewing and spending capabilities. You will be prompted for your PIN whenever an action requires authorization.
The PIN never leaves your device and is never stored by Cloaked.
The primary purpose of the PIN is to interrupt mindless signing by requiring an explicit confirmation step for sensitive actions. Being prompted to enter your PIN is a signal that you are authorizing a sensitive Cloaked action. This makes accidental or blind signing much less likely and helps protect against phishing attempts that rely on tricking users into signing messages without understanding why.
**Important**: Cloaked does not store your PIN. Make sure to store your PIN securely.
### Does Cloaked custody my funds?
No. Cloaked never custodies your funds or private keys. Your funds remain fully under your control and are held onchain at stealth addresses derived from your keys. Only you can authorize and sign transactions. Cloaked provides coordination services (address derivation, balance tracking, and transaction construction) but cannot move funds independently.
### What happens if Cloaked goes offline?
Your funds remain safe and accessible onchain. Since Cloaked does not custody funds, your stealth addresses and their balances are unaffected by service downtime. However, while offline, you won't be able to:
* View your aggregated balance through Cloaked
* Generate new stealth addresses through Cloaked's service
* Construct and send transactions through Cloaked
You can always access your funds independently using the open-source [Cloaked SDK](https://github.com/cloakedxyz/clkd-stealth), which lets you rederive spending capabilities and stealth addresses without relying on the Cloaked service.
Cloaked is designed to pass the “walkaway test”: the system should continue to work even if the service becomes unavailable or the original developers disappear. This reflects a commitment to decentralization and user financial sovereignty.
> “We’re building decentralized applications. Applications that run without fraud, censorship or third-party interference. Applications that pass the walkaway test: they keep running even if the original developers disappear.” - [Vitalik](https://x.com/VitalikButerin/status/2006737662942871574)
If you send transactions from stealth addresses outside of Cloaked (e.g. using the SDK directly or a third-party tool), Cloaked may not be aware of those transactions. This can cause your displayed balance to be incorrect or transactions to appear missing until the system re-syncs.
## How It Works
Cloaked supports stealth addresses by separating **coordination** from **control**.
The system is designed so a server can handle the heavy operational work required for stealth addresses (such as address derivation, scanning, balance tracking, and transaction construction) without ever gaining the ability to move funds.
This is achieved using a capability-based key derivation model.
### Key Derivation Model
When you register, a high-entropy secret is produced on your device — either from a passkey (via biometric prompt) or from a wallet signature protected by a [PIN](/docs/faq#what-is-the-pin). On the client, this secret is deterministically transformed into two **scoped cryptographic capabilities**:
* **Viewing capability**\
Shared with the service. Allows detection of which stealth addresses belong to you, enables balance tracking, and allows the service to derive new stealth addresses.
* **Spending capability**\
Retained entirely by the client. Required to authorize and sign transactions from stealth addresses.
These capabilities are not wallet private keys. They are derived, scoped, and re-derivable from your original secret (passkey or wallet signature). Only you can authorize spending. The spending capability never leaves your device.
This separation allows the service to coordinate stealth addresses on your behalf without custody or signing authority.
### Receiving Funds
When someone sends you funds, they use your [ENS](https://ens.domains/) name.
Behind the scenes, the service:
* Derives a unique stealth address for each payment
* Monitors the blockchain for funds sent to that address
* Aggregates balances across all stealth addresses associated with you
Each payment lands at a distinct onchain address, so your payment history and balances remain confidential — not publicly tied to your identity or ENS name.
Senders never see your other stealth addresses, past or future.
Advanced
##### Stealth Address Derivation
Stealth addresses are derived using elliptic-curve Diffie–Hellman (ECDH), following the principles described in [ERC-5564](https://eips.ethereum.org/EIPS/eip-5564) and related implementations (e.g. Umbra).
Address creation requires only public data derived from your spending and viewing keys. No private keys are shared with senders.
In Cloaked’s architecture, address derivation and scanning are handled off-device for performance and UX, while spending authority remains entirely client-side.
### Sending Funds
Stealth addresses fragment your balance across many independent addresses. Sending funds requires safely recombining those balances.
At a high level, the service:
* Selects funds from one or more stealth addresses
* Constructs a transaction covering the send amount and fees
* Routes any change to a newly derived stealth address to avoid reuse
Your self-custody wallet authorizes and signs all transactions.
Advanced
Cloaked uses [EIP-7702](https://eips.ethereum.org/EIPS/eip-7702) to upgrade stealth EOAs into [Porto](https://porto.sh/) smart accounts, imbuing Cloaked stealth addresses with the flexibility of smart accounts such as in-kind gas sponsorship and support for operations like swaps and bridging. This makes it practical to combine funds from many stealth addresses into a single send while preserving privacy and avoiding address reuse. All execution is explicitly authorized by the user’s wallet, while the service handles transaction coordination without requiring the user to deploy or manage smart contracts.
## Passkey Safety
If you registered with a passkey (instead of connecting an external wallet), your passkey is the primary way to access your account. There is no password reset or seed phrase.
You can create a **backup** — a password-encrypted file containing your keys — as a safety net. If you lose your passkey, the backup lets you recover your funds at [recovery.clkd.xyz](https://recovery.clkd.xyz). See [Account Recovery](/docs/recovery) for full details.
Even with a backup, keeping your passkey synced is important — it's your primary access method for day-to-day use.
Before signing out or switching devices, make sure your passkey is **synced to a cloud-backed password manager** so it's available on all your devices.
### Checking your passkey is synced
#### Apple (iCloud Keychain)
1. Open **Settings** on your iPhone, iPad, or Mac.
2. Tap **Passwords** (or search for it).
3. Search for **Cloaked** or your Cloaked domain.
4. Confirm you see a passkey entry — if it's there, it's synced across all your Apple devices signed into the same iCloud account.
iCloud Keychain syncs passkeys automatically. If you registered your passkey on an Apple device and iCloud Keychain is enabled, you're all set.
#### Google (Google Password Manager)
1. Go to [passwords.google.com](https://passwords.google.com) or open **Settings > Passwords** on your Android device.
2. Search for **Cloaked**.
3. Confirm you see a passkey entry — if it's there, it's synced across all your devices signed into the same Google account.
Google Password Manager syncs passkeys across Android devices and Chrome on desktop.
#### Other password managers
Some third-party password managers (1Password, Dashlane, etc.) also support passkeys. Check your password manager's passkey section to confirm the Cloaked entry is stored there.
### What if I can't find my passkey?
If you're currently signed in but can't find your passkey in any password manager, your passkey may be stored only on your current device. This means it won't be available if you lose the device or factory reset it.
If you're unsure, **stay signed in** until you can confirm your passkey is backed up. If you need help, contact support at [support@clkd.xyz](mailto\:support@clkd.xyz).
### Tips
* **Don't disable cloud sync** for your password manager — this is what keeps your passkey available across devices.
* **Stay signed in** if you're unsure whether your passkey is synced. You can always check later.
* **Test on another device** — the most reliable way to confirm sync is to try signing in from a different device.
## Privacy Policy
**Last Updated:** March 6, 2025
***
### About Us
Cloaked Technologies, Inc. ("Cloaked", "we", "us") operates services through clkd.xyz, app.clkd.xyz, recovery.clkd.xyz, api.clkd.xyz, clkd.id, and related domains. We serve as the data controller for personal data processed through our services. This policy applies to all users of Cloaked's web application, mobile application, APIs, and SDKs.
### 1. Personal Data We Collect
#### 1.1 Information You Provide
* **Passkey / WebAuthn credential metadata** — credential ID and public key (used for authentication)
* **Backup data** — encrypted and held by you; we do not retain a copy
* **ENS names or subdomains** you register through the service
* **Contact details** — email address, if you subscribe to updates, join a waitlist, or contact us (collected separately from your account data)
#### 1.2 Information Collected Automatically
* **Device and browser information** — user-agent, platform, screen size
* **IP address** — used for rate limiting and abuse prevention; not stored long-term
* **Session and authentication tokens** — for maintaining your authenticated session
* **Usage data** — pages visited, features used, error logs (for debugging and service improvement)
#### 1.3 Blockchain Data
* **Public wallet addresses** — including stealth addresses associated with your account
* **On-chain transaction data** — publicly available on supported EVM-compatible blockchains
* **Token balances and transaction history** — indexed from public blockchain data
Blockchain data is publicly accessible by nature. Our indexing of this data does not change its public status.
#### 1.4 Information We Do NOT Collect
* **Private keys** — your spending capability never leaves your device
* **PRF secrets or raw biometric data** — processed entirely on your device by the platform's WebAuthn implementation
* **PINs** — PINs are handled entirely on your device and are never transmitted to or stored by Cloaked
There is no obligation to provide personal data. However, the services cannot function without the data strictly necessary for their operation (e.g. passkey credentials for authentication).
### 2. How We Collect Information
We collect information through:
* Account creation and service usage
* Website and application interactions
* API and SDK usage
* Electronic correspondence with us
* Blockchain indexing (publicly available data)
### 3. Legal Basis and Purposes
We process your personal data on the following legal bases:
**Contract Performance** — To provide and operate the services, including authentication, stealth address management, transaction construction, balance tracking, and customer support.
**Consent** — For service analysis, personalization, newsletters, and promotional communications. You may withdraw consent at any time.
**Legitimate Interests** — To maintain and improve our infrastructure, develop new features, detect and prevent security threats, and ensure service reliability.
**Legal Compliance** — To comply with applicable laws and regulations, respond to legal requests, and enforce our Terms of Service.
### 4. Data Retention
We retain personal data for as long as it is needed for the purposes for which it was collected and in accordance with legal and regulatory requirements. When personal data is no longer necessary, it is deleted or anonymized.
Blockchain data is permanent by nature and cannot be deleted from public blockchains.
### 5. Data Recipients
We may share personal data with third-party service providers who assist in operating the services. These include:
* **Cloud infrastructure providers** (e.g. AWS, Hetzner) — for hosting and data storage
* **Blockchain RPC providers** (e.g. Alchemy) — for blockchain network access
* **Third-party protocols** (e.g. Uniswap) — for swap routing (only public blockchain data)
* **Analytics providers** — for usage analytics (if applicable)
Service providers receive access only to the data necessary for their specific function and are bound by confidentiality obligations.
### 6. Data Transfers
Personal data may be transferred to and processed in the United States, the European Union/EEA, and other jurisdictions. For transfers to jurisdictions that lack an adequacy decision, we implement appropriate safeguards, which may include standard contractual clauses or other approved transfer mechanisms.
### 7. Data Security
We implement reasonable technical and organizational security measures to protect your data against unauthorized access, manipulation, loss, or disclosure. These include encryption at rest and in transit, access controls, and regular security assessments.
Our passkey-based authentication model means there are no passwords to be compromised. Employees and service providers with data access are bound by confidentiality obligations and must comply with applicable data protection laws.
### 8. Cookies and Local Storage
We use:
* **Session cookies** — to maintain your authenticated session
* **Local storage** — for wallet state, preferences, and application data
* **Analytics cookies** — only with your consent
We do not use third-party tracking cookies.
### 9. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
**Right of Access** — Request a copy of the personal data we hold about you.
**Right to Rectification** — Request correction of inaccurate or incomplete personal data.
**Right to Erasure** — Request deletion of your personal data when it is no longer necessary or was unlawfully processed.
**Right to Restriction** — Request that we limit processing of your personal data in certain circumstances.
**Right to Data Portability** — Request that your personal data be provided to you or another controller in a structured, commonly used, machine-readable format.
**Right to Object** — Object to processing of your personal data based on legitimate interests.
**Right to Withdraw Consent** — Withdraw consent at any time for processing based on consent, including marketing communications.
**Right to Lodge a Complaint** — File a complaint with a supervisory data protection authority in your jurisdiction.
To exercise any of these rights, contact us at [dev@clkd.xyz](mailto\:dev@clkd.xyz). We may need to verify your identity before processing your request.
### 10. Third-Party Links and Services
Our services may contain links to third-party websites or services (e.g. ENS, Uniswap, Porto). We have no control over the content, privacy policies, or practices of these third-party services and assume no responsibility for them.
### 11. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
* **Right to Know** — You may request the categories and specific pieces of personal information we have collected about you.
* **Right to Delete** — You may request that we delete your personal information, subject to certain exceptions.
* **Right to Opt-Out** — You have the right to opt out of the "sale" or "sharing" of your personal information. **Cloaked does not sell or share your personal information** as defined under the CCPA.
* **Right to Non-Discrimination** — We will not discriminate against you for exercising any of your CCPA rights.
To exercise these rights, contact us at [dev@clkd.xyz](mailto\:dev@clkd.xyz).
### 12. Children's Privacy
The services are not intended for users under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.
### 13. Email Notifications
If you subscribe to our newsletter or updates, we will send communications based on your consent. These communications may contain tracking pixels to measure open rates and engagement. You can unsubscribe at any time via the unsubscribe link in any email or by contacting us.
### 14. Changes to This Policy
We may update this Privacy Policy from time to time. Changes become effective upon posting to our website. Where changes are material, we will make reasonable efforts to notify you (e.g. via email or an in-app notice).
### 15. Contact Us
For questions or requests regarding this Privacy Policy, contact us at:
**Cloaked Technologies, Inc.**
[dev@clkd.xyz](mailto\:dev@clkd.xyz)
## Account Recovery
Cloaked is self-custodial — your funds are secured by cryptographic keys that only you hold. How you back up and recover those keys depends on how you registered.
### Passkey users
Your spending and viewing keys are derived from your passkey via a biometric prompt. The keys only exist in memory during active use and are never stored.
**Two layers of protection:**
#### 1. Keep your passkey synced
Your passkey is your primary access method. Make sure it's synced to a cloud-backed password manager (iCloud Keychain, Google Password Manager, 1Password, etc.) so it's available across devices. See [Passkey Safety](/docs/passkey-safety) for detailed instructions.
#### 2. Create a backup
A backup is a password-encrypted file containing your spending and viewing keys. If you lose your passkey, you can use the backup and your password to recover your funds at [recovery.clkd.xyz](https://recovery.clkd.xyz).
**How to create one:**
* **After registration** — you'll be prompted to create a backup immediately after setting up your passkey.
* **From Settings** — open the account menu, go to **Settings > Backup**, and follow the prompts. You'll verify with your passkey, then set a backup password.
**What the backup does:**
* Lets you recover your funds if you lose access to your passkey
* The backup file is encrypted with your chosen password (min 12 characters)
* Decryption and fund recovery happen at [recovery.clkd.xyz](https://recovery.clkd.xyz)
**What the backup does NOT do:**
* It does not reinstate a lost passkey — you would need to create a new passkey and re-register
* It does not give Cloaked access to your keys — the file is encrypted on your device before export
**Tips:**
* Store the backup file somewhere safe (cloud drive, USB, password manager)
* Use a strong, unique password and store it separately from the backup file
* You can create a new backup at any time from Settings
### Wallet + PIN users
Your spending and viewing keys are derived from a signature produced by your connected wallet, combined with your 4-digit PIN. Every time you authorize an action, Cloaked asks your wallet to sign a deterministic message (incorporating your PIN) and re-derives your keys from the result.
**What you need to back up:**
| What | Why |
| ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------- |
| **Wallet seed phrase / private key** | Your wallet produces the signature that derives your Cloaked keys. If you lose your wallet, you lose access. |
| **PIN** | The PIN is combined with your wallet address to construct the signing message. Without the correct PIN, the derived keys will be different. |
Cloaked does not store your PIN or your wallet's private key. Both must be backed up independently.
**Tips:**
* Follow your wallet provider's backup instructions (seed phrase, hardware wallet, etc.)
* Store your PIN securely — a password manager is a good option
* If you forget your PIN, there is no reset mechanism; your funds would only be recoverable if you can guess the correct 4-digit combination
### What if Cloaked goes offline?
Your funds remain safe onchain regardless of Cloaked's availability. You can always recover your keys independently and access your stealth addresses using the open-source [Cloaked SDK](https://github.com/cloakedxyz/clkd-stealth) or the [recovery tool](https://recovery.clkd.xyz). See [FAQs](/docs/faq#what-happens-if-cloaked-goes-offline) for more details.
### Summary
| | Passkey | Wallet + PIN |
| ------------------ | ---------------------------------------------- | ------------------------------------------- |
| **Primary access** | Passkey (biometric) | Wallet + PIN |
| **Backup method** | Backup (encrypted file) | Wallet seed phrase + PIN |
| **Recovery tool** | [recovery.clkd.xyz](https://recovery.clkd.xyz) | Re-connect wallet, enter PIN |
| **Risk if lost** | No passkey + no backup = permanent loss | No wallet + no seed phrase = permanent loss |
## Swaps & Bridging
Cloaked lets you swap tokens and bridge assets cross-chain directly from your stealth addresses, powered by [Uniswap](https://docs.uniswap.org/).
### How It Works
1. **Preview** — Enter a token pair and amount to see expected output, minimum received (after slippage), and estimated fees. No funds are locked.
2. **Quote** — Cloaked selects stealth addresses to fund the swap, locks those funds, and returns a time-limited quote.
3. **Confirm** — Sign with your passkey or wallet to submit the transaction.
### Supported Operations
| Operation | Description |
| ----------------- | -------------------------------------------------------------------------- |
| **Swap** | Exchange one token for another on the same chain (e.g. USDC → ETH on Base) |
| **Bridge** | Move tokens across chains (e.g. ETH on Ethereum → ETH on Base) |
| **Wrap / Unwrap** | Convert between ETH and WETH |
### Fees
* **Network fee** — Covers gas for the swap. Varies by route complexity and gas prices. Like sends, fees can be paid in-kind (e.g. pay with USDC when swapping USDC → ETH).
* **Cloaked fee** — 0.85% of the input amount, included in the quoted price.
Both fees are displayed before you confirm.
### Slippage
Slippage is the difference between the quoted price and the execution price. Prices can move between when you submit and when the transaction confirms.
Cloaked offers preset tolerances (0.1%, 0.5%, 1%) or a custom value up to 5%. Higher tolerance means the swap is more likely to succeed in volatile conditions but you may receive fewer tokens. Lower tolerance protects your price but the swap may fail if the market moves.
The **minimum received** amount in the quote reflects your slippage setting.
### Bridging
When input and output tokens are on different chains, Cloaked automatically routes through a bridge (e.g. [Across](https://across.to/)). The same fees apply — network fee plus 0.85% Cloaked fee. The UI shows estimated fill time; bridge transactions may take a few minutes to arrive on the destination chain.
## Terms of Service
**Last Updated:** March 6, 2025
***
### 1. Scope
Cloaked Technologies, Inc. ("Cloaked", "we", "us") offers services through clkd.xyz, app.clkd.xyz, recovery.clkd.xyz, api.clkd.xyz, clkd.id, and related domains. By accessing or using any Cloaked service, you agree to be bound by these Terms. If you do not agree, you must stop using the services immediately.
### 2. Services
Cloaked provides a non-custodial wallet application and developer infrastructure for stealth address payments on supported EVM-compatible networks. Our services include:
* Sending and receiving tokens via stealth addresses
* Stealth address generation, scanning, and balance tracking
* Passkey-based (WebAuthn / PRF) and PIN-based authentication
* Token swaps via third-party protocols (e.g. Uniswap)
* ENS subdomain registration and management
* Encrypted backup generation
* Developer APIs and SDKs for stealth address integration
Your funds and access keys are self-custodial — only you can access and control them. Automated or bot-driven account creation is prohibited. You are responsible for securing your account credentials and all activity conducted through your account. You must be at least 18 years old to use the services.
### 3. Rights and Obligations of Cloaked
We provide the services using reasonable care and skill and maintain our infrastructure free from known malicious software. We perform regular maintenance but do not guarantee that the services are error-free or available without interruption.
We may suspend or restrict access to specific accounts if we reasonably suspect illegal or fraudulent activity, or if required by applicable law. Because we do not collect personally identifiable information, restrictions apply to accounts, not individuals.
We reserve the right to modify these Terms and the services. Where reasonably possible, we will notify you of material changes before they take effect.
**Cloaked explicitly does not:**
* Offer custody of your funds or access to your private keys
* Provide key recovery services (recovery is your responsibility via your backup)
* Verify, endorse, or guarantee any transaction
* Provide financial, investment, accounting, tax, or legal advice
* Engage in regulated financial activities
### 4. Rights and Obligations of the User
You must comply with all applicable laws and regulations when using the services. You may not:
* Circumvent or attempt to bypass any security or access controls
* Use the services for any unlawful purpose, including money laundering, terrorist financing, or sanctions evasion
* Access the services via automated systems, bots, or scrapers without our written permission
* Reverse engineer, decompile, or derive the source code of any proprietary part of the services
* Engage in data mining or data harvesting of non-public service data
* Sublicense, resell, or redistribute the services without written permission
* Interfere with the services or other users' use of the services
You acknowledge the inherent risks of blockchain technology, including but not limited to smart contract vulnerabilities, network congestion, and potential complete loss of funds.
### 5. User Representations
By using the services, you represent and warrant that you:
* Are not subject to economic or trade sanctions administered or enforced by the United States, including those maintained by the Office of Foreign Assets Control (OFAC), or any other applicable jurisdiction
* Have fully read and understood these Terms
* Are of legal age in your jurisdiction and have the capacity to enter into a binding agreement
### 6. Non-Custodial Nature
Cloaked is a non-custodial service. We never hold, control, or have access to your private keys or spending capability. The spending capability never leaves your device. Transactions are executed on-chain and are irreversible once confirmed.
You are solely responsible for:
* Securing your passkeys, PIN, and backup
* Verifying all transaction details before signing
* Maintaining copies of your backup in a safe location
Lost passkeys or backups may result in permanent, irrecoverable loss of access to your funds. We cannot recover your account or funds.
### 7. Supported Networks and Tokens
The services currently operate on supported EVM-compatible networks. Network and token availability may change without notice. We do not endorse any specific token or project.
### 8. Swaps
Token swaps are routed through third-party protocols (e.g. Uniswap). Slippage, price impact, and third-party protocol fees apply. Cloaked charges a service fee on swaps (currently 0.85%), which is disclosed before transaction execution and may be updated from time to time. We do not guarantee swap execution, pricing, or availability.
### 9. Fees
* Network (gas) fees are paid by the user for all on-chain transactions (sends, swaps, etc.)
* Third-party protocol fees (e.g. Uniswap) are determined by those protocols
* Cloaked charges a service fee on swaps (currently 0.85%), which is subject to change; no service fee is charged on sends
* All fees are disclosed before transaction execution
* On-chain gas market conditions may cause any transaction to fail; failed or reverted transactions may still incur gas fees
* Except where prohibited by law, all fees are non-refundable
### 10. API and SDK Usage
Access to Cloaked's APIs and SDKs requires an API key issued by Cloaked. By using our APIs or SDKs, you agree to the following:
* API keys are issued at our sole discretion and are non-transferable. You may not share, publish, or embed your API key in client-side code or publicly accessible repositories.
* All API endpoints are subject to rate limits. You must not attempt to circumvent, exceed, or abuse these limits.
* We reserve the right to revoke, suspend, or restrict any API key at any time, for any reason, including but not limited to suspected abuse, violations of these Terms, or excessive usage.
* You are responsible for all activity that occurs under your API key and for ensuring that your integration complies with these Terms and all applicable laws.
* If you build products or services that use Cloaked's APIs, you are responsible for your end-users' compliance with these Terms. You must not use the APIs to facilitate activity that would violate these Terms if performed directly.
* We may modify, deprecate, or discontinue API endpoints at any time. Where reasonably possible, we will provide advance notice of breaking changes.
* API availability is provided on an "as is" basis. We do not guarantee uptime, latency, or throughput for any API endpoint.
### 11. Termination
Either party may terminate the relationship at any time. You may stop using the services at any time. We may suspend or terminate your access for violations of these Terms.
Due to the non-custodial nature of the service, your funds remain accessible on-chain regardless of termination. You can always access your stealth addresses using your backup and our open-source tools.
Termination does not affect any rights or obligations that have accrued prior to termination.
### 12. Intellectual Property
All intellectual property rights in the services remain with Cloaked. Open-source components are governed by their respective licenses. Cloaked owns the clkd.eth ENS domain and all subdomains issued under it. We reserve the right to revoke, suspend, or discontinue any subdomain at any time, including if the associated account violates these Terms.
### 13. Disclaimers
The services are provided "as is" and "as available" without warranties of any kind, whether express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.
We do not warrant that:
* The services will be uninterrupted, timely, secure, or error-free
* Blockchain networks will be available or function correctly
* Any information provided through the services is accurate or complete
Nothing in the services constitutes financial, investment, tax, or legal advice.
### 14. Limitation of Liability
To the maximum extent permitted by applicable law, Cloaked is liable only for damages caused by gross negligence or willful misconduct. Neither party may recover any amount with respect to loss of profit, data, goodwill, or other indirect, incidental, consequential, or punitive damages.
This includes, without limitation, losses arising from:
* Failed, delayed, or misdirected transactions
* Smart contract bugs or vulnerabilities
* Blockchain network outages or reorganizations
* Third-party protocol failures (e.g. Uniswap, bridge providers)
* Loss of access due to lost passkeys or backups
Force majeure events (including but not limited to natural disasters, war, pandemic, government action, or blockchain network failures) exempt performance obligations.
### 15. Indemnification
You agree to indemnify, defend, and hold harmless Cloaked and its officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses arising from your use of the services or violation of these Terms.
### 16. Privacy
Your use of the services is also governed by our [Privacy Policy](/docs/privacy), which describes how we collect, use, and protect your information.
### 17. Governing Law and Dispute Resolution
These Terms are governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of laws principles.
**Mandatory Arbitration.** Any dispute, claim, or controversy arising out of or relating to these Terms or the services ("Dispute") shall be resolved exclusively by binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. The arbitration shall be conducted by a single arbitrator in Wilmington, Delaware. The arbitrator's decision shall be final and binding and may be entered as a judgment in any court of competent jurisdiction.
**Class Action Waiver.** You agree that any Dispute shall be brought in your individual capacity only, and not as a plaintiff or class member in any purported class, consolidated, or representative action. The arbitrator may not consolidate more than one person's claims and may not preside over any form of class or representative proceeding.
**Exceptions.** Either party may seek injunctive or other equitable relief in any court of competent jurisdiction to prevent the actual or threatened infringement of intellectual property rights. Claims eligible for small claims court in Delaware may be brought there instead of arbitration.
**Opt-Out.** You may opt out of this arbitration and class action waiver provision by sending written notice to [dev@clkd.xyz](mailto\:dev@clkd.xyz) within 30 days of first accepting these Terms. If you opt out, Disputes shall be subject to the exclusive jurisdiction of the state and federal courts located in Delaware.
### 18. Miscellaneous
* If any provision of these Terms is found to be unenforceable, the remaining provisions continue in full force and effect.
* You may not assign your rights or obligations under these Terms without our prior written consent.
* These Terms constitute the entire agreement between you and Cloaked regarding the services.
* Our failure to enforce any right or provision does not constitute a waiver of that right or provision.
* Links to third-party websites or services do not imply endorsement or responsibility for their content or practices.
### 19. Contact
For questions about these Terms, contact us at [dev@clkd.xyz](mailto\:dev@clkd.xyz).
## Using Cloaked
import { BucketAnimation } from '../../components/BucketAnimation';
import { APP_URL } from '../../lib/constants';
Your onchain payments, your business.
Cloaked is a mobile wallet and API that integrates modern privacy standards into everyday onchain activity. Users always retain direct control of their funds. There are three ways to use it:
* **Browser wallet** — The primary Cloaked client. Register with a passkey or existing wallet, then send and receive with stealth addresses from any browser.
* **API & SDK** — Programmatic access for server-to-server integrations, agents, and automated operations.
* **Farcaster mini-app** — Use Cloaked directly inside Farcaster, where onchain balances are publicly visible.
{
e.currentTarget.style.backgroundColor = '#6B3DEF';
}}
onMouseLeave={(e) => {
e.currentTarget.style.backgroundColor = '#7B4DFF';
}}
>
Open Cloaked App ↗
### Registration
Registration takes three steps:
1. **Create a passkey or connect a wallet** — A biometric prompt (Face ID, fingerprint, or Windows Hello) creates a passkey bound to Cloaked. Alternatively, you can connect an existing wallet (MetaMask, Rabby, etc.) and sign a message. Either way, this produces the secret used to derive your stealth address keys. See [Authentication Methods](/docs/developers#authentication-methods) for more on supported options.
2. **Authenticate** — Cloaked performs [Sign-In with Ethereum](https://login.xyz/) (SIWE) using an address derived from your private spending key. This happens automatically — your identity and your original passkey or wallet address are never sent to the server.
3. **Choose your ENS subdomain** — Pick a unique subdomain (e.g. `username.clkd.eth`) that others will use to send you funds.
### Receiving Funds
Each time someone sends funds to your ENS name, a fresh stealth address is automatically generated for that payment.
You can also share a direct payment page at `.clkd.id`. Each time the page is loaded it generates a new stealth address, so every payment link is unique.
Example of the shareable payment page for `satoshi.clkd.id`
Your aggregated balance across all stealth addresses is displayed automatically, so you always have a single view of your total funds.
### Sending Funds
To send funds:
1. **Enter amount and destination** — Select the asset and chain, enter the amount, and provide the destination address.
2. **Review the quote** — Cloaked optimizes input selection across your stealth addresses to cover the amount, calculates the required fees, and routes any change to a new stealth address.
3. **Confirm** — Authenticate with your passkey (biometric prompt) or wallet to sign the transaction.
4. **Transaction submitted** — Once signed, the transaction is relayed onchain.
### Fees
Cloaked calculates transaction fees that include onchain gas costs. Fees are automatically calculated and displayed before you confirm any transaction, so you always know what you'll pay upfront.
#### How Fees Work
Fees include the cost of executing transactions on the blockchain. Cloaked uses [Porto](https://porto.sh/) smart accounts, which require gas to execute actions.
Fees can be paid in-kind. For example, if you're sending an ERC20 token and your account doesn't have ETH, the token itself can be used to pay the transaction fee. This makes it easier to send tokens without needing to maintain a separate ETH balance for gas.
#### Transaction Complexity
When you send funds, Cloaked may need to combine balances from multiple stealth addresses. Transactions that require combining funds from more addresses will have higher fees due to the additional onchain operations needed. Cloaked automatically optimizes the selection of addresses to minimize fees while ensuring you have sufficient funds to cover both the send amount and fees.
Any leftover funds after covering the send amount and fees are automatically routed to a new stealth address. This happens automatically to preserve your privacy by avoiding address reuse.
#### What You See
Before confirming any transaction, Cloaked shows you a quote that includes:
* **Send amount** — The amount you're sending to the destination
* **Fee** — The estimated transaction fee
* **Total required** — Send amount + fee
This gives you full transparency into the costs before you commit to the transaction.
### API & SDK
Cloaked exposes a REST API for programmatic access to stealth address payments. The SDK wraps the API for common operations like generating payment addresses, fetching quotes, and sending transactions.
This is useful for server-to-server integrations, autonomous agents, and automated operations. See the [API Reference](/docs/api-reference) for endpoints and the [Developers](/docs/developers) page for details on API keys, team accounts, and authentication.
### Farcaster Mini App
Cloaked is also available as a Farcaster mini-app. Crypto social platforms associate usernames and social graphs with onchain addresses, making balances and transaction history easy to inspect. The mini-app gives you the same stealth address privacy, accessible directly within Farcaster.
