Privacy Policy

Last updated: 2026-03-14

1. Data Controller

The data controller is:
Portalix UG (haftungsbeschränkt)
Thalkirchner Str. 103
81371 Munich, Germany
Managing Director: Stefan Böck
Email: hello@saklam.com

2. Overview of Data Processing

2.1 Saklam Platform (Web Chat, Desktop App)

Saklam is a platform for masking personal data before using AI services. Masking follows a Zero Knowledge principle: Detection and masking of personal data takes place entirely in your browser or locally on your device. Our servers only ever receive already-masked data.

Masking is performed by the saklam-pii library, which uses:

  • BERT-based Named Entity Recognition (NER) for detecting names, locations, and organizations
  • Over 430 regular expressions (regex) for detecting structured personal data (email addresses, phone numbers, IBAN, tax IDs, etc.)

Important: Due to local processing, your personal data never leaves your device in unmasked form. The Saklam server only sees placeholder tokens (e.g. [NAME_1], [EMAIL_1]).

2.2 What data is collected?

When using Saklam, the following data may be collected:

  • Server log files: IP address, browser type, operating system, referrer URL, time of access
  • User account: Email address, selected plan, payment information (processed by Stripe)
  • Chat usage (Web Chat): Only masked texts (tokens). Plain text data is processed locally in your browser and never transmitted to our servers.
  • Local storage (localStorage): Chat histories, masking mappings, and user settings are stored in your browser's localStorage and never transmitted to our servers.

2.3 Legal Basis

Your data is processed based on the following legal grounds:

  • Art. 6(1)(b) GDPR (Contract performance): For providing the Saklam service and processing your subscription.
  • Art. 6(1)(f) GDPR (Legitimate interest): For server log files to ensure operation and security.

3. Server Log Files

The provider of this website automatically collects and stores information in server log files, which your browser automatically transmits. These are:

  • Browser type and version
  • Operating system used
  • Referrer URL (previously visited page)
  • Hostname of the accessing computer
  • IP address (anonymized or truncated)
  • Time of server request

Retention period: Server log files are automatically deleted after 7 days.

4. Data Masking (Zero Knowledge)

The core product of Saklam is masking personal data before transmission to AI services.

4.1 Web Chat (chat.saklam.com)

In the Web Chat, detection and masking of personal data takes place entirely in your browser using the JavaScript library saklam-pii. This library runs a BERT NER model and over 430 regex patterns locally in your browser (WebAssembly / ONNX Runtime).

Data flow:

  1. You enter text (which may contain personal data).
  2. saklam-pii detects and masks personal data locally in your browser.
  3. In Review Mode, you can review and adjust the masking before sending.
  4. Only the masked text is transmitted to our server.
  5. The server forwards the masked text to the selected AI service (via LiteLLM).
  6. The AI response is returned to your browser.
  7. Your browser unmasks the response locally (replaces tokens with original data).

Result: Our servers and the AI provider never see your personal data in plain text.

4.2 Desktop App

The Desktop App performs all processing locally on your device. No plain text data is transmitted to Saklam servers. Communication with AI services occurs directly from your device, either via your own API key (BYOK) or via the Saklam proxy.

4.3 Local Storage

Chat histories, masking mappings, and settings are stored exclusively in your browser's localStorage. This data is never transmitted to our servers. You can delete this data at any time via your browser settings.

5. AI Routing (LiteLLM)

For routing masked requests to AI services, we use LiteLLM as a routing layer on our EU servers. LiteLLM only forwards already-masked texts. Supported AI providers include:

  • Azure OpenAI (data center: Sweden, EU)
  • AWS Bedrock (data center: Frankfurt, EU)
  • Additional providers as per the current offering

Legal basis: Art. 6(1)(b) GDPR (contract performance). Since only masked data is transmitted, this does not constitute a transfer of personal data to third parties within the meaning of the GDPR.

6. Payment Processing (Stripe)

For payment processing, we use Stripe (Stripe Payments Europe, Ltd., Dublin, Ireland). When purchasing a subscription, your payment data is processed directly by Stripe. We do not store any credit card or bank details ourselves.

Stripe Privacy Policy: https://stripe.com/en-de/privacy

Legal basis: Art. 6(1)(b) GDPR (contract performance).

7. Hosting & SSL Encryption

This website and the Saklam servers are hosted in Germany (Hetzner Online GmbH / Noez GmbH). All data is transmitted encrypted (SSL/TLS).

8. Cookies & Local Storage

This website does not use tracking cookies. Only technically necessary session cookies are used (e.g., for language selection), which are automatically deleted at the end of your visit.

The Web Chat uses your browser's localStorage to store chat histories, masking mappings, and settings. This data remains exclusively on your device.

9. External Services

9.1 Simple Analytics (Web Analytics)

For website analytics, we use Simple Analytics (Simple Analytics B.V., Netherlands). Simple Analytics is a privacy-friendly analytics service that:

  • Does not use cookies
  • Does not collect personal data
  • Does not store IP addresses
  • Is GDPR-compliant without requiring consent

Simple Analytics Privacy Policy: https://simpleanalytics.com/privacy

9.2 Cloudflare Turnstile (Bot Protection)

On the login and registration forms, we use Cloudflare Turnstile (Cloudflare Inc., San Francisco, USA) for protection against automated bot access. This involves transmitting IP address and browser data to Cloudflare.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in website security).

Cloudflare Privacy Policy: https://www.cloudflare.com/privacypolicy/

9.3 Mailgun (Email Delivery)

For sending transactional emails (verification, login links), we use Mailgun (Sinch Email, Pathé Building, Rijnsburgstraat 9-11, 1059 AT Amsterdam, Netherlands). This involves processing the recipient's email address. We use the EU endpoint (api.eu.mailgun.net).

Legal basis: Art. 6(1)(b) GDPR (contract performance).

Mailgun Privacy Policy: https://www.mailgun.com/legal/privacy-policy/

9.4 Saklam Mask API

For the live demo on the website, the Saklam Mask API (api.saklam.com) is used. This service is hosted in Germany and processes entered texts only for masking, without storing them.

10. Browser Extension

The Saklam Browser Extension (Chrome Web Store, Firefox Add-ons) is a standalone tool for local masking of personal data directly in your browser. It operates entirely offline — with one exception (see 10.3).

10.1 Controller for User Content

Content you paste into the extension for masking is processed exclusively locally in your browser. Portalix UG never has access to this content.

If you paste texts containing personal data of third parties (e.g. client data, customer data), you are the Controller within the meaning of Art. 4(7) GDPR for that processing. The extension serves as a technical tool; no processing agreement under Art. 28 GDPR applies, as no data is transmitted to us.

10.2 Local Storage

The extension stores the following data locally in your browser (browser.storage.local):

  • Masking mappings (placeholder ↔ original value) for demasking masked texts. Automatic deletion after 24 hours, maximum 50 entries.
  • Usage statistics (number of maskings, timestamps of the last 7 days) for displaying an upgrade hint to Saklam Chat.

This data does not leave your browser. You can remove it at any time via the extension's settings ("Clear all") or by uninstalling the extension.

Legal basis: Art. 6(1)(b) GDPR (contract performance) for mappings, Art. 6(1)(f) GDPR (legitimate interest in UX improvement) for statistics.

10.3 AI Model Download (Saklam Server, EU)

For name and organisation recognition, the extension uses an AI model (Xenova/bert-base-NER, Apache 2.0 licensed) that is downloaded once on first launch from saklam.com (approx. 109 MB). After download, the model is cached in your browser's IndexedDB storage; subsequent use is fully offline.

The saklam.com servers are operated in Germany (Hetzner Online GmbH / Noez GmbH). No third-country transfer takes place.

At no time are text content, masked data, or masking results transmitted. The actual masking takes place exclusively locally in your browser. During the model download, only IP address, User-Agent, requested file and timestamp are — technically required for any web request — recorded in the server log file (see Section 3).

Legal basis: Art. 6(1)(b) GDPR (contract performance). Providing the AI model is technically necessary for the functionality you requested by installing the extension.

Right to object: You may uninstall the extension at any time; this also removes the cached AI model.

11. Retention Period

  • Server log files: 7 days
  • User account: Until the account is deleted by the user
  • Payment data: As required by statutory retention periods (6 or 10 years)
  • Chat histories (Web Chat): Exclusively in your browser's localStorage, no server-side storage
  • Session cookies: Until the browser is closed

12. Your Rights

You have the right at any time to:

  • Access (Art. 15 GDPR): What data do we have stored about you?
  • Rectification (Art. 16 GDPR): Correction of incorrect data
  • Erasure (Art. 17 GDPR): Deletion of your data
  • Restriction (Art. 18 GDPR): Restriction of processing
  • Data portability (Art. 20 GDPR): Export of your data in a common format
  • Object (Art. 21 GDPR): Object to processing

Contact for data protection inquiries:
Email: hello@saklam.com

13. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority about our processing of personal data.

Competent authority:
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, 91522 Ansbach, Germany
Phone: +49 (0) 981 180093-0
Email: poststelle@lda.bayern.de

14. Changes to this Privacy Policy

We reserve the right to adapt this privacy policy to comply with changed legal requirements or changes to our service. The current version can always be found on this page.

← Back to Home