Privacy Policy

Last updated: 2026-06-26

1. Data Controller

The data controller is:
Portalix UG (haftungsbeschränkt)
Thalkirchner Str. 103
81371 Munich, Germany
Managing Director: Stefan Böck
Email: hello@saklam.com

2. Overview of Data Processing

2.1 Saklam Bridge

Saklam is software for masking personal data before using AI services. Masking follows a Zero Knowledge principle: Saklam Bridge runs entirely within the customer's infrastructure (on-premises). Detection, masking, and un-masking take place locally in the customer's system; our servers receive no content.

Masking is performed by the saklam-pii library, which uses:

  • BERT-based Named Entity Recognition (NER) for detecting names, locations, and organizations
  • Over 430 regular expressions (regex) for detecting structured personal data (email addresses, phone numbers, IBAN, tax IDs, etc.)

Important: Due to on-premises processing, your personal data never leaves the customer's system in unmasked form. Personal data is replaced by placeholder tokens (e.g. [NAME_1], [EMAIL_1]) before being transmitted to an AI service.

2.2 What data is collected?

When using Saklam, the following data may be collected:

  • Server log files: IP address, browser type, operating system, referrer URL, time of access
  • User account: Email address, selected plan, payment information (processed by Stripe)

2.3 Legal Basis

Your data is processed based on the following legal grounds:

  • Art. 6(1)(b) GDPR (Contract performance): For providing the Saklam service and processing your subscription.
  • Art. 6(1)(f) GDPR (Legitimate interest): For server log files to ensure operation and security.

3. Server Log Files

The provider of this website automatically collects and stores information in server log files, which your browser automatically transmits. These are:

  • Browser type and version
  • Operating system used
  • Referrer URL (previously visited page)
  • Hostname of the accessing computer
  • IP address (anonymized or truncated)
  • Time of server request

Retention period: Server log files are automatically deleted after 7 days.

4. Data Masking (Zero Knowledge)

The core product of Saklam is masking personal data before transmission to AI services.

4.1 Saklam Bridge (On-Premises)

When using Saklam Bridge, the entire software — masking, un-masking, and the LLM gateway — runs as a Docker container inside the customer's infrastructure. We process no personal data in this setup: no content, masking mappings, logs, or telemetry are transmitted to our servers. The customer is the sole controller for any processing within Saklam Bridge; requests to AI providers are sent directly from the customer's system using the customer's own API keys.

5. Payment Processing (Stripe)

For payment processing, we use Stripe (Stripe Payments Europe, Ltd., Dublin, Ireland). When purchasing a subscription, your payment data is processed directly by Stripe. We do not store any credit card or bank details ourselves.

Stripe Privacy Policy: https://stripe.com/en-de/privacy

Legal basis: Art. 6(1)(b) GDPR (contract performance).

6. Hosting & SSL Encryption

This website and the Saklam servers are hosted in Germany (Hetzner Online GmbH / Noez GmbH). All data is transmitted encrypted (SSL/TLS).

7. Cookies

This website does not use tracking cookies. Only technically necessary session cookies are used (e.g., for language selection), which are automatically deleted at the end of your visit.

8. External Services

8.1 Simple Analytics (Web Analytics)

For website analytics, we use Simple Analytics (Simple Analytics B.V., Netherlands). Simple Analytics is a privacy-friendly analytics service that:

  • Does not use cookies
  • Does not collect personal data
  • Does not store IP addresses
  • Is GDPR-compliant without requiring consent

Simple Analytics Privacy Policy: https://simpleanalytics.com/privacy

8.2 Cloudflare Turnstile (Bot Protection)

On the login and registration forms, we use Cloudflare Turnstile (Cloudflare Inc., San Francisco, USA) for protection against automated bot access. This involves transmitting IP address and browser data to Cloudflare.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in website security).

Cloudflare Privacy Policy: https://www.cloudflare.com/privacypolicy/

8.3 Mailgun (Email Delivery)

For sending transactional emails (verification, login links), we use Mailgun (Sinch Email, Pathé Building, Rijnsburgstraat 9-11, 1059 AT Amsterdam, Netherlands). This involves processing the recipient's email address. We use the EU endpoint (api.eu.mailgun.net).

Legal basis: Art. 6(1)(b) GDPR (contract performance).

Mailgun Privacy Policy: https://www.mailgun.com/legal/privacy-policy/

8.4 Demo Access (chat demo on our tool pages)

On our demo pages (was-sieht-die-ki.de, piidetector.com) you can request a time- and volume-limited demo access to an AI chat. For this we process your email address (delivery of a one-time confirmation code and allocation of the demo quota), a confirmation code (stored as a hash only, valid for 10 minutes) and a demo access key (budget/time limitation). Chat content itself is masked in your browser before it reaches an AI model; we do not store chat content.

If you additionally consented to receiving product information (separate checkbox), we also process your email address for that purpose; you can revoke this consent at any time (an email to hello@saklam.com suffices).

Legal basis: Art. 6(1)(b) GDPR (provision of the demo access); for product information Art. 6(1)(a) GDPR (consent). Retention: demo access data is deleted no later than 12 months after the demo access expires, unless consent for product information exists.

9. Retention Period

  • Server log files: 7 days
  • User account: Until the account is deleted by the user
  • Payment data: As required by statutory retention periods (6 or 10 years)
  • Session cookies: Until the browser is closed

10. Your Rights

You have the right at any time to:

  • Access (Art. 15 GDPR): What data do we have stored about you?
  • Rectification (Art. 16 GDPR): Correction of incorrect data
  • Erasure (Art. 17 GDPR): Deletion of your data
  • Restriction (Art. 18 GDPR): Restriction of processing
  • Data portability (Art. 20 GDPR): Export of your data in a common format
  • Object (Art. 21 GDPR): Object to processing

Contact for data protection inquiries:
Email: hello@saklam.com

11. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority about our processing of personal data.

Competent authority:
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, 91522 Ansbach, Germany
Phone: +49 (0) 981 180093-0
Email: poststelle@lda.bayern.de

12. Changes to this Privacy Policy

We reserve the right to adapt this privacy policy to comply with changed legal requirements or changes to our service. The current version can always be found on this page.