Privacy Policy

Last updated: 2026-03-14

1. Data Controller

The data controller is:
Portalix UG (haftungsbeschränkt)
Thalkirchner Str. 103
81371 Munich, Germany
Managing Director: Stefan Böck
Email: hello@saklam.com

2. Overview of Data Processing

2.1 Saklam Platform (Web Chat, Desktop App)

Saklam is a platform for masking personally identifiable information (PII) before using AI services. Masking follows a Zero Knowledge principle: PII detection and masking takes place entirely in your browser or locally on your device. Our servers only ever receive already-masked data.

Masking is performed by the saklam-pii library, which uses:

  • BERT-based Named Entity Recognition (NER) for detecting names, locations, and organizations
  • Over 430 regular expressions (regex) for detecting structured PII (email addresses, phone numbers, IBAN, tax IDs, etc.)

Important: Due to local processing, your personal data never leaves your device in unmasked form. The Saklam server only sees placeholder tokens (e.g. [NAME_1], [EMAIL_1]).

2.2 What data is collected?

When using Saklam, the following data may be collected:

  • Server log files: IP address, browser type, operating system, referrer URL, time of access
  • User account: Email address, selected plan, payment information (processed by Stripe)
  • Chat usage (Web Chat): Only masked texts (tokens). Plain text data is processed locally in your browser and never transmitted to our servers.
  • Local storage (localStorage): Chat histories, masking mappings, and user settings are stored in your browser's localStorage and never transmitted to our servers.

2.3 Legal Basis

Your data is processed based on the following legal grounds:

  • Art. 6(1)(b) GDPR (Contract performance): For providing the Saklam service and processing your subscription.
  • Art. 6(1)(f) GDPR (Legitimate interest): For server log files to ensure operation and security.

3. Server Log Files

The provider of this website automatically collects and stores information in server log files, which your browser automatically transmits. These are:

  • Browser type and version
  • Operating system used
  • Referrer URL (previously visited page)
  • Hostname of the accessing computer
  • IP address (anonymized or truncated)
  • Time of server request

Retention period: Server log files are automatically deleted after 7 days.

4. PII Masking (Zero Knowledge)

The core product of Saklam is masking personal data before transmission to AI services.

4.1 Web Chat (chat.saklam.com)

In the Web Chat, PII detection and masking takes place entirely in your browser using the JavaScript library saklam-pii. This library runs a BERT NER model and over 430 regex patterns locally in your browser (WebAssembly / ONNX Runtime).

Data flow:

  1. You enter text (which may contain personal data).
  2. saklam-pii detects and masks PII locally in your browser.
  3. In Review Mode, you can review and adjust the masking before sending.
  4. Only the masked text is transmitted to our server.
  5. The server forwards the masked text to the selected AI service (via LiteLLM).
  6. The AI response is returned to your browser.
  7. Your browser unmasks the response locally (replaces tokens with original data).

Result: Our servers and the AI provider never see your personal data in plain text.

4.2 Desktop App

The Desktop App performs all processing locally on your device. No plain text data is transmitted to Saklam servers. Communication with AI services occurs directly from your device, either via your own API key (BYOK) or via the Saklam proxy.

4.3 Local Storage

Chat histories, masking mappings, and settings are stored exclusively in your browser's localStorage. This data is never transmitted to our servers. You can delete this data at any time via your browser settings.

5. AI Routing (LiteLLM)

For routing masked requests to AI services, we use LiteLLM as a routing layer on our EU servers. LiteLLM only forwards already-masked texts. Supported AI providers include:

  • Azure OpenAI (data center: Sweden, EU)
  • AWS Bedrock (data center: Frankfurt, EU)
  • Additional providers as per the current offering

Legal basis: Art. 6(1)(b) GDPR (contract performance). Since only masked data is transmitted, this does not constitute a transfer of personal data to third parties within the meaning of the GDPR.

6. Payment Processing (Stripe)

For payment processing, we use Stripe (Stripe Payments Europe, Ltd., Dublin, Ireland). When purchasing a subscription, your payment data is processed directly by Stripe. We do not store any credit card or bank details ourselves.

Stripe Privacy Policy: https://stripe.com/en-de/privacy

Legal basis: Art. 6(1)(b) GDPR (contract performance).

7. Hosting & SSL Encryption

This website and the Saklam servers are hosted in Germany (Hetzner Online GmbH / Noez GmbH). All data is transmitted encrypted (SSL/TLS).

8. Cookies & Local Storage

This website does not use tracking cookies. Only technically necessary session cookies are used (e.g., for language selection), which are automatically deleted at the end of your visit.

The Web Chat uses your browser's localStorage to store chat histories, masking mappings, and settings. This data remains exclusively on your device.

9. External Services

9.1 Simple Analytics (Web Analytics)

For website analytics, we use Simple Analytics (Simple Analytics B.V., Netherlands). Simple Analytics is a privacy-friendly analytics service that:

  • Does not use cookies
  • Does not collect personal data
  • Does not store IP addresses
  • Is GDPR-compliant without requiring consent

Simple Analytics Privacy Policy: https://simpleanalytics.com/privacy

9.2 Saklam Mask API

For the live demo on the website, the Saklam Mask API (api.saklam.com) is used. This service is hosted in Germany and processes entered texts only for masking, without storing them.

10. Retention Period

  • Server log files: 7 days
  • User account: Until the account is deleted by the user
  • Payment data: As required by statutory retention periods (6 or 10 years)
  • Chat histories (Web Chat): Exclusively in your browser's localStorage, no server-side storage
  • Session cookies: Until the browser is closed

11. Your Rights

You have the right at any time to:

  • Access (Art. 15 GDPR): What data do we have stored about you?
  • Rectification (Art. 16 GDPR): Correction of incorrect data
  • Erasure (Art. 17 GDPR): Deletion of your data
  • Restriction (Art. 18 GDPR): Restriction of processing
  • Data portability (Art. 20 GDPR): Export of your data in a common format
  • Object (Art. 21 GDPR): Object to processing

Contact for data protection inquiries:
Email: hello@saklam.com

12. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority about our processing of personal data.

Competent authority:
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, 91522 Ansbach, Germany
Phone: +49 (0) 981 180093-0
Email: poststelle@lda.bayern.de

13. Changes to this Privacy Policy

We reserve the right to adapt this privacy policy to comply with changed legal requirements or changes to our service. The current version can always be found on this page.

← Back to Home