← Back to homepage
MASK·BEFORE·AI

Privacy Policy

Last updated: March 9, 2026

KI·SUM·AI - Kisum GmbH (“we”, “us”, “our”) operates the MaskBeforeAI browser extension and the website mask.ki-sum.ai. This privacy policy explains how we handle your data.

The short version: MaskBeforeAI processes everything locally in your browser. We do not collect, store, or transmit your personal data.

1. Data Controller

KI·SUM·AI - Kisum GmbH
Sonnwendjochstr. 6
81825 München, Germany
Email: info@ki-sum.ai

2. What Data We Collect

None. The MaskBeforeAI extension does not collect, store, or transmit any personal data. All image and document processing happens entirely within your browser using the Canvas API. Your files never leave your device through our extension.

3. Local Processing

When you use MaskBeforeAI to mask sensitive areas in images or documents:

  • The file is loaded into an HTML Canvas element in your browser.
  • Redaction (blur, pixelate, or black box) is applied client-side using JavaScript.
  • The masked file replaces the original in the upload flow.
  • No copy of your file is sent to our servers or any third party.
  • We have no access to the content of your files at any point.

4. Browser Storage

The extension uses chrome.storage.sync to save your preferences, such as:

  • Whether the extension is enabled or disabled
  • Your preferred masking mode (blur, pixelate, or black box)
  • Whether file upload interception and paste interception are active
  • Custom keyword settings

This data is stored locally in your browser profile (and synced across your Chrome instances if you are signed in to Chrome). We cannot access this data.

5. Extension Permissions Explained

MaskBeforeAI requests the following browser permissions:

  • activeTab / host permissions: Required to intercept file uploads and paste events on supported AI platforms (ChatGPT, Claude, Gemini, Copilot, DeepSeek, Grok, Meta AI, Mistral, Perplexity).
  • storage: Required to save your extension preferences via chrome.storage.sync.
  • offscreen: Required to process multi-page documents (PDFs) in a background context.

These permissions are used solely for the extension’s core functionality. We do not use them to monitor your browsing activity or collect any data.

6. Error Reports

If an error occurs during extension operation, a technical error report may be sent to our server at mask.ki-sum.ai. These reports contain only:

  • Error type and stack trace
  • Extension version number
  • Browser type and version

Error reports do not contain any personal data, file contents, screenshots, or browsing history. They are used solely to identify and fix bugs.

7. Third-Party Services

Lemon Squeezy (Payment Processing)

If you purchase a Pro license, payment is processed by Lemon Squeezy, which acts as the Merchant of Record. Lemon Squeezy collects and processes your payment information (name, email, payment method) under their own privacy policy. We receive only your license key and email address to activate your subscription. We do not have access to your payment card details.

Lemon Squeezy privacy policy: https://www.lemonsqueezy.com/privacy

GitHub (Microsoft)

We use GitHub for code hosting and issue tracking. If you open an issue or contribute to the project, your GitHub username and any information you include will be publicly visible under GitHub’s privacy policy.

Supported AI Platforms

MaskBeforeAI operates on third-party AI platforms (ChatGPT, Claude, Gemini, Copilot, DeepSeek, Grok, Meta AI, Mistral, Perplexity). Each platform has its own privacy policy governing how they handle your uploads. Our extension only modifies files before they reach the platform — we are not responsible for how the platform processes your data after upload.

8. Cookies and Tracking

The MaskBeforeAI extension does not use cookies, analytics, or any form of tracking. The website mask.ki-sum.ai is a static page that does not use cookies or analytics scripts.

9. Legal Basis for Processing (GDPR)

  • Art. 6(1)(b) GDPR — Contract performance: Processing necessary for Pro license activation and customer support.
  • Art. 6(1)(f) GDPR — Legitimate interest: Technical error reports for maintaining extension stability and security.

10. Data Retention

Since we do not collect personal data through the extension, there is nothing to retain or delete. Specific retention periods:

  • Error reports (Section 6): Retained for up to 90 days, then automatically purged.
  • Purchase data: Retained for 6–10 years as required by German tax law (§ 147 AO).
  • Contact emails: Deleted after your inquiry has been resolved, unless retention is required by law.

11. Your Rights Under GDPR (Art. 15–21)

As a data subject, you have the following rights:

  • Right of access (Art. 15 GDPR) — Request information about any personal data we hold about you.
  • Right to rectification (Art. 16 GDPR) — Request correction of inaccurate data.
  • Right to erasure (Art. 17 GDPR) — Request deletion of your data.
  • Right to restrict processing (Art. 18 GDPR).
  • Right to data portability (Art. 20 GDPR).
  • Right to object (Art. 21 GDPR).

Since we do not collect personal data through the extension, these rights are inherently satisfied. If you have purchased a Pro license, you may contact us to inquire about or delete the email address associated with your license.

To exercise any of these rights, contact us at info@ki-sum.ai.

12. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for KI·SUM·AI - Kisum GmbH is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach, Germany
https://www.lda.bayern.de

13. Automated Decision-Making

We do not use automated decision-making or profiling as defined by Art. 22 GDPR.

14. Children’s Privacy

MaskBeforeAI is not directed at children under the age of 16. We do not knowingly collect any data from children.

15. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated “Last updated” date. We encourage you to review this page periodically.

16. Contact

If you have any questions about this privacy policy, please contact us:

KI·SUM·AI - Kisum GmbH
Sonnwendjochstr. 6
81825 München, Germany
Email: info@ki-sum.ai