← Back to homepage
MASK·BEFORE·AI

Privacy Policy

Last updated: February 2026

1. Data Controller

Kisum GmbH
Sonnwendjochstr. 6
81825 München, Germany
Email: info@ki-sum.ai

2. What Data We Collect

2.1 Browser Extension

The MaskBeforeAI browser extension processes images entirely locally in your browser. No images, personal data, or metadata are transmitted to any server. There are no analytics, no tracking, and no cookies within the extension. Your data never leaves your device.

2.2 License Activation (Pro/Lifetime)

When you purchase a Pro or Lifetime license, payment is handled by Lemon Squeezy (see Section 4). During activation, your license key is sent to the Lemon Squeezy API for validation. Your email address is collected by Lemon Squeezy during the purchase process.

2.3 Website

Our website (mask.ki-sum.ai) does not use cookies or analytics tracking. Standard server access logs (IP address, timestamp, user-agent, requested URL) are collected by the hosting provider as part of normal web server operation.

2.4 Contact

When you contact us via email at info@ki-sum.ai, we store your email address and message content for the purpose of processing your inquiry.

3. Legal Basis for Processing

  • Art. 6(1)(b) GDPR — Contract performance: Processing necessary for paid tier license activation and customer support.
  • Art. 6(1)(f) GDPR — Legitimate interest: Server access logs for website security and operation.

4. Data Processors

Lemon Squeezy

Lemon Squeezy, LLC acts as Merchant of Record for all payments. They handle payment processing, invoice generation, VAT calculation, and license key management.

Lemon Squeezy privacy policy: https://www.lemonsqueezy.com/privacy

GitHub (Microsoft)

We use GitHub for code hosting and issue tracking. If you open an issue or contribute to the project, your GitHub username and any information you include will be publicly visible.

5. Data Retention

  • Purchase data: Retained for 6–10 years as required by German tax law.
  • Contact emails: Deleted after your inquiry has been resolved, unless retention is required by law.
  • Server access logs: Retained per hosting provider policy, typically 7–30 days.

6. Your Rights (Art. 15–21 GDPR)

You have the right to:

  • Access (Art. 15) — Request a copy of your personal data.
  • Rectification (Art. 16) — Correct inaccurate data.
  • Erasure (Art. 17) — Request deletion of your data.
  • Restriction (Art. 18) — Restrict processing of your data.
  • Data Portability (Art. 20) — Receive your data in a structured, machine-readable format.
  • Objection (Art. 21) — Object to processing based on legitimate interest.

To exercise any of these rights, contact us at info@ki-sum.ai.

7. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for our company is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach, Germany
https://www.lda.bayern.de

8. Automated Decision-Making

We do not use automated decision-making or profiling as defined by Art. 22 GDPR.