Privacy Policy

This policy covers the form you fill out before downloading and the cookie-less analytics on this site. The maskr app itself remains 100% offline — your documents are never sent to us. We aim to comply with the EU GDPR, California CCPA, and the Saudi Personal Data Protection Law (PDPL). Last updated: 2026-05-22.

1. What we collect

When you submit the download form, we receive:

• From you: the name and work email address you type.
• Automatically (from your browser at the moment of submission): IP address, approximate country (from your IP), browser user-agent string, referring page, and which release version you requested.

2. Why we collect it

• To understand who is using maskr and where it's needed.
• To reach out about enterprise features, support, or pricing when relevant.
• To prevent abuse of the download form (rate limiting).

3. What we do NOT collect

• No documents. The maskr desktop app and the in-browser web app process your files entirely on your device. Nothing is uploaded to us.
• No app telemetry. The installed app does not phone home — no usage analytics, no crash reports sent to us.
• No advertising trackers, no cross-site tracking, no Google Analytics. No data is sold, shared, or used for advertising.
• Cloudflare Web Analytics gives us aggregate page-view counts and country breakdowns. It is cookie-less, does not fingerprint your device, and does not track you across other websites — Cloudflare describes it as privacy-first by design. The only data collected is the aggregate kind you would expect on a static site: URL viewed, country, referrer, screen resolution, and user-agent.

4. How long we keep it

Lead records are kept for up to 24 months from collection, then deleted. You can request deletion at any time before that (see Section 7).

5. Who processes the data

Your form submission stays inside Cloudflare's infrastructure end-to-end:

• Cloudflare — hosts the site (Pages), stores the lead record (D1 database), provides the bot-protection challenge (Turnstile), delivers the notification email (Email Routing / Email Workers), and provides cookie-less Web Analytics for aggregate page-view counts.

No third-party email service, analytics provider, or marketing platform is involved. No data is sold, rented, or shared.

Cross-border transfer. Cloudflare is a global infrastructure provider, and your form data may be stored or processed at Cloudflare points of presence outside your country (including outside Saudi Arabia). Where the Saudi Personal Data Protection Law (PDPL) applies to you, by submitting the form you provide explicit consent to this transfer; Cloudflare's own data-protection commitments and security controls apply throughout.

6. Legal basis

We process your form submission on the basis of your consent, given by submitting the form — under the EU GDPR, the California CCPA, and the Saudi Personal Data Protection Law (PDPL) as applicable to you. You can withdraw consent at any time (see Section 7).

7. Your rights (GDPR / CCPA / Saudi PDPL)

Depending on where you are, you can ask us to:

• tell you what we hold about you (right to access / be informed),
• correct inaccurate data,
• delete your data (right to erasure / "destruction" under PDPL),
• send it to you in a portable form,
• restrict or object to further processing,
• withdraw your consent at any time.

Email [email protected] from the same address you used to download. We respond within 30 days. If you're in Saudi Arabia and feel your PDPL rights aren't being respected, you can also complain to the Saudi Data & AI Authority (SDAIA).

8. Changes to this policy

Material changes will be announced on the maskr landing page before they take effect. The "Last updated" date at the top reflects the latest revision.

9. Contact

For any privacy-related question: [email protected].