Data & Privacy

This page is a documentation summary. For full legal terms, refer to the official privacy policy on the website.

1. Local-First Principle

Mask follows a local-first data strategy. By default, these items are stored on your local device:

API keys (local secure storage)
Conversation and translation history
Local settings and preferences

2. What Mask Servers Do Not Retain

Mask servers do not retain:

Your API keys
Your conversation history
Your screenshot source text or translated text

3. Third-Party Model Services

When you enable third-party models (such as OpenAI, Google Gemini, DeepSeek, Xiaomi Mimo, or remote Ollama), requests are sent to the selected provider.

Please note:

Each provider has its own privacy policy and retention rules.
Data processing by those providers is governed by their own terms.
Mask is not responsible for third-party provider data handling behavior.

4. Your Control

You can:

Delete local records anytime
Rotate or revoke API keys
Stop using any third-party model service

5. Recommended Security Practices

Do not expose full API keys in public environments.
Rotate high-privilege keys regularly.
Follow least-privilege principles when enabling API access.

1. Local-First Principle​

2. What Mask Servers Do Not Retain​

3. Third-Party Model Services​

4. Your Control​

5. Recommended Security Practices​

1. Local-First Principle

2. What Mask Servers Do Not Retain

3. Third-Party Model Services

4. Your Control

5. Recommended Security Practices