1. What DocMask never collects
- Document content (Word, Excel, PDF text, anything you import).
- Mapping vault contents (real names, phone numbers, IDs, custom keywords).
- AI prompts or AI responses you paste into the Restore feature.
- Custom rules, custom keyword lists, templates.
- File names, folder paths, document metadata.
- Telemetry, crash reports, usage events — none, ever.
- Account information — DocMask has no user accounts.
You can verify this by running DocMask with your network disconnected: redaction, restoration, batch processing all work the same.
2. What does leave your device, and why
| What | When | Where | Can you turn it off? |
|---|---|---|---|
| Update check (current version, OS family) | Once per day at app start | updates.docmask.app (Cloudflare) | Yes — Settings → Updates → Disable |
| Email you send to support | When you write to us | Our team mailbox (Cloudflare Email Routing → personal mailbox) | Yes — don't email us |
What about licence verification? Your licence token is signed by us off-device with an ed25519 private key. DocMask verifies the signature locally with an ed25519 public key embedded in the binary. The device-binding fingerprint is computed and stored entirely on your machine and is never transmitted anywhere — not even hashed. If we ever change this (e.g. add an opt-in revocation check), we will tell paying customers by email at least 14 days in advance and update this page.
3. The website (docmask.app)
This site is hosted on Cloudflare Pages. Cloudflare receives standard request logs (IP address, user agent, timestamp, requested URL) for security and abuse prevention; we do not have access to those logs except in aggregate counters.
We use Cloudflare Web Analytics, which is privacy-preserving and does not use cookies or fingerprinting. We do not run Google Analytics, Facebook Pixel, or any third-party tracker.
4. Purchases
When you buy a licence we store: your email address, the licence token we issued, the order date, and (if requested) the invoice name. We do not store payment-card information — that stays with the payment processor (during the email-checkout pilot, we never see card numbers either).
Retention: indefinitely while your licence is active, plus 5 years after deactivation, to honour Chinese accounting record-keeping rules. You can request earlier deletion (see section 6).
5. Lawful bases (GDPR / PIPL terminology)
- Performance of contract — to deliver the licence you bought.
- Legitimate interest — abuse prevention, security logs.
- Legal obligation — accounting and tax records.
- We do not rely on consent for anything beyond optional email contact, because we don't process any data that requires it.
6. Your rights
You can email hi@docmask.app to:
- Get a copy of every record we hold about you (typically: email address, order, licence token, support emails).
- Correct or delete your records (subject to the accounting retention exception above).
- Opt out of the update check (we'll explain how, no questions asked).
- Submit a complaint to your data protection authority. In China that is the Cyberspace Administration of China (网信办) and your local market regulation bureau.
We respond within 14 days, usually within 1–2 business days.
7. Children
DocMask is a B2B-style tool for professionals. We do not knowingly collect data from anyone under 14 (China) or 16 (EU). If you believe we have, email us and we will delete the records immediately.
8. Cross-border transfers
We are based in mainland China. Our infrastructure runs on Cloudflare global edge. The minimal data described in section 2 (current version number from the update check and any support emails you send us) may be processed outside your country. We do not transfer document content, mapping vaults or licence tokens, ever, because we never receive them.
9. Changes to this policy
We will update the "Effective from" line above when this policy changes. Material changes are announced on this page and to paying customers by email at least 14 days before they take effect.
Questions or requests? Email hi@docmask.app.
1. DocMask 永不收集的内容
- 文档内容(Word、Excel、PDF 文本,任何你导入的内容)。
- 映射 vault 内容(真实姓名、电话、身份证号、自定义关键词)。
- 你粘贴到"还原"功能里的 AI Prompt 与 AI 回答。
- 自定义规则、自定义关键词列表、模板。
- 文件名、文件夹路径、文档元数据。
- 遥测、崩溃报告、使用行为日志——一概没有。
- 账号信息——DocMask 没有任何账号系统。
你可以断网运行 DocMask 验证:脱敏、还原、批量处理都正常工作。
2. 哪些内容会离开你的设备,以及为什么
| 内容 | 触发时机 | 目的地 | 能否关闭 |
|---|---|---|---|
| 更新检查(当前版本号、操作系统大类) | 每天启动时一次 | updates.docmask.app(Cloudflare) | 可关 — 设置 → 更新 → 关闭 |
| 你发给客服的邮件 | 你主动联系我们时 | 我们团队邮箱(CF Email Routing → 个人邮箱) | 可控 — 不联系即可 |
关于 license 校验:你的 license token 由我们用 ed25519 私钥离线签发,DocMask 用内嵌在程序里的 ed25519 公钥本地验签。设备绑定指纹完全在你本机计算并保存,从不对外传输——连哈希也不传。如果未来我们要修改这一点(例如增加可选的吊销名单检查),我们会至少提前 14 天通过邮件通知付费用户并更新本页面。
3. 关于本网站(docmask.app)
本网站托管在 Cloudflare Pages。Cloudflare 会接收标准的请求日志(IP 地址、User-Agent、时间戳、请求 URL)用于安全与防滥用;我们除了聚合计数外无法访问这些日志。
我们使用 Cloudflare Web Analytics,它本身就是隐私保护型的:不使用 Cookie,不做指纹识别。我们不使用 Google Analytics、Facebook Pixel 或任何第三方追踪器。
4. 关于购买
当你购买 license 时,我们存储:你的邮箱、我们签发的 license token、订单日期、(如有要求)发票抬头。我们不存储支付卡信息——卡信息留在支付处理方那里(邮件下单试运行阶段,我们也看不到任何卡号)。
保留期:license 激活期间长期保留,停用后再保留 5 年(用于满足国内会计记录保存规则)。你可以申请提前删除(见第 6 条)。
5. 合法性基础(GDPR / 个保法术语)
- 履行合同——为你提供已购买的 license。
- 正当利益——防滥用、安全日志。
- 法定义务——会计与税务记录。
- 除可选的邮件联系外,我们不依赖"同意"作为合法性基础,因为我们不处理需要单独同意的数据。
6. 你的权利
你可以发邮件至 hi@docmask.app,要求:
- 导出我们持有的关于你的所有记录(通常包括:邮箱、订单、license token、客服往来邮件)。
- 更正或删除你的记录(受第 4 条会计保留期限制)。
- 关闭更新检查(我们会告诉你方法,不问理由)。
- 向数据保护主管机关投诉。在中国是国家网信办与你所在地市场监管部门。
我们在 14 天内响应,通常 1~2 个工作日内回复。
7. 未成年人
DocMask 是面向专业人士的 B2B 类工具。我们不会有意收集 14 岁以下(中国)或 16 岁以下(欧盟)人士的数据。如果你认为我们有,请发邮件,我们将立即删除相关记录。
8. 跨境数据传输
我们位于中国大陆。基础设施运行在 Cloudflare 全球边缘网络上。第 2 条所述的极少量数据(更新检查发送的版本号、你主动发给客服的邮件内容)可能在你所在国家境外被处理。我们绝不会传输文档内容、映射 vault 或 license token——因为我们根本不接收这些。
9. 政策变更
本政策变更时我们会更新页首的"自 X 起生效"。重大变更将在本页面公告,并对付费用户至少提前 14 天通过邮件通知。
问题或诉求?发邮件至 hi@docmask.app。