Privacy Policy Overview
At Mask.ad, your anonymity is our highest priority. Our policy is simple: we never store activity logs or metadata, and we minimize data retention to the greatest extent possible.
However, in certain situations—such as payments via bank transfer, support emails, or error reporting—we may process limited personal data. In these cases, the General Data Protection Regulation (GDPR) and other data protection laws may apply.
Purpose and Legal Basis for Processing
Payments
We process payment information to provide our services, issue refunds, and fulfill legal accounting obligations. Processing for service delivery and refunds is based on contractual necessity. Accounting data is processed to comply with legal requirements.
Support and Problem Reporting
If you contact us via email we process the information to provide support and resolve issues. This processing is based on our legitimate interest in helping our users.
Categories of Personal Data
We only access certain personal data through our payment service providers and do not store this data outside of those systems unless absolutely necessary.
Payment Information
Bank Wire: Name, address, bank account number, and your Mask.ad account number.
PayPal: Transaction ID, name, country of origin, and email address.
Swish: Swish ID, name, and phone number.
Stripe: Charge ID, card expiration date, last four digits of the card, card type, and country of origin.
Note: To maintain full anonymity, avoid bank wire payments as they may link your identity to your Mask.ad account.
Support and Problem Reports
Email Support: Email address and any information you include in the message.
App Reports: Redacted program logs, app version, and operating system. We never collect IP addresses, account numbers, or other personally identifiable information. Please avoid entering personal data in the app’s problem reports.
Data Retention Periods
Payment Data
Payment-related data is retained for up to 40 days to handle refunds and transaction issues. Some data must be stored for up to 7 years in accordance with the Swedish Accounting Act. After the required period, data is permanently deleted.
Support Data
Support emails and reports are archived upon resolution. All support data is automatically deleted six months after closure.
Third-Party Recipients
We only share data with trusted third-party service providers who assist with payment processing. These partners are contractually bound to maintain confidentiality and data protection standards.
Data Storage Location
All personal data is stored and processed within the EU/EEA. We do not transfer your data to third countries.
Automated Decision-Making
We do not use any form of automated decision-making or profiling.
Your Rights Under the GDPR
You may have the right to:
Access your personal data
Request corrections or deletion
Restrict processing
Object to processing
Request data portability
Please note that, because we store minimal data, we often cannot fulfill such requests—especially when identification would require disproportionate effort as outlined in Article 11 of the GDPR.
You also have the right to file a complaint with the Swedish Authority for Privacy Protection (IMY): www.imy.se
To exercise your rights, please contact us at: support@mask.ad
Note: Exercising some rights may limit our ability to assist with things like refunds or account recovery.
Data Controller
Mask.ad AB
For GDPR-related questions or requests, please contact: support@mask.ad
Policy Updates
We may update this Privacy Policy periodically. The latest version will always be published on our website.
