Privacy Policy
The browser extension collects nothing. Zero telemetry. Zero accounts. Zero network requests carrying user data.
The desktop app (Pro) also processes everything locally, but connects to Stripe for payments, our licensing server for subscription validation, and our update server for new versions. Those are the only network connections, and none carry your scanned content.
This Policy Covers
| Product | Data Collection | Network Activity |
|---|---|---|
| BeatMask Extension (Free) | None. Zero data collection. | Extension updates via Chrome/Edge Web Store only. |
| BeatMask Pro (macOS) | None from scanned content. Stripe collects payment info. License ID stored for validation. | Stripe payments, license validation, software updates. No user content transmitted. |
| beatmask.com / beatmask.ai | No analytics, tracking, or cookies. | Standard HTTPS serving. No tracking scripts. |
Our Zero-Collection Principles
These principles apply to all BeatMask products—the browser extension, the desktop app, and the website.
Data We Collect
None. The BeatMask browser extension collects, stores, and transmits zero user data. Because the extension makes no outbound network requests carrying user data, this is an architectural guarantee, not merely a policy choice.
What We Do NOT Collect
- Your text, keystrokes, or clipboard content
- The sensitive values detected by our patterns (SSNs, API keys, credentials, medical records, or any other flagged content)
- Your browsing history, URLs, or page content
- IP addresses, device fingerprints, or advertising identifiers
- Cookies, web beacons, or tracking pixels
- Usage analytics, session recordings, or behavioral data
Simply put: we don’t know who you are, what you type, or what you paste.
Local Storage
BeatMask stores your user preferences (enabled/disabled patterns, sensitivity settings) using chrome.storage.local. This data lives entirely on your device. It is not synced to any cloud service, transmitted to any server, or accessible to us.
Network Activity
The only network activity associated with the extension is receiving updates through the Chrome Web Store or Microsoft Edge Add-ons standard update mechanism. These updates may include updated detection patterns and recognizer logic. Update delivery is managed by your browser’s built-in infrastructure—BeatMask does not operate its own update server for the extension or transmit any data during this process.
Extension Permissions
| Permission | Why We Need It | What It Does NOT Do |
|---|---|---|
| Content scripts | Injects detection scripts into input fields on supported AI platforms (including but not limited to ChatGPT, Claude, Gemini, Perplexity, DeepSeek, and Copilot) to scan text before submission. This is BeatMask’s core DLP functionality. | Does not read, record, or transmit page content. Does not access any website beyond the listed AI platforms. |
| clipboardRead | Scans copied text for sensitive data before you paste it into an AI platform. | Does not store, record, or transmit clipboard contents. Clipboard data is analyzed locally and discarded after each scan. |
| storage | Saves your preferences (enabled/disabled patterns, sensitivity settings) locally via chrome.storage.local. | Does not sync data to the cloud. Does not store scanned content or detection results. |
| activeTab | Allows the extension popup to display detection status for the current tab when you click the BeatMask icon. | Does not grant persistent access. Does not monitor tabs in the background. |
| nativeMessaging | Enables optional communication with the BeatMask Pro desktop app via a secured local Unix domain socket for enhanced ML-powered detection. Only active if BeatMask Pro is installed. | Does not communicate with any remote server. Does not transmit data over the network. All communication is local. See Part B: Chrome Extension Bridge. |
Permissions we do NOT request: <all_urls>, broad tabs, webRequest, webNavigation, cookies, debugger, history, bookmarks, or any other sensitive permission beyond those listed above.
Core Principle: Your Data Never Leaves Your Mac
BeatMask Pro is architected for local-only processing. All PII detection—including machine learning inference, pattern matching, and text analysis—runs entirely on your device. No clipboard content, scanned text, file contents, or detection results are ever transmitted to our servers or any third party.
Data Processed Locally on Your Device
The following data is processed and stored exclusively on your Mac. None of it is transmitted off-device.
Clipboard Monitoring
The app monitors your macOS clipboard to scan for sensitive information. When PII is detected at a high-confidence threshold, the app may automatically replace clipboard contents with a masked version. Original clipboard contents are not retained after processing. Text buffers are securely overwritten in memory after each analysis cycle.
Activity Log
The app maintains a local activity log at ~/.beatmask/activity.json containing a record of recent scan events (up to 100 entries). This log includes detection types and timestamps but does not store the original sensitive text. This file resides solely on your device and can be deleted at any time.
Machine Learning Model
The app includes an on-device named entity recognition (NER) model used to identify sensitive information in text. This model runs entirely within the app process on your hardware. No text is sent to any remote inference service. We do not use your data to train or improve AI models.
File Scanning
When you initiate a file scan, the app reads the contents of the selected file locally to detect PII. File contents are processed in memory, securely overwritten after analysis, and are never uploaded or transmitted.
Application State
The app stores local configuration and runtime state in the ~/.beatmask/ directory on your device, including application preferences, detection settings (sensitivity thresholds, enabled/disabled categories), custom blocklist entries you create, and a Unix domain socket file used for local inter-process communication. These files are accessible only to your macOS user account and are never transmitted externally.
Chrome Extension Bridge
BeatMask Pro offers an optional connection to the BeatMask Chrome extension via a local Unix domain socket (~/.beatmask/beatmask.sock). This bridge enables the extension to send content to the desktop app for deeper analysis using the on-device ML model.
This connection is secured as follows:
- The socket file is restricted to your macOS user account (file permissions 0600 within a 0700 directory).
- The app verifies the identity of connecting processes to ensure only your user account can communicate with it.
- All communication occurs locally on your device. No content passes over the network.
- Connection rate limiting and idle timeouts are enforced to prevent misuse.
Network Connections (Pro Only)
BeatMask Pro makes three types of outbound network connections. None of them carry your scanned content, clipboard data, detection results, or activity history.
Payment Processing
| Data | Handled By | Stored By Us? |
|---|---|---|
| Credit card number | Stripe | No—Stripe handles all payment processing |
| Billing address | Stripe | No |
| Stripe Customer ID | Stripe + Us | Yes (ID only, not payment details) |
| Subscription status | Us | Yes (active, cancelled, etc.) |
We never see, store, or process your credit card number. Stripe is PCI DSS Level 1 certified. See Stripe’s privacy policy at stripe.com/privacy.
License Validation
The app periodically contacts our licensing server to verify your subscription status. These requests transmit only a unique, non-personally-identifiable account identifier, a timestamp, and your app version. No clipboard content, detection results, activity history, or other user data is included.
Software Updates
The app checks for available updates by contacting our update server. These requests transmit only your app version and basic system information (macOS version) necessary to determine update compatibility. No user content or activity data is included.
macOS Permissions
| Permission | Purpose | What It Does NOT Do |
|---|---|---|
| Accessibility | Required to monitor and interact with the system clipboard for real-time PII detection. | Does not cause any data to be collected or transmitted externally. |
| Notifications | Required to display alerts when PII is detected in your clipboard. | Does not track notification interactions or send data externally. |
Data Security (Pro)
- Memory zeroization: Text buffers containing scanned content are securely overwritten in memory immediately after analysis.
- File system permissions: All local data files and communication sockets are restricted to your macOS user account.
- Process verification: The Chrome bridge verifies the identity of connecting processes to prevent unauthorized access.
- No persistent storage of sensitive text: The app does not store original clipboard contents, scanned text, or detected PII values to disk.
Data Retention (Pro)
| Data Type | Retention | Your Control |
|---|---|---|
| Activity log | Up to 100 recent entries, locally | Delete ~/.beatmask/activity.json at any time |
| Application state | Until uninstall | Delete ~/.beatmask/ directory |
| Payment information | Retained by Stripe per their policies | Manage via Stripe customer portal or contact us |
| License identifier | Duration of your subscription | Deleted upon subscription cancellation |
Third-Party Services
| Service | Used By | Purpose | Their Privacy Policy |
|---|---|---|---|
| Stripe | Pro (desktop) only | Payment processing | stripe.com/privacy |
| Chrome Web Store | Extension only | Extension distribution and updates | policies.google.com/privacy |
We do not use analytics trackers, advertising pixels, or any third-party tracking on our extension, desktop app, or website.
Regulatory Compliance
GDPR (EU/EEA)
BeatMask does not process personal data as defined under the GDPR through its detection features. The limited data processing described in Part B (license validation, payment processing via Stripe, update checks) involves minimal, non-content data. For this processing, our legal basis is contract performance. BeatMask may act as a data controller or joint controller with Stripe for subscription and payment data. We do not act as a data controller or data processor with respect to the content you scan.
CCPA/CPRA (California)
BeatMask does not collect, sell, or share personal information as defined by the California Consumer Privacy Act through its detection features. We do not sell personal information to third parties. We do not share personal information for cross-context behavioral advertising. We do not use or disclose sensitive personal information.
Chrome Web Store Limited Use Disclosure
The use of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements.
International Users
BeatMask processes all user content locally on your device, regardless of your location. The only data transmitted externally (Pro users only) is described in Part B: payment processing, license validation, and update checks. These services may involve servers located in the United States.
Children’s Privacy
BeatMask is not intended for children under 16. We do not knowingly collect personal information from children. Because the extension collects no data from any user, and the desktop app collects no content data, there is no mechanism through which children’s data would be gathered.
For Enterprise Security Teams
BeatMask’s local-only architecture means deploying BeatMask does not expand your organization’s attack surface, does not introduce new data processing relationships for scanned content, and does not require vendor risk assessments for content handling. All scanned data remains within the jurisdiction where it was created—there are no cross-border data transfers of user content, no cloud processing, and no data residency concerns.
Unlike cloud-based DLP solutions that route content through external servers, BeatMask processes everything locally. No data channel for scanned content exists between your devices and our infrastructure.
For enterprise procurement: BeatMask maintains no servers, databases, or cloud infrastructure that processes customer content. We do not act as a data processor or sub-processor under any privacy regulation with respect to the content your employees scan.
Your Rights and Controls
| Action | Extension | Desktop Pro |
|---|---|---|
| Stop all monitoring | Uninstall the extension | Quit or uninstall the app |
| Clear local data | Reset settings in popup, or uninstall | Delete ~/.beatmask/ directory |
| Disable Chrome bridge | N/A (extension-only feature) | Disable in app settings or uninstall the companion extension |
| Manage payment data | N/A (free product) | Contact us or use Stripe’s customer portal |
| Delete account/license | N/A (no account) | Email contact@beatmask.com |
| Inspect extension code | chrome://extensions → Developer mode → Inspect | N/A |
If you are located in the EU/EEA, United Kingdom, or another jurisdiction with applicable data protection laws, you may have additional rights regarding the limited personal data processed as described in Part B, including the right to access, correct, delete, or port your data. To exercise these rights, contact us at the address below.
Changes to This Policy
If we materially change this policy—particularly if we ever introduce data collection beyond what is described here—we will provide at least thirty (30) days’ notice through the Service or, for Pro subscribers, by email. We will update the effective date and describe the changes on this page. We will never retroactively expand data collection without providing clear notice and, where applicable, obtaining your consent.
Related Documents
This privacy policy should be read in conjunction with our Terms of Service, which govern your use of all BeatMask products. In the event of a conflict between these documents regarding data handling practices, this Privacy Policy controls.
Contact Us
BeatMask LLC
30 N Gould St Ste N
Sheridan, WY 82801
United States
General Inquiries: contact@beatmask.com
Privacy Matters: privacy@beatmask.com
Security Vulnerability Reports: security@beatmask.com
Legal Notices: legal@beatmask.com