Privacy Policy

Your privacy by design. Keepli is built offline-first. The vast majority of your data lives only on your device and never leaves it unless you explicitly enable a cloud feature.

1. Introduction

Welcome to Keepli. We operate the Keepli mobile application (the "App") and the website at keeplis.com (the "Site"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App and Site.

By using Keepli, you agree to the practices described in this policy. If you do not agree, please discontinue use of the App.

2. Information We Collect

2.1 Information You Provide Directly

Onboarding data: Your first name, last name, and chosen focus areas provided during setup.
Vault content: Documents, subscriptions, passwords, receipts, and personal records you save in the App. Stored locally on your device by default.
Journal and notes: Text you write in journey dashboards, the daily journal, or the planning hub.
Health and wellness data: Data you manually enter or import from Apple Health / Android Health Connect for journeys such as sleep, fitness, or cycle tracking.
Family Hub data: Names, shared documents, and messages within your family group — stored server-side only when you use the Family Hub feature.
Financial data: When you link a bank account via Plaid, we receive a temporary access token. We never store your banking credentials.

2.2 Information Collected Automatically

Device identifier: A randomly generated device ID (not linked to your Apple ID or Google account) used to associate your data with your device for cloud features.
Push tokens: If you grant permission, an Expo push token is stored to deliver notifications.
Analytics events (opt-in): Anonymised in-app events such as screen views and feature taps. No personally identifiable information or vault content is attached.
Crash reports (opt-in): Diagnostic crash reports containing device model, OS version, and a stack trace — never your vault data.

2.3 Information From Third-Party Services

When you connect third-party services (Gmail, Google Drive, Plaid, Apple Health, etc.), we receive only the data necessary to provide the requested feature. See Section 5 for details.

3. How We Use Your Information

We use information we collect to:

Provide, operate, and improve the App and its features.
Personalise your experience based on your chosen focus areas and journeys.
Send push notifications, including daily re-engagement reminders (only with your permission).
Sync data between your devices when you enable cloud features.
Process subscription payments through RevenueCat.
Detect and prevent fraud, abuse, and security incidents.
Comply with legal obligations.
Generate aggregated, anonymised product analytics (opt-in only).

We do not sell your personal information to third parties. We do not use your vault content to train AI models.

4. Data Storage & Security

4.1 Local-First Architecture

By default, all vault data, journal entries, and personal records are stored exclusively on your device. This data does not leave your device unless you explicitly enable a cloud feature such as:

Encrypted Cloud Vault Backup
Family Hub
My Circle social features
Bank account linking via Plaid

4.2 Cloud Storage

When cloud features are active, your data is transmitted over HTTPS and stored in a PostgreSQL database with encryption at rest and in transit.

4.3 Encrypted Vault Backup

When you use Encrypted Cloud Vault Backup, your data is encrypted on your device using AES-256-GCM with PBKDF2 key derivation before transmission. Your passphrase is never sent to our servers — we cannot decrypt your backup.

4.4 Retention

Server-side data is retained while your account is active. You may delete all your data at any time via Settings → Data → Delete All Data. Anonymised analytics events may be retained for up to 24 months.

5. Third-Party Services

Keepli integrates with the following third-party services. Each has its own privacy policy governing its data practices:

5.1 OpenAI

We use OpenAI's API for the AI document scanner, journey insights, and the Ask Keepli assistant. When you use these features, the relevant content is sent to OpenAI. OpenAI Privacy Policy.

5.2 RevenueCat

Subscription management is handled by RevenueCat, which receives your device ID and purchase information. RevenueCat Privacy Policy.

5.3 Plaid

If you link a bank account, Plaid facilitates the secure connection. We receive only account metadata and transaction data — never your banking credentials. Plaid Privacy Policy.

5.4 Google (Gmail & Google Drive)

If you connect Gmail for subscription detection or Google Drive for imports, we receive read-only access limited to the data you authorise. We do not store this data beyond what you save to your vault. Google Privacy Policy.

5.5 Apple HealthKit / Android Health Connect

If you grant health data access, Keepli reads metrics (steps, heart rate, sleep, etc.) solely to display them in your journey dashboards. We do not share HealthKit or Health Connect data with third parties or use it for advertising.

5.6 Sentry

Crash reports (opt-in) are sent to Sentry and do not contain vault content or personally identifiable information. Sentry Privacy Policy.

5.7 Expo Push Notifications

Push notification tokens are transmitted via Expo's push service to deliver notifications to your device. Expo Privacy Policy.

6. Analytics & Crash Reporting

Both analytics and crash reporting are opt-in only. You control these from Settings → About:

Share Analytics (off by default): Anonymised usage events batched and sent to our server every 30 seconds. No vault content, names, or personal identifiers are included.
Crash Reporting (off by default): Unhandled exceptions send a diagnostic report to Sentry, including device model, OS version, and a code stack trace. No personal data is included.

You may withdraw consent at any time by disabling these toggles in Settings.

7. Cookies & Tracking Technologies

The Keepli mobile app does not use cookies. Our website (keeplis.com) uses only essential, first-party cookies necessary for site operation. We do not use advertising cookies, cross-site tracking, or third-party analytics cookies. We do not display advertising and do not work with advertising networks that set cookies.

8. Your Rights & Choices

Depending on where you live, you may have the following rights:

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate data.
Deletion: Delete all on-device data via Settings → Data → Delete All Data. For server-side deletion, email privacy@keeplis.com with subject "Data Deletion Request".
Opt-out of analytics: Disable the "Share Analytics" toggle in Settings.
Push notifications: Disable via your device's system settings or via Settings → Notifications.

Residents of the European Economic Area, UK, and California have additional rights under GDPR, UK GDPR, and the CCPA respectively. Contact us at privacy@keeplis.com and we will respond within 30 days.

9. Children's Privacy

Keepli is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, contact us immediately at privacy@keeplis.com and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated "Last updated" date. Your continued use of Keepli after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, requests, or complaints about this Privacy Policy, please contact us:

Privacy enquiries: privacy@keeplis.com
General support: support@keeplis.com
Website: keeplis.com