Privacy Policy
The short version. In the current Kept By iOS app, saved keepsakes and unfinished capture drafts stay on your device. Kept By does not upload your saved library or provide cloud sync. Content leaves your device only when you choose to share it or send it to support. The website receives your email address if you join the email list and processes standard technical request data needed to deliver and secure the site. We never sell your information.
You control what you send. The app asks for camera access when you capture a keepsake. If you import an existing image, Apple's system photo picker gives the app only the image you select; the app does not request broad photo-library access. Motion data is used on-device for subtle viewing effects and is not sent to Kept By. Problem reports are optional, and nothing is sent until you choose to send it. If you joined the email list, one click in any email unsubscribes you from the active list. For privacy questions or full deletion requests, email [email protected].
This notice is for Kept By ("we," "us," "our"), operating the Kept By iOS app and the website at keptby.app.
Summary of key points
- What personal information do we process? In the app, your saved keepsake content is stored locally on your device. On the website, we process your email address if you sign up for updates, plus basic technical data that hosting and email services log automatically. If you contact support or report a problem, we process the message and any diagnostics you chose to send.
- Do we process sensitive personal information? We do not ask you to send it. Your saved keepsake content stays on your device. If you choose to include sensitive information in a support email, we use it only as needed to respond to your request.
- Do we collect any information from third parties? We do not buy personal information from data brokers or collect it from social-media profiles. Our website providers process standard technical request data needed to deliver and secure the site.
- How do we process your information? To run local app features, send emails you signed up for, respond to support requests, understand aggregate website traffic, and comply with law.
- Who do we share it with? The app does not send your keepsake content to us. Website, email, and support data is handled by service providers who need it to operate the website, mailing list, and support email. We do not sell your data.
- How do you exercise your privacy rights? Unsubscribe using the link in any email we send to leave the active mailing list. For full deletion or any other privacy question, email [email protected].
Table of contents
- 1. What information do we collect?
- 2. How do we process your information?
- 3. What legal bases do we rely on?
- 4. Who do we share your information with?
- 5. How long do we keep your information?
- 6. Do we collect information from minors?
- 7. What are your privacy rights?
- 8. Do-Not-Track and Global Privacy Control
- 9. US residents' privacy rights
- 10. Updates to this notice
- 11. How to contact us
- 12. How to review, update, or delete your data
1. What information do we collect?
In short: app keepsakes are local on your device. Website email signup and support diagnostics are optional. Basic technical data is logged by our hosting and email providers.
Information you provide
In the Kept By iOS app, you may choose to save:
- Photos or scans of cards, letters, postcards, notes, recipes, drawings, invitations, envelopes, and similar keepsakes
- Optional names, dates, collection labels, favorites, and notes about why something matters
This app content is stored locally on your device. The app does not automatically send it to us. We receive app content only if you intentionally include it in a support message or otherwise choose to share it with us. We do not host it as an online library, sell it, or use it to train AI models.
When you sign up for our email list on the website, you voluntarily give us:
- Your email address
- The date and time of your signup
If you contact support or choose Report a problem, the app opens a draft in your mail or sharing tool. Nothing is sent until you choose to send it. You may edit the message or add attachments.
If you choose Email support with diagnostics, the app creates a local text attachment containing a generation timestamp, app version and build, iOS/device class, local storage and sync posture, onboarding and haptics settings, and aggregate library counts. Email support only does not attach diagnostics.
The generated diagnostic attachment omits keepsake photos, OCR or card text, sender names, notes, why-it-matters text, collection names, addresses, and image filenames. These exclusions apply to the generated attachment, not to information you choose to type or attach yourself.
We do not ask for your phone number, physical address, credit card, account password, or login credentials.
Information automatically collected
When you visit our website, Cloudflare processes standard website request and network-error information needed to deliver and protect the site, such as IP address, requested pages, traffic-routing information, system configuration information, and referring page. The site also loads Google Fonts from Google-hosted endpoints. Google receives the IP address, requested font URL, browser and operating-system headers, and referrer needed to serve those fonts. If you join the email list, Kit receives your email address and standard subscription request metadata when you submit the form.
Sensitive information
We do not ask you to send sensitive personal information. The keepsakes you choose to save may be personal or emotionally sensitive, but the app keeps that content on your device. Please avoid including sensitive personal information in support messages unless it is necessary for us to help you. If you voluntarily include sensitive information in a support email, we process it only as needed to respond to your request, troubleshoot the issue, comply with law, and maintain appropriate support records.
Information from third parties
We do not buy personal information from data brokers or collect it from social-media profiles. Our website, email, and support providers process information when you visit the site, join the email list, or contact support as described in this notice.
2. How do we process your information?
In short: the app uses your saved content to show your local library. We use your email to send messages you signed up for, and support information only when you choose to send it. We use technical data to run the website.
Specifically:
- To run app features on your device — show your gallery, preserve metadata, display cards/letters/postcards, manage favorites and collections, and resume unfinished captures.
- To send you the emails you signed up for — welcome sequence, occasional updates about Kept By, product news, and support-related notices.
- To provide support — read and respond to support emails, troubleshoot problems you report, and use an optional diagnostic report only when you choose to send one.
- To understand aggregate website traffic — which pages work, which don't.
- To fix technical problems — website logs and user-sent support diagnostics help us debug without collecting your saved keepsake content.
- To comply with legal obligations — if legally required to respond to a lawful request.
We do not:
- Use your information for targeted advertising
- Share it with third parties for their marketing
- Use your saved keepsake content to train AI models
- Profile you for automated decision-making that affects your rights
- Automatically upload saved keepsake images or notes from the current Kept By app to Kept By servers
- Send diagnostic reports automatically or without your choice
3. What legal bases do we rely on?
In short: your consent, legitimate interest, and legal obligations — depending on where you live.
If you are in the EU, UK, or Switzerland
Under GDPR and UK GDPR, we rely on:
- Consent — you gave it by signing up for our list. You can withdraw it at any time by unsubscribing.
- Legitimate interest — for basic website operation, security, and aggregate analytics.
- Legal obligations — for compliance with applicable law.
If you are in Canada
Under PIPEDA, we rely on:
- Express consent — you gave it by signing up.
- Implied consent — for basic site operation and analytics.
You can withdraw consent at any time by unsubscribing.
4. Who do we share your information with?
In short: only our service providers. We do not sell, rent, or trade your data.
We share your personal information with service providers only when they need it to operate Kept By's website, email list, support email, or related infrastructure:
- Kit — our email service provider. They receive signup information and store and deliver the emails you subscribed to. Kit's privacy policy and data processing addendum.
- Cloudflare — our website hosting and email routing provider. Cloudflare's privacy policy.
- Google Fonts — serves the fonts used by our website from Google-hosted endpoints. Google Fonts privacy details.
- Support email providers — the email and mailbox tools we use to receive and answer messages you send to us.
The current Kept By iOS app does not automatically send saved keepsake content to Kept By servers. If you send a support message, diagnostic report, or shared keepsake through your own email or sharing tools, it travels through the service you choose. Kept By does not provide cloud sync or hosted sharing. If that changes, this notice will be updated before those features are enabled.
We may also disclose information:
- To legal authorities when legally compelled (subpoena, court order, lawful government request).
- In a business transfer (if Kept By is ever acquired, your information transfers to the acquirer; we'll update this notice and email affected subscribers).
We do not sell your information. We do not share it with third parties for their marketing. We do not share it for targeted advertising under any definition.
5. How long do we keep your information?
In short: for as long as you're subscribed. Unsubscribing removes your information from our active list.
- App keepsakes: saved locally on your device until you delete them or remove the app.
- While you're subscribed: we retain your email address on our mailing list.
- After you unsubscribe: we remove you from our active mailing list. Our email provider may retain limited information as needed to honor your unsubscribe request and meet its legal and operational obligations.
- Support emails and diagnostic reports: retained as long as reasonably needed to respond, troubleshoot, maintain records of the issue, and improve app reliability. When they are no longer needed, we delete them or anonymize them.
- For full deletion of information Kept By controls, email [email protected] and we'll process the request within the timeframe required by applicable law.
- Technical request data: our providers retain it according to their documented retention practices and as needed for security and operational purposes.
When there is no longer a legitimate reason to retain your information, we delete it or fully anonymize it.
6. Do we collect information from minors?
In short: Kept By is not for children under 13.
Kept By is intended for people 13 years of age or older. We do not knowingly collect personal information from anyone under 13, and we do not market to children. If you become aware that a child under 13 has provided us with personal information, please email [email protected] and we will take steps to delete it.
7. What are your privacy rights?
In short: depending on where you live, you have rights to access, correct, and delete the information we hold about you. The unsubscribe link removes you from the active mailing list. For full deletion or another privacy request, email us.
The simplest privacy tool — unsubscribe
For email-list users, the unsubscribe link at the bottom of every email removes the address from our active mailing list. For full deletion or another privacy request, email [email protected].
Your statutory rights
Depending on your jurisdiction (EU, UK, Canada, or certain US states), you have some or all of these rights:
- Right to know whether we process your personal information.
- Right to access your personal information.
- Right to correct inaccurate information.
- Right to deletion of your personal information.
- Right to data portability — receive your information in a machine-readable format.
- Right to restrict or object to certain processing.
- Right to withdraw consent at any time.
- Right not to be subject to automated decision-making that produces legal or similarly significant effects.
How to exercise these rights
Email [email protected]. We respond to verified requests within 30 days (45 days in some US jurisdictions, 30 days under GDPR, extendable to 90 days for complex requests).
An honest note about what we'll be able to tell you: for most people, we hold only an email address, signup date, and any support messages or diagnostic reports they voluntarily sent. There is no user account, no hosted keepsake content, no profile, and no behavioral tracking data. Most email-list users find that unsubscribing gives them everything a formal request would achieve.
Complaints to authorities
- EU: your local EU data protection authority
- UK: the UK Information Commissioner's Office
- Switzerland: the Federal Data Protection and Information Commissioner
- Canada: the Office of the Privacy Commissioner of Canada
- United States: your state's attorney general office
8. Controls for Do-Not-Track and Global Privacy Control
Because there is no universal technology standard for Do-Not-Track signals, we do not currently respond to DNT browser signals.
Kept By does not sell personal information or share it for targeted advertising, so there is no sale or targeted-advertising opt-out to apply through a Global Privacy Control signal. If our practices change, we will update this notice and honor applicable opt-out requirements.
9. US residents' privacy rights
In short: residents of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia have additional privacy rights under their state laws.
Categories of personal information we collect
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | IP address, email address | Yes (email/support messages; IP auto-logged) |
| B. California Customer Records Act personal info | Name, financial info, employment | Not requested; possible only if you include it in a support message |
| C. Protected classification characteristics | Gender, age, race, marital status | Not requested; possible only if you include it in a support message |
| D. Commercial information | Purchase history, transactions | No |
| E. Biometric information | Fingerprints, voiceprints | No |
| F. Internet activity | Cross-site browsing | Limited (our site only) |
| G. Geolocation data | Precise location | No |
| H. Audio/sensory information | Call recordings | No |
| I. Professional/employment information | Job history | No |
| J. Education information | Student records | No |
| K. Inferences | Profiles from collected data | No |
| L. Sensitive personal information | SSN, precise location, biometric, health | Not requested; possible only if you include it in a support message |
We do not request the categories marked "No." A support email is user-written, so it may contain additional information only if you choose to include it.
Your rights under state law
Depending on your state, you may have any of these rights:
- Right to know whether we process your personal data
- Right to access your personal data
- Right to correct inaccuracies
- Right to delete your personal data
- Right to obtain a copy of your personal data
- Right to non-discrimination for exercising your rights
- Right to opt out of sale, sharing for targeted advertising, or profiling
We do not sell or share your personal information, so there is no list of third parties to whom we have sold data (the answer is: none).
How to exercise your rights
Email [email protected]. We verify identity by confirming the request from the email on file, and respond within 45 days.
Appeals
If we decline a request and you disagree, email [email protected] with "Privacy Appeal" in the subject line. We respond to appeals within 60 days.
10. Updates to this notice
We may update this notice from time to time. When we do:
- The "Last Updated" date at the top will change.
- For material changes, we'll notify you by email (if you're on our list) at least 30 days before they take effect.
11. How to contact us
For privacy questions, complaints, or formal requests:
- Email: [email protected]
- General support: [email protected]
Post:
Kept By
Jacksonville, FL
United States
We reply to most emails within 5 business days. Formal privacy rights requests are answered within legally required timeframes (typically 30–45 days).
12. How to review, update, or delete your data
The fastest path is to use the tools built into every email we send:
- To unsubscribe (and remove your data from our active list): click the "Unsubscribe" link at the bottom of any email we send.
- To update your email address: unsubscribe the old address, then sign up again with the new one.
- To request full deletion of information Kept By controls, including support messages you sent: email [email protected].
Because we do not host accounts or saved keepsake content, there is no elaborate in-app data access process. For many users, the answer to "what do you have on me?" is simply "your email address, which you provided to us." If you contacted support or sent a diagnostic report, we can also review or delete that support record on request, subject to lawful retention needs.