Privacy Policy

1. Introduction

Welcome to Keeplas. Keeplas is a life continuity platform designed to help you securely store, organize, and transmit critical life information to your trusted contacts when it matters most. We are committed to protecting your privacy and ensuring the security of your personal information.

This Privacy Policy explains how Keeplas ("we," "us," or "our") collects, uses, discloses, and safeguards your information when you use our web application and related services (collectively, the "Service"). By accessing or using the Service, you agree to the terms of this Privacy Policy.

If you do not agree with the terms of this Privacy Policy, please do not access the Service. For questions, please contact us at support@keeplas.com.

2. Information We Collect

We collect different types of information depending on how you interact with the Service:

3. How We Use Your Information

We use the information we collect for the following purposes:

• Account Management: To create and manage your account, authenticate your identity, and provide customer support.
• Service Delivery: To operate and maintain the Service, including the Life Check system, trusted contact management, and social recovery.
• Service Improvement: To analyze aggregated usage patterns and improve the performance, reliability, and user experience of the Service.
• Communications: To send you important service-related notifications, such as Life Check reminders, security alerts, billing and purchase updates, and policy changes. We may also send occasional product updates, which you can opt out of at any time.
• Security: To detect, prevent, and respond to fraud, abuse, security incidents, and technical issues.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.

4. Zero-Knowledge Architecture

Keeplas is built on a zero-knowledge architecture. This means that your vault data is encrypted on your device using your personal encryption keys before it ever leaves your browser or app. Our servers store only the encrypted data.

As a result:

• Keeplas employees cannot view, access, or decrypt your vault contents.
• Even in the event of a server breach, your vault data remains protected by your encryption keys.
• If you lose your encryption keys and have not set up social recovery through trusted contacts, we cannot recover your vault data. You are solely responsible for safeguarding your keys.
• The social recovery mechanism allows designated trusted contacts to collaboratively help restore access, but this process is also encrypted end-to-end and does not expose your data to Keeplas.

5. Data Sharing

We do not sell, rent, or trade your personal information to third parties. We may share limited information in the following circumstances:

• Service Providers: We work with trusted third-party providers for hosting (Convex), payment processing (Stripe), email delivery, and analytics. These providers are contractually bound to protect your data and may only use it to perform services on our behalf.
• Legal Requirements: We may disclose your account information (not vault contents, which we cannot access) if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your data.
• With Your Consent: We may share information for other purposes with your explicit consent.

6. Data Retention

We retain your account information for as long as your account is active or as needed to provide you with the Service. Specifically:

• Active Accounts: Your data is retained for as long as your account remains active. Encrypted vault data remains stored as long as your account exists.
• Account Deletion: When you delete your account, we permanently delete your account information and all associated encrypted vault data within 30 days. Some anonymized, aggregated analytics data may be retained indefinitely.
• Inactive Accounts: Free-tier accounts that have been inactive for more than 12 months may be flagged for deletion. We will notify you at least 30 days before any action is taken.
• Legal Obligations: We may retain certain information as required by law, such as billing records, for the period mandated by applicable regulations.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: You have the right to request a copy of the personal information we hold about you.
• Correction: You have the right to request correction of inaccurate or incomplete personal information.
• Deletion: You have the right to request deletion of your personal information, subject to certain legal exceptions.
• Data Portability: You have the right to receive your personal information in a structured, commonly used, machine-readable format and to transmit it to another service.
• Objection: You have the right to object to the processing of your personal information for certain purposes, such as direct marketing.
• Withdrawal of Consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at support@keeplas.com. We will respond to your request within 30 days.

8. Cookies

Keeplas uses a minimal number of cookies and similar technologies:

• Essential Cookies: Required for the Service to function properly, including authentication session cookies and security tokens. These cannot be disabled.
• Analytics Cookies: We use privacy-respecting analytics to understand how the Service is used. These cookies do not track you across other websites and can be disabled in your account settings.

We do not use advertising cookies or third-party tracking cookies.

9. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to promptly delete that information. If you believe a child under 16 has provided us with personal information, please contact us at support@keeplas.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email or by posting a prominent notice within the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date of a revised Privacy Policy constitutes your acceptance of the updated terms. We encourage you to review this page periodically.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: support@keeplas.com
• Website: keeplas.com