1. OUR COMMITMENT TO PRIVACY This Privacy Policy explains how Keep4o ("we," "us," or "our") collects, uses, stores, and protects your data when you use keep4o.chat ("Service"). We are committed to transparency and to protecting your personal information.
OUR CORE PRIVACY PROMISE: We will never sell, rent, lease, or otherwise distribute your personal information to third parties for marketing, advertising, or any commercial purposes unrelated to providing the Service. Your data is used solely to operate and improve the Service.
2. DATA WE COLLECT We collect only the minimum data necessary to provide the Service and maintain account functionality.
2.1 ACCOUNT INFORMATION. When you create an account, we collect your email address and basic profile information through Supabase Authentication. This information is used solely for account management, authentication, and communication about your account.
2.2 USAGE DATA. We collect usage data to manage account limits and billing, including:
This usage data is tied to your user account and is used solely for service management and billing purposes.
2.3 CONTENT DATA. Your conversations, chat history, AI-generated memories, and associated metadata are stored in our database infrastructure (Supabase / PostgreSQL). We preserve conversation transcripts so you can retrieve them across sessions, and so automated systems (e.g., memory extraction and usage tracking) can operate accurately. Sensitive content fields are encrypted at rest using application-level encryption with per-user keys.
2.4 PAYMENT DATA. Subscription payments are processed by Stripe. We do not store your full payment card details. Stripe handles payment data in accordance with PCI-DSS standards. We store only your Stripe customer ID for billing management.
2.5 TECHNICAL DATA. We automatically collect certain technical information when you use the Service, including IP addresses, browser information, and device characteristics. This data is used for security purposes, fraud prevention, and service optimization.
2.6 HUMAN ACCESS LIMITATION. No human at Keep4o reads your chats unless you give explicit written consent or we are required to disclose content to comply with binding law, regulation, court order, or an enforceable request from an integrated model provider. Automated systems may process conversation content to deliver features (such as memory extraction), but those systems operate without manual human review.
3. HOW WE PROTECT YOUR DATA We implement multiple layers of security to protect your data.
3.1 ENCRYPTION IN TRANSIT. All data transmitted to and from the Service is encrypted using HTTPS/TLS.
3.2 ENCRYPTION AT REST. Conversation content, memories, and sensitive profile fields are encrypted at rest using application-level encryption (AES-256) with per-user encryption keys. This means that even in the event of a database breach, your conversation content is not readable without the corresponding encryption keys.
3.3 DATABASE SECURITY. Our database (Supabase / PostgreSQL) enforces Row Level Security (RLS) policies ensuring that users can only access their own data through the API. Administrative access is strictly limited to server-side operations that require it (e.g., webhook processing).
3.4 INFRASTRUCTURE. The Service is hosted on Vercel. The database is hosted on Supabase (AWS infrastructure). Both providers implement industry-standard security measures including encryption, access controls, and monitoring.
3.5 ACCESS CONTROLS. Access to user data is limited to what is strictly necessary to provide the Service. We use Supabase Authentication for account access control and role-based permissions for backend operations.
3.6 DATA MINIMIZATION. We collect only the data necessary to provide our Service.
4. HOW WE USE YOUR DATA We use your data exclusively to:
We do NOT use your data to:
5. DATA SHARING 5.1 NON-DISTRIBUTION POLICY. We will never intentionally sell, rent, or transfer your personal information to third parties for their own commercial purposes.
5.2 NECESSARY SHARING. We share data only with the following parties, only to the extent necessary:
5.3 LEGAL REQUIREMENTS. We may disclose data when required by law, court order, government regulation, or enforceable request from law enforcement or regulatory authorities. We will limit such disclosures to the minimum information required.
5.4 SAFETY. We may disclose data if necessary to protect the Service, its users, or the public from imminent harm.
6. AI MODEL PROVIDER INTERACTIONS 6.1 DATA TRANSMISSION. When you send messages through the Service, your input is transmitted to OpenAI's servers for processing. This transmission is necessary for the Service to function. AI-generated responses are transmitted back and stored in our database.
6.2 MEMORY PROCESSING. Automated memory features may send limited excerpts of conversations to AI providers to determine whether memories should be created, updated, or deleted. These operations are automated and do not involve human review.
6.3 PROVIDER POLICIES. OpenAI maintains its own privacy policy and data handling practices. You acknowledge that data transmitted to OpenAI is subject to OpenAI's policies. We encourage you to review OpenAI's privacy policy at https://openai.com/policies/privacy-policy.
7. INTERNATIONAL DATA TRANSFERS 7.1 CROSS-BORDER TRANSFERS. Your data may be transferred to and processed in countries other than your own, including the United States, as our infrastructure providers (Supabase, Vercel, OpenAI) operate servers in multiple jurisdictions.
7.2 SAFEGUARDS. We ensure that international data transfers comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) where applicable. Transfers rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) adopted by the European Commission.
7.3 YOUR RIGHTS. You have the right to obtain information about the safeguards we implement for international data transfers. Contact us at info@keep4o.chat for details.
8. YOUR RIGHTS (INCLUDING GDPR RIGHTS) If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with applicable data protection laws, you have the following rights:
8.1 RIGHT OF ACCESS. You have the right to request a copy of the personal data we hold about you.
8.2 RIGHT TO RECTIFICATION. You can update or correct your personal data through the Service settings or by contacting us.
8.3 RIGHT TO ERASURE. You can delete your account and all associated data at any time through account settings. Upon deletion, we will permanently remove your data within 30 days, subject to legal retention requirements.
8.4 RIGHT TO DATA PORTABILITY. You can export your data (conversations, memories, account information) in a portable format through the Service's export feature.
8.5 RIGHT TO RESTRICT PROCESSING. You can request that we restrict processing of your personal data in certain circumstances.
8.6 RIGHT TO OBJECT. You can object to processing of your personal data where we rely on legitimate interests as the legal basis.
8.7 RIGHT TO WITHDRAW CONSENT. Where processing is based on consent, you can withdraw consent at any time without affecting the lawfulness of prior processing.
8.8 RIGHT TO LODGE A COMPLAINT. You have the right to lodge a complaint with your local data protection authority. For users in Spain, this is the Agencia Española de Protección de Datos (AEPD) at https://www.aepd.es.
8.9 EXERCISING YOUR RIGHTS. To exercise any of these rights, contact us at info@keep4o.chat. We will respond within 30 days (or the timeframe required by applicable law).
9. LEGAL BASIS FOR PROCESSING (GDPR) For users in the EEA, we process personal data under the following legal bases:
10. DATA RETENTION 10.1 ACTIVE ACCOUNTS. We retain your data for as long as your account is active or as needed to provide the Service. Conversations and memories are retained until you delete them or close your account.
10.2 ACCOUNT CLOSURE. When you close your account, we delete your personal data within 30 days, subject to legal retention requirements.
10.3 LEGAL RETENTION. We may retain certain data longer if required by law, for ongoing legal proceedings, or to resolve disputes.
10.4 BACKUP RETENTION. Automated backups may retain data for a limited period after deletion. Backup data is encrypted and is permanently purged according to our backup rotation schedule.
11. COOKIES AND TRACKING 11.1 COOKIE USAGE. We use cookies and similar technologies solely to provide essential Service functionality.
11.2 ESSENTIAL COOKIES. We use:
11.3 ANALYTICS. We do not currently use third-party analytics or advertising cookies. If we introduce optional analytics in the future, we will update this policy and obtain consent where required.
11.4 COOKIE MANAGEMENT. You can control cookie settings through your browser. Disabling essential cookies may affect Service functionality.
12. CHILDREN'S PRIVACY The Service is not intended for children under 18 years of age (or the age of majority in your jurisdiction). We do not knowingly collect personal information from minors. If we become aware that we have collected data from a minor, we will delete it promptly. If you believe a minor has provided us with personal data, contact us at info@keep4o.chat.
13. CHANGES TO THIS PRIVACY POLICY 13.1 UPDATES. We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements.
13.2 NOTICE. Material changes will be communicated via email or in-Service notification at least fifteen (15) days before taking effect.
13.3 ACCEPTANCE. Your continued use of the Service after the effective date constitutes acceptance of the updated policy. If you disagree with changes, you may close your account.
14. DATA PROTECTION OFFICER For data protection inquiries, to exercise your rights, or to raise concerns about our data practices, contact our Data Protection Officer at: info@keep4o.chat
15. CONTACT US If you have any questions about this Privacy Policy or our data practices, contact us at: info@keep4o.chat
Keep4o Email: info@keep4o.chat
PRIVACY COMMITMENT: We will never sell or distribute your personal information or conversation data to third parties. Your data is encrypted at rest and used solely to provide our Service to you. You can export or delete all your data at any time.