Privacy policy

Effective date: 02/02/2021

Purpose of the policy

Keepem is committed to protecting your privacy. This document contains the various ways in which you might interact with Keepem software, the information you provide and for which purpose is used.

The main regulations under which this policy complies with are:

Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27th 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data. From now on referred as GDPR
Organic Law 3/2018 of Spanish Parliament from December 5th on the Protection of Personal Data and guarantee of digital rights. From now on referred as LOPD

Definitions

"Personal data" according to the GDPR means any information which can be related to an individual and used to, directly or indirectly, identify them. Examples are Name, addresses, email addresses, telephone numbers, identity numbers but also IP, cookies ID, device ID, pictures and other identifying elements like voice recordings. It is also referred to as Personal Identifiable Information or PII. See the EU Commission definition on personal data .

"Data subject" refers the person whose personal data is being processed.

"Processing" covers all activities relating to the use of personal data by any organizations. From its collection through its storage and eventual deletion, including everything in behind.

"Data controller" The entity defining the purposes and means to process personal data. In this case it's us, Keepem.

"Data processors" The companies supporting us with providing the services to you. For example the IT hosting provider.

Exercising your rights

In line with the current regulations (even if they may not directly apply to you), you have the right to:

Right to Access and Data Portability : Request access to your personal data. You will receive it in a commonly used and machine readable format.
Right to Rectification : Require us to correct any mistakes in your information which we hold
Right to Erasure : Require us to delete any personal information we may have about you
Right to Restriction of Processing : Restrict the processing of your personal data in certain circumstances
Right to Object : Object to processing of personal data concerning your for direct marketing or purposes not covered by compelling legitimate grounds
Right to Avoid Automated Decision-Making

More information of those rights can be found under Chapter 3 of GDPR.

You can exercise your rights

Using the options provided in our application
Via the email data-protection(a)keepem.app

Additionally, in case of complaints related to the procesing of your personal data by Keepem, you have the option to file it to corresponding supervisory authority. For Spanish residents you may address them to the Spanish Data Protection Authority (AEPD) .

Data Collection and its purposes

Our policy is to collect as little user information as possible.

We may use the metadata collected to improve our services and provide you with summaries and statistics on your actions and files stored.

Purpose	Data processed	Description
Opening an account	email username IP addresses phone number	We use your email to contact you with important notifications for the service such as registration codes, password recovery links, policy changes or invoices. We may also contact you with notifications related to user activity (new requests, file sharings...) or to inform you about new features or Keepem products in which you might have interest. We will request opt-in and you can always opt-out in the application settings or contacting us. Usernames might also contain personal information like your name if you have provided it. In order to pursue our legitimate interest of preventing the creation of accounts by bots or human spammers we may use also other verification methods like hCaptcha, SMS and your IP address. Phone numbers and IP addresses are temporarily stored for a period determined by our legitimate interest of protecting the service from spam, abusive behaviour and any legal requirements we must comply with. If this data is saved permanently, it will be stored as a cryptographic hash so the values cannot be deciphered by us.
Account activity	metadata about: - assets - files - events - user connections	This purpose uses what it's called metadata which is information about the data and actions taken by you. For example how many files you have stored, its file size, file name, when were they created, who are you sharing them with as well as who are your contacts in the application, modification timestamp. That will be used for the purpose of providing you the service features (e.g. access to encrypted files, bequest, search capabilities), and to optimize technical implementations (e.g. geographical storage allocations) to provide you with a better service. The legal basis is the legitimate interest for providing you the service.
Geolocation events	Location	Some of the features we provide require access to location on your phone. There are two types of collection related to it: Phone's location information that will be kept on your device. You will be requested consent by the cell phone system and can remove it at any time in your device settings. Location attached to a File or Event like: where it was taken or where will it be transferred to someone else. The latter will be sent to the servers and used only to trigger those events or serve the information back to you. End to end encryption will be applied when possible. The legal basis is consent when you use those specific features. It is possible to use the majority of the service without consenting to this.
Account Security	IP addresses device identifiers email	We use your email to contact you with important notifications such as verification codes, password recovery links. Device identifiers and IP addresses might be kept temporarily to combat abuse and fraud. They might be retained permanently if you are engaged in activities that breach our terms and conditions or if legally compelled by Spanish legal requirements. The legal basis is the legitimate interest of providing a secure environment for our users.
Statistics and analytics	user interactions like - page views - buttons clicked	In order to improve the services and the user interfaces we may collect anonymous information of the journey and interactions of the user with our app. This will allow us to understand which features are more used, useful and to be able to improve the service overall, as well as improving the user interfaces to be more easily used by everyone and specially people with different levels of abilities. The legal basis is user consent.
Provide native applications	device ID, crash reports	We need access to the device IDs to send push notifications to user devices. We might also obtain some other information like crash reports to investigate and remediate bugs in our program. This might be provided to us by Google Play Store or the Apple App Store. Keep in mind that those services may also collect anonymous and aggregate statistics like # of application installs and operating system versions. The legal basis is the legitimate interest for providing service.
Process Payments	name payment information paypal email account	We work with payment processors in order to allow you to purchase features like more storage space. The legal basis is the legitimate interest to collect payment information in exchange of the services provided.
Providing support	name email address device ID	If you contact Keepem support, any personal data you might share with us is kept only for the purposes of researching the issue and contacting you about your case. It is deleted after a reasonable time has passed. The legal basis is the legitimate interest of troubleshooting the problem and improve the quality of the service.

Data Storage and Security

To provide our services, we store and process the data in Spain (in servers owned and operated by us) and Germany (hosted in Contabo GmbH, acting as a subprocessor). While Contabo GmbH does not directly process nor do any analysis on your data, it is considered a Data Processor. You may find its Terms and Conditions (See Clause 12) and Privacy policy .

We have in place server and transit encryption measures to keep your information from unauthorized access and we implement full end to end encryption when possible so neither us nor the data processors have access to your data.

Data Retention

We store the personal data provided to us as long as you maintain an account with us. In case of your pasing, all the files and accompanying information that is programmed to be bequested to a relative or friend will be transferred to them when the conditions are met and will belong to them. Everything else will be removed.

When an account is closed by an individual all data is deleted from production servers unless there is any specific reasons in an individual case like a legal request or a potential violation investigation. Deleted files may be retained in our backups for up to 30 days.

Information we may share

We will disclose the limited user data we possess if we need to meet any applicable law, legal process or enforceable governmental request, enforce applicable Terms, including investigation of potential violations, detect, prevent or address fraud, security or technical issues and to protect against harm to the rights, property or safety of Keepem, our users or the public as required or permitted by law.

Additionally we will need to disclose payment information to the third parties we work with as payment processors.

Modifications to this Privacy Policy

We will update this privacy policy when necessary so that is current, accurate and as clear as possible. We will notify users of significative changes via public announcements and email. The continued use of the services will be deemed as acceptance of such changes.