Keyholding.appkeyholding.app

Privacy Policy

Last updated: February 17, 2026

1. Introduction

keyholding.app (“we”, “us”, “our”) respects your privacy. This policy explains what data we collect, why we collect it, and your rights regarding that data. We understand the sensitive nature of our Service and take your privacy seriously.

2. Data We Collect

Account Information

  • Email address (for authentication and notifications)
  • Username (publicly visible)
  • Profile information you choose to provide (avatar, bio, role)
  • Authentication data via Google OAuth or email/password

Service Data

  • Lock configurations, combinations (encrypted), and timer data
  • Messages exchanged with keyholders and AI keyholders
  • Game interactions (dice rolls, roulette spins, puzzle completions)
  • Activity logs and lock history
  • Subscription status and payment metadata (not payment card details — those are handled by Stripe)

Technical Data

  • Browser fingerprints — we collect device fingerprints for fraud prevention and account security. These are stored as hashed values, not raw fingerprint data
  • IP address hashes — we hash your IP address for security and abuse prevention. We do not store raw IP addresses
  • Browser type, operating system, and device information
  • Push notification tokens (if you enable push notifications)

3. How We Use Your Data

We use your data to:

  • Provide and operate the Service (locks, timers, keyholder interactions)
  • Authenticate you and keep your account secure
  • Send transactional emails (password resets, lock notifications, account alerts)
  • Send push notifications you’ve opted into
  • Process payments and manage subscriptions
  • Power AI keyholder conversations
  • Detect and prevent fraud, abuse, and multi-accounting
  • Improve the Service through aggregated, anonymized analytics

We do not sell your personal data. We do not use your data for targeted advertising.

4. Legal Basis for Processing

Under the GDPR, we process your personal data on the following bases:

  • Contract performance — processing necessary to provide the Service you’ve signed up for
  • Legitimate interests — fraud prevention, security, and service improvement, balanced against your privacy rights
  • Consent — push notifications, optional analytics, and marketing communications (where applicable)
  • Legal obligation — where required by law (e.g., tax records for payments)

5. Third-Party Services

We use the following third-party services to operate keyholding.app:

  • Supabase — database, authentication, and file storage (hosted in the US)
  • Stripe — payment processing. Stripe handles your payment card details directly — we never see or store your card number. See Stripe’s Privacy Policy
  • Vercel — hosting and edge network. See Vercel’s Privacy Policy
  • Resend — transactional email delivery
  • xAI (Grok) — powers AI keyholder conversations. Messages sent to AI keyholders are processed by xAI’s API. See xAI’s Privacy Policy

Each third-party service processes data under their own privacy policies and applicable data protection agreements.

6. Cookies & Local Storage

We use cookies and browser local storage for:

  • Authentication — session cookies to keep you signed in
  • Preferences — storing your UI preferences locally
  • Analytics — Vercel Analytics for performance monitoring (anonymized)

We do not use third-party advertising or tracking cookies.

7. Push Notifications

If you enable push notifications, we store a push subscription token linked to your account. This is used to send you lock-related alerts (timer expiry, keyholder actions, etc.). You can disable push notifications at any time through your browser settings or your account preferences.

8. Browser Fingerprinting

We collect browser fingerprints for fraud prevention and to detect multi-accounting. Fingerprint data is hashed before storage — we do not store raw fingerprint components. This processing is based on our legitimate interest in maintaining a safe and fair platform.

9. Data Retention

We retain your data for as long as your account is active. If you delete your account:

  • Profile data and account information are deleted within 30 days
  • Lock data and messages are deleted within 30 days
  • Payment records may be retained for up to 7 years as required by tax law
  • Anonymized, aggregated analytics data may be retained indefinitely
  • Security logs (hashed IPs, fingerprints) are retained for up to 90 days after deletion for abuse prevention

10. Your Rights

Under the GDPR and other applicable data protection laws, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your personal data (“right to be forgotten”)
  • Data portability — request an export of your data in a machine-readable format
  • Restriction — request that we limit processing of your data
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, email us at support@keyholding.app. We’ll respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

11. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), hashing of sensitive identifiers, and access controls. However, no system is 100% secure — we cannot guarantee absolute security.

12. International Data Transfers

Some of our third-party services may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or the service provider’s adherence to recognized data protection frameworks.

13. Children’s Privacy

keyholding.app is strictly for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we learn that we have collected data from a minor, we will delete it immediately. If you believe a minor is using the Service, please contact us at support@keyholding.app.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or email. The “last updated” date at the top reflects the most recent revision.

15. Contact

For privacy-related questions, data requests, or concerns, contact us at support@keyholding.app