The short version
Keel is local-first software. In its default configuration, your data
never leaves your machine. We collect no analytics, no telemetry, and
no usage data. If you enable sync, your data is encrypted before it
reaches our servers and we cannot read it.
What we collect
Local-only usage
Nothing. No data collection of any kind occurs.
Sync account
- Your email address (used as your account identifier and Argon2id salt)
- Your password hash (bcrypt, we never store your plaintext password)
- Encrypted project data (ciphertext — we cannot read the contents)
- Timestamps of sync operations (not content)
- Stripe customer ID if you subscribe (we do not store card details)
Web app
The Keel web app uses the same encrypted sync backend. No additional
data is collected beyond what is listed above. There are no cookies,
tracking pixels, or third-party analytics scripts on any Keel property.
What we do not collect
- Usage analytics or behavioural data
- Crash reports or error telemetry
- IP addresses beyond what our hosting provider logs for security
- Device identifiers
- The contents of your journal, RAID log, decisions, or any programme data
Third parties
- Stripe — payment processing. Governed by Stripe's privacy policy.
- Fly.io — hosting infrastructure. They see encrypted ciphertext only.
- Anthropic — only if you configure Claude API integration. Your journal and note content is sent to Anthropic for AI processing. Review Anthropic's privacy policy before enabling this feature.
We do not sell data to any third party.
Data retention and deletion
You can delete your sync account at any time from Settings → Account → Delete Account.
Server-side ciphertext is deleted within 30 days of account deletion.
Local data is yours to delete by removing the Keel application database file.
Contact
Privacy questions: privacy@getkeel.com