This policy describes how "Keept" collects, uses and protects your personal data, in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act ("Informatique et Libertés").
1. Data controller
The data controller is [Company name], [address]. Contact: [[email protected]].
2. Data we collect
- Account: e-mail address, display name, password (stored encrypted).
- Organisation: organisation name and, depending on the plan, company details (company name, address).
- Business data: items and warranties you enter (brand, model, dates, price, notes…).
- Files: invoices, photos and documents you upload.
- Billing: payment information processed by Stripe (we never store your full payment card details).
- Technical data: connection logs and data strictly necessary for the security and proper functioning of the service.
3. Purposes and legal bases
| Purpose | Legal basis |
|---|---|
| Provision of the service (account, warranty tracking, reminders) | Performance of the contract |
| Billing and subscription management | Performance of the contract / legal obligation |
| Security, fraud prevention, logging | Legitimate interest |
| Responding to your support requests | Legitimate interest |
4. Recipients and processors
Your data is never sold. It is entrusted to technical processors acting on our behalf:
| Provider | Role | Location |
|---|---|---|
| Supabase | Hosting, database, file storage | European Union (Frankfurt) |
| Stripe | Payment processing | EU / United States (standard contractual clauses) |
| Resend | Transactional e-mail delivery | EU / United States (standard contractual clauses) |
| [Marketing site host] | Hosting of the public website | [region] |
5. Retention period
Your data is kept for as long as your account is active. After the account is deleted, your data is erased within [30] days, except for documents that legal obligations (accounting, tax) require us to keep longer.
6. Transfers outside the European Union
Data is hosted in the EU. Where a processor handles data outside the EU, the transfer is covered by appropriate safeguards (standard contractual clauses of the European Commission).
7. Your rights
Under the GDPR, you have the rights of access, rectification, erasure, restriction, portability and objection. You can exercise them at any time by writing to [[email protected]].
You also have the right to lodge a complaint with the CNIL (the French supervisory authority).
8. Security
We implement appropriate technical and organisational measures: encryption in transit (HTTPS), strict isolation of data per organisation, access control and European hosting.
9. Cookies
The service only uses strictly necessary cookies (keeping your login session active). No advertising cookies or third-party trackers are set; no prior consent is therefore required for these essential cookies.
10. Changes
This policy may be updated. The date of the latest revision appears at the top of the page; you will be notified of any substantial changes.
11. Contact
For any question about your data: [[email protected]].