Keelhelm Legal
Privacy Policy
Version 2026-07-04 · Applies across all Keelhelm services
This Privacy Policy explains how Keelhelm ("we", "us") processes personal data across the Keelhelm website and our Services. It is the baseline for everything we operate. Each app also has its own privacy notice with the specifics for that app — what data it reads, why, and how long it keeps it. Where an app's notice adds detail, read both together; where it is silent, this policy applies.
The short version. We collect the minimum we need to run our Services and answer your messages. We don't sell your personal data, we don't share it for cross-context behavioral advertising, and we don't use it to train AI models unless an app explicitly says so and you agree. You can ask us to access or delete your data at any time via the privacy request form.
Who is responsible
Keelhelm is the data controller for the processing described here. You can reach us about privacy at legal (at) keelhelm (dot) com. Our registered company details will be added here once finalized.
What we process
- Website usage — when you visit keelhelm.com we process privacy-preserving, aggregate analytics (such as page views and coarse referrer and device type). We do not build advertising profiles and do not use third-party advertising cookies on this site.
- Messages and reports — when you contact us or submit a report, copyright notice, or privacy request, we process the information you provide (such as your name, email, the details of your request, and any evidence you attach) so we can handle it.
- App account and service data — when you use one of our apps, we process the account, configuration, and service data that app needs to work. The categories, purposes, and retention for each app are in that app's own privacy notice.
- Operational logs — we keep short-lived request and error logs to run the Services reliably and securely and to diagnose problems.
Why we process it (legal bases)
Where the GDPR or similar laws apply, we rely on: performance of a contract (to provide a Service you asked for); legitimate interests (to keep the Services reliable and secure, prevent abuse, and answer your messages, balanced against your rights); consent (where we ask for it, such as an optional newsletter); and legal obligation (to comply with the law and respond to lawful requests). You can withdraw consent at any time.
Who we share it with
We do not sell your personal data. We share it only with:
- Service providers that process data on our behalf to run the Services — categories include hosting and compute, email delivery, payment processing, and privacy-preserving analytics. They may only use the data to provide their service to us, under confidentiality and data-protection terms.
- Third-party platforms you choose to connect a Service to, or through which an app is distributed, as described in that app's notice.
- Authorities or others where we are legally required to, or to protect the Services, our rights, or the safety of people.
International transfers
We and our service providers may process data in countries other than yours, including the United States. Where we transfer personal data out of the EEA or UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.
How long we keep it
We keep personal data only as long as needed for the purpose we collected it, then delete or anonymize it. Website analytics are aggregate and short-lived; operational logs roll off on a short window; messages and reports are kept as long as needed to handle them and to keep a record of legal notices; app data is kept per that app's notice and deleted on account closure or uninstall as described there.
Your rights
Depending on where you live, you have rights over your personal data. Under the GDPR these include the rights to access, rectify, erase, restrict, port, and object to processing of your data, and to withdraw consent. Under the CCPA/CPRA (California) these include the rights to know, delete, and correct your personal information, and to opt out of its sale or sharing — we do not sell or share personal information for cross-context behavioral advertising, so there is nothing to opt out of, but you may still exercise your other rights. We will not discriminate against you for exercising your rights.
To exercise any right, use the privacy request form or email legal (at) keelhelm (dot) com. We will verify your request and respond within the time the law allows — normally within one month under the GDPR and 45 days under the CCPA, extendable where permitted. You also have the right to complain to your local data-protection authority.
Children
Our Services are not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us personal data, contact us and we will delete it.
Security
We use reasonable technical and organizational measures to protect personal data, including encryption in transit and access controls. No system is perfectly secure; if a breach affects your data, we will notify you and the authorities as the law requires.
Changes
We may update this policy; when we make material changes we will update the version date above. Continued use of the Services after a change means you accept the update.