Privacy Policy

What This Policy Means for You

We built Keepsies so parents can capture and cherish their children's most precious moments. Protecting the privacy of your family — especially your children — is fundamental to everything we do. Before the legal detail, here is a plain-language summary of our most important commitments:

• We do not sell your data. Ever. To anyone. For any reason.
• We do not use your photos, videos, or audio to train AI models. Your media is never analyzed or fed into any machine learning system.
• We do not use facial recognition or build biometric profiles of your children.
• We do not show you advertising and we do not build advertising profiles.
• Your content stays private. No Keepsies employee views your photos or content except in rare circumstances required by law.
• Your content is stored securely. All User Content — including photos, videos, and audio — is stored in Supabase (hosted on Amazon Web Services) using encryption in transit and at rest.
• You control who sees your data. Family sharing is optional and entirely under your control. Only people you explicitly invite can access your children's profiles.
• AI-assisted prompts use limited text data only. We use AI to personalize memory prompts using child profile information and brief text excerpts. Your photos, videos, and audio are never sent to AI services.
• You will always be notified before any material change to how we handle your data, and you will have a meaningful choice.
• You are in control. You can delete your account and all associated data at any time.

The full policy below provides the legal detail behind each of these commitments. If anything is unclear, please contact us at hello@keepsies.app.

1. About This Policy

This Privacy Policy explains how Mintzi LLC (“we,” “us,” or “our”) collects, uses, and protects information through the Keepsies mobile application (the “App”) and related services. By creating an account or using the App, you agree to the practices described in this policy. If you do not agree, please do not use the App.

This policy covers the Keepsies iOS and Android mobile applications and associated backend services. It does not cover third-party services linked from within the App, which are governed by their own privacy policies.

2. Who Can Use Keepsies

Keepsies is intended for parents and guardians aged 16 or older. We do not knowingly permit anyone under 16 to create an account. By creating an account, you confirm that you are at least 16 years old. If we discover that an account was created by someone under 16, we will promptly delete that account and all associated data.

The App is designed to help adults record information about their children; children themselves are not intended users of the App.

3. Information We Collect

3.1 Account Information

When you create a Keepsies account, we collect:

• Email address — to identify your account, authenticate you via one-time passcode (OTP), and communicate with you.

We use a passwordless authentication system. When you sign in, we send a one-time passcode (OTP) to your email address. We do not collect, store, or manage passwords. We do not collect or store your date of birth.

By signing up, you confirm that you agree to our Terms of Service and this Privacy Policy, and that you are at least 16 years old.

3.2 Content You Create (“User Content”)

The photos, videos, audio recordings, notes, milestone records, quotes, artwork, avatar designs, and other content you add to the App are your User Content. This includes any information you voluntarily enter about your children, such as names, dates of birth, gender, and developmental milestones.

All User Content is stored on our servers, hosted by Supabase on Amazon Web Services (AWS) infrastructure in the United States. Photos, videos, audio, and other media files are stored in Supabase Storage (backed by AWS S3). All data is encrypted in transit using TLS 1.2 or higher and encrypted at rest using AES-256.

3.3 Automatically Collected Technical Data

To keep the App stable and improve your experience, we collect limited technical data through the third-party services listed in Section 8. This data does not include any User Content:

• Crash and error data — device type, operating system version, and anonymized diagnostic information when the App crashes, collected via Firebase Crashlytics.
• Usage analytics — anonymized events such as account registration, sign-in, and feature usage, collected via AppsFlyer for attribution and analytics. This data is used to understand how users find and use Keepsies, not to build advertising profiles.
• Push notification tokens — a device identifier assigned by Expo (our notification provider) that allows us to send you reminders and memory prompts. We also store the device name associated with each token. You may disable push notifications at any time via your device settings.

3.4 Family Sharing Data

Keepsies offers an optional family sharing feature that lets you grant another user access to one or more of your children's profiles. When you use family sharing:

• Email addresses of invited users — we use the email address you provide to send a sharing invitation. The invited user must create their own Keepsies account (subject to the same 16+ age requirement) to accept the invitation.
• Access permissions — we store the permission level you assign (view-only or edit) and which child profiles are shared. Only you, as the owner, can grant, modify, or revoke sharing permissions.
• Relationship label — you may optionally assign a free-form relationship label (such as “Grandma,” “Uncle,” or “Nanny”) to invited users. This label is visible to other members of the shared profile and may be used to personalize memory prompts.
• Content added by invited users — users with edit access may add content (such as milestones, photos, or notes) to shared child profiles. This content is stored the same way as your own User Content and is subject to the same protections.

You are responsible for deciding who to invite and what level of access to grant. We do not share your children's profiles with anyone you have not explicitly invited. See Section 6 for more detail on how family sharing works.

3.5 Purchase and Order Data

When you make a purchase through the Keepsies shop or subscribe to Keepsies Pro, we collect:

• Merchandise orders — your email address and shipping address are collected by Stripe (our payment processor) during checkout. We store a record of your order, including the products purchased and your shipping address, to fulfill and track your order. Your avatar design is rendered and shared with our fulfillment partner (Printful) to produce your order. We do not receive or store your payment card details.
• Subscription data — if you subscribe to Keepsies Pro, your subscription is managed through the Apple App Store or Google Play Store. We receive confirmation of your subscription status (active, expired, or canceled), plan type, and store of purchase. We do not receive your payment card details from Apple or Google.

3.6 Support Data

If you contact us through the in-app support feature, we collect the information you provide in your support request, including the category, message content, and basic device information (device model, operating system version, and app version) to help us diagnose issues.

4. Mobile Device Permissions

The App requests the following permissions. Each is requested only when you first use the relevant feature and is never accessed in the background:

• Camera — to take photos or videos directly within the App.
• Photo Library — to select existing media from your device.
• Microphone — to record audio memories and enable optional speech-to-text transcription of voice notes.
• Push Notifications — to send milestone reminders and personalized memory prompts. You can configure the frequency of notifications in the App's settings.
• App Tracking Transparency (iOS) — on iOS, we request your permission before enabling analytics attribution through AppsFlyer. If you decline, the App continues to function normally; we simply cannot measure how you discovered Keepsies.

You may grant, change, or revoke any permission at any time through your device's operating system settings. Revoking a permission disables the associated feature but does not affect data already saved.

5. How We Use Your Information

We use the information we collect only for the following purposes:

• To provide and maintain the App, your account, and cloud storage of your content.
• To authenticate you via one-time passcodes sent to your email address.
• To enable family sharing when you choose to invite another user.
• To send push notifications you have opted into, including personalized memory prompts.
• To generate personalized memory prompts using AI-assisted text analysis (see Section 7).
• To diagnose crashes and fix technical problems.
• To understand, in aggregate and anonymized form, how features are used so we can improve the App.
• To process merchandise orders and deliver physical products through our fulfillment partners.
• To manage your Keepsies Pro subscription and enforce feature entitlements.
• To provide in-app customer support.
• To send transactional emails, such as order confirmations, shipping notifications, and account deletion confirmations.
• To comply with applicable law, including our obligations under COPPA and other child safety regulations.

We do not use your information for advertising, behavioral profiling, or any automated decision-making that produces legal or similarly significant effects on you.

6. Cloud Storage and Family Sharing

6.1 Cloud Storage

All User Content — including children's profiles, milestones, quotes, memories, notes, photos, videos, audio recordings, and artwork — is stored on our servers hosted by Supabase on Amazon Web Services (AWS) infrastructure located in the United States. Photos, videos, audio, and other media files are stored in Supabase Storage (backed by AWS S3).

All data is encrypted in transit using TLS 1.2 or higher and encrypted at rest using AES-256. Access to stored data is restricted to authenticated users through Supabase's row-level security policies, meaning each user can only access their own data and data that has been explicitly shared with them.

6.2 Family Sharing

Keepsies allows you to share access to specific children's profiles with other users. Family sharing is a Keepsies Pro feature. Sharing is entirely optional and under your control:

• How to share. You invite another user by entering their email address. They must create their own Keepsies account (with the same 16+ age requirement) to accept the invitation. Invitations expire after 30 days if not accepted.
• Permission levels. You choose whether an invited user has view-only access (can see the child's profile and content but cannot modify it) or edit access (can also add milestones, photos, notes, and other content to the child's profile).
• Owner control. Only you, as the profile owner, can grant, change, or revoke sharing permissions. Invited users cannot re-share access with others.
• Revoking access. You can revoke an invited user's access at any time. Once revoked, the invited user will immediately lose the ability to view or interact with the shared profiles.
• Content added by invited users. If an invited user with edit access adds content to a shared profile, that content becomes part of the child's profile and is owned by the profile owner. If the invited user's access is revoked or their account is deleted, the content they added remains on the profile.

You are responsible for the sharing decisions you make. Before sharing a child's profile, please ensure you are comfortable with the invited user having access to the information and photos within that profile. We recommend only sharing with trusted family members or caregivers.

7. AI-Assisted Prompts and Milestone Suggestions

7.1 Personalized Memory Prompts

Keepsies uses AI-assisted technology to generate personalized memory prompts that encourage you to capture everyday moments with your children. To create relevant and age-appropriate prompts, we share limited information with a third-party AI service provider:

• Child profile information — such as name, age, and gender.
• Brief text excerpts — short excerpts from recent notes, quotes, or milestones to help generate contextually relevant prompts.

We do not send photos, videos, audio recordings, or parent identity information to any AI service. The AI service processes data solely to generate prompts and does not retain it for its own purposes.

7.2 Milestone Suggestions

Keepsies offers a curated library of suggested milestones to help parents discover events they may want to track. These suggestions are matched to your child's age. We may use anonymized, aggregated data to improve our suggestion library.

8. Third-Party Services and Subprocessors

We work with the following third-party vendors who may process personal data on our behalf or as independent controllers. Each vendor is bound by a data processing agreement (where applicable) and may only use your data as instructed by us, except where noted as an independent controller.

Infrastructure

• Supabase — authentication, account database, User Content storage, and media storage. Receives: email, all User Content.
• Amazon Web Services (via Supabase) — cloud infrastructure underlying Supabase, including S3 for media storage. Receives: same as Supabase.
• Google Cloud — backend API hosting. Receives: API requests and responses; does not directly store User Content.

Analytics and Attribution

• AppsFlyer — mobile analytics and attribution. Receives: anonymized app events (registration, sign-in, feature usage), device identifiers, and attribution data. Subject to your App Tracking Transparency choice on iOS. No User Content.
• Firebase Crashlytics — crash reporting and app stability monitoring. Receives: device info, OS version, anonymized stack traces. No User Content.

Payments and Fulfilment

• Stripe — payment processing for merchandise purchases. Receives: email, shipping address, order details. Stripe handles all payment card data; we never receive or store card numbers.
• Printful — print-on-demand order fulfillment. Receives: customer name, shipping address, email, and rendered avatar image files for printing. Printful manufactures and ships physical products on our behalf.

Subscriptions (Independent Controllers)

• RevenueCat — subscription management for Keepsies Pro. Receives: anonymous user identifier, subscription status, and purchase events. No User Content.
• Apple (App Store) — in-app purchases for iOS. Independent controller; we receive subscription status only, no payment data.
• Google (Play Store) — in-app purchases for Android. Independent controller; we receive subscription status only, no payment data.

Communications

• Resend — transactional email delivery (order confirmations, shipping notifications, account deletion confirmations). Receives: recipient email address and email content.
• Expo — push notification delivery. Receives: device push token and notification content (prompt text). No User Content or photos.

AI Services

• Third-party AI service provider — prompt personalization. Receives: child profile information (name, age, gender) and brief text excerpts from recent memories. Does not receive photos, videos, audio, or parent identity information. See Section 7 for details.

9. Child Privacy and Safety

9.1 COPPA Compliance

Keepsies is a service for parents and guardians. We do not knowingly collect personal information directly from children under 16. Account holders must be at least 16 and confirm their age when signing in. As a parent, you are responsible for the information you choose to enter about your child. You may review, correct, or request deletion of any information about your child by managing your account or contacting us at hello@keepsies.app.

9.2 No Advertising Profiling of Children's Data

We do not use any information related to children — directly or indirectly — to build advertising profiles or engage in behavioral marketing. Children's data is excluded from all analytics pipelines.

9.3 No Facial Recognition

We do not use facial recognition technology or build biometric profiles of any individuals, including children, from content stored in Keepsies.

9.4 No AI Training on Photos, Videos, or Audio

Photos, videos, and audio recordings stored in Keepsies are never used to train any machine learning model, by us or by any third party. See Section 7 for the limited, text-based data processing we conduct for prompt personalization and milestone suggestions.

9.5 Zero Tolerance for CSAM

Keepsies has zero tolerance for Child Sexual Abuse Material (CSAM). Because User Content is stored on our servers, we reserve the right to implement technical detection measures (such as hash-based scanning) to identify known CSAM.

We are legally required to report any identified CSAM to the National Center for Missing and Exploited Children (NCMEC) in the United States and to relevant authorities in other applicable jurisdictions. Discovery of CSAM will result in immediate account termination and referral to law enforcement.

10. Data Security

10.1 Server-Side Security

Your User Content is stored on Supabase's infrastructure, hosted on Amazon Web Services (AWS) in the United States. Supabase is SOC 2 Type II certified. We employ the following security measures:

• Encryption in transit — all data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
• Encryption at rest — all stored data, including photos, videos, audio, and other media files, is encrypted at rest using AES-256.
• Row-level security — Supabase enforces row-level security policies so that each user can only access their own data and data explicitly shared with them through family sharing.
• Access controls — administrative access to production systems is restricted, logged, and subject to multi-factor authentication.

10.2 Authentication Security

We use a passwordless authentication model. When you sign in, a one-time passcode (OTP) is sent to your registered email address. OTPs are time-limited and single-use. Because we do not store passwords, there is no risk of password database compromise. We will never ask you for a login code outside of the standard sign-in flow.

10.3 Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you and relevant regulatory authorities in accordance with applicable law. For EU and UK users this means within 72 hours of discovery. Notification will describe what was affected and the steps we are taking in response.

11. Data Retention

We retain your data only for as long as necessary to provide the service or as required by law:

• Account information — retained for the life of your account, then deleted within 30 days of account closure.
• User Content — stored on our servers for the life of your account. Deleted within 30 days of account closure or upon your request. See Section 12.
• Photos, videos, audio, and other media — stored in Supabase Storage for the life of your account. Deleted within 30 days of account closure or when you delete individual items.
• Purchase and order data — retained for the life of your account and for as long as required by applicable tax and legal obligations after account closure.
• Subscription records — retained for the life of your account, then deleted within 30 days of account closure.
• Support tickets — retained for the life of your account, then deleted within 30 days of account closure.
• Crash logs — retained for 90 days, then purged.
• Analytics events — retained in anonymized, aggregated form for up to 24 months.
• Push notification tokens — retained while your account is active; deleted upon account closure or when you disable notifications.
• Sharing permissions — retained while the sharing relationship is active; deleted when you revoke access or close your account.

12. Account Closure and Deletion

You may request deletion of your account at any time via Settings in the App or by emailing us at hello@keepsies.app. When you request deletion, we will send a confirmation email to verify your identity before proceeding.

Once confirmed, your account deletion will be processed within 30 days. This will:

• Remove your account credentials and profile information.
• Delete all User Content you created (including children's profiles, milestones, quotes, memories, notes, photos, videos, audio recordings, and artwork) from our servers.
• Remove all media files from cloud storage.
• Immediately revoke any family sharing permissions you granted or received.
• Remove any content you added to other users' shared profiles, unless the profile owner chooses to retain it.
• Cancel any active Keepsies Pro subscription (though refunds are subject to Apple's or Google's policies).

Purchase and order records may be retained after account closure as required by applicable tax and legal obligations. We recommend exporting any content you wish to keep before requesting account deletion.

If an invited user deletes their account, the content they added to your shared profiles remains on those profiles under your ownership. Their access to your profiles is immediately revoked.

13. Account Suspension and Termination

We reserve the right to suspend or terminate your account if we determine, acting reasonably, that you have uploaded illegal content (including CSAM), violated our Terms of Service, or engaged in conduct that poses a risk of harm to others.

Where the violation involves suspected CSAM or imminent risk of harm, termination may be immediate without prior notice. In other cases, where reasonably practicable, we will notify you of the issue and give you an opportunity to respond before taking action.

14. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information. To exercise any of them, contact us at hello@keepsies.app:

• Access — request a copy of the personal information we hold about you.
• Rectification — ask us to correct inaccurate information.
• Erasure — request deletion of your personal information.
• Restriction — ask us to pause processing in certain circumstances.
• Portability — receive your personal information in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests.
• Withdrawal of consent — where processing is based on consent, you may withdraw at any time without affecting prior processing.
• Non-discrimination — for California residents: we will not discriminate against you for exercising your CCPA rights.

We will respond to requests within 30 days. EU and UK users may also lodge a complaint with their local data protection authority. UK users may contact the Information Commissioner's Office at ico.org.uk.

15. International Users

Keepsies is available worldwide. All User Content is stored in the United States regardless of your location. By using the App, you acknowledge that your data will be transferred to and processed in the United States.

15.1 United States

We comply with COPPA and applicable state consumer privacy laws, including the California Consumer Privacy Act (CCPA) and similar laws in other US states.

15.2 United Kingdom and European Union

We process personal data in accordance with the UK GDPR and EU GDPR. Our legal bases for processing are contract performance (providing the App and storing your content), legitimate interests (security, crash diagnostics, and AI-assisted prompt personalization), and consent (push notifications). Your data is transferred from the EU/UK to the United States under Standard Contractual Clauses (SCCs) as approved by the European Commission and the UK Information Commissioner's Office.

15.3 Canada

We comply with PIPEDA and applicable provincial privacy legislation, including protections for sensitive personal information about children.

15.4 Australia

We comply with the Australian Privacy Principles under the Privacy Act 1988 (Cth), including obligations relating to secure management of personal information and cross-border disclosure.

16. Law Enforcement Requests

We may be required by law to disclose your personal information to law enforcement. Our policy is to:

• Require valid legal process (such as a court order, warrant, or subpoena) before disclosing personal information, except in cases of imminent risk to life.
• Notify you of any request for your data where we are legally permitted to do so, before disclosure where practicable.
• Disclose only the specific information required by the legal process.

17. Changes to This Policy

We will update this policy as our practices evolve. When we introduce new features that involve collecting, using, or sharing data in ways not described here, we will update the policy before those features launch.

For material changes, we will notify you via in-app notification and email before the change takes effect, giving you time to review and make an informed choice. For minor clarifications that do not change the substance of our practices, we will update the “Last Updated” date at the top of this policy.

Where applicable law requires affirmative consent for a change rather than notice alone, we will obtain that consent before the change applies to you.

18. Contact Us

For privacy-related questions, to exercise your data rights, or to report a concern, please contact our Privacy Officer:

• Email: hello@keepsies.app
• Company: Mintzi LLC
• Jurisdiction: Wyoming, United States

We aim to respond to all privacy inquiries within 5 business days and to resolve all requests within 30 days.