Keld

Privacy Policy

Effective date: to be set at launch

Last updated: to be set at launch

Who is responsible for Keld

  • Keld is operated by Farholm LLC, 521 Thorn St Unit 15, Sewickley, PA 15143, United States. Farholm LLC is the data controller (in EEA/UK terms) and the business responsible for Keld under applicable U.S. and Canadian privacy laws.
  • Privacy contact: Privacy Lead, Farholm LLC (privacy@keld.io). If you cannot use the app or email, write to the postal address above marked "Privacy".
  • [COUNSEL: EU and UK representative appointments — determine whether Article 27 GDPR / UK GDPR representatives are required at launch scope and insert contact details or a documented not-required determination.]

What we collect

We collect the information described below to operate and secure Keld.

  • Account and sign-in: your email address, an account identifier we generate, sign-in code records (stored hashed, expiring within minutes and purged within 24 hours), sign-in events (event type, platform, and a truncated form of your network address), and an app-generated device identifier used to scope sign-in codes to your device (kept no longer than 24 hours).
  • Network addresses: your full network address is processed transiently at our infrastructure provider's edge and in short-lived rate-limiting counters that expire automatically; stored sign-in records keep only a truncated form.
  • Travel content you create: trips, itinerary items, notes, costs, and the place, flight, and currency lookups you run.
  • Files you upload and their details (name, size, type). Documents you mark sensitive, and all documents linked to Vault records, are encrypted, including their filenames. Keld requests no mailbox, contacts, or photo-library access — Keld reads only the files you choose to upload through the system file picker.
  • Vault records you choose to store. Vault contents are encrypted; a limited set of reminder fields stays readable so we can remind you: the record kind (for example "passport" or "UK ETA"), country, issue date, expiry date, reminder setting, and a link to a related record. Everything else in a Vault record is encrypted.
  • Emails you forward to your private Keld address: the message, its attachments, the details our parser extracts, the sender's domain, the subject line, the private Keld address it was sent to, and your import history. Forwarding is always started by you. Keld never connects to or scans your mailbox; it processes only what you send to your private address.
  • Information about other people that appears in what you store or forward, for example travel companions named on a booking. You are responsible for having permission to store it (see the Terms).
  • Support correspondence, if you email us.
  • Notification records for the in-app notification feed (Keld sends no push notifications today).
  • Security and operational records: the sign-in events above, plus server logs limited to request method, path, status, and timing. Logs never include message contents, itinerary details, or document data.
  • When paid plans launch: subscription and entitlement records. Payment itself will be handled by the app stores or a payment provider, which keep their own records.

Sensitive information

Documents, Vault records, and forwarded emails may contain sensitive information: passport and identity numbers, health or accessibility details, financial details, or information about other people. Keld treats your Vault and sensitive-marked documents with the encryption described below and never uses this content for anything other than providing the service.

How we use information (purpose by purpose)

  • Providing your account and signing you in. Lawful basis (EEA/UK): performance of our contract with you.
  • Storing and organizing the travel content you create: contract.
  • Parsing confirmations you forward and showing you drafts to review: contract.
  • Looking up places, flights, time zones, and currency rates you request: contract.
  • Reminding you about expiring documents and showing in-app notifications: contract.
  • Securing the service, preventing fraud and abuse, and rate-limiting: legitimate interests (keeping the service and your account safe).
  • Operating, debugging, and improving the service using the minimal logs above: legitimate interests (running a reliable service).
  • Responding to support requests: contract, and legitimate interests where you are not yet a user.
  • Complying with legal obligations and enforcing our terms: legal obligation and legitimate interests.
  • Administering subscriptions, when they launch: contract.
  • Where we rely on legitimate interests, we balance them against your rights: the data involved is the minimum for each purpose, is not used for profiling or advertising, and is not shared beyond the processors below. You can object; see Your rights.
  • We do not use your information for advertising, and we do not make automated decisions about you that have legal or similarly significant effects. Parsing is assistance only: parsed details always wait for your review before joining a trip.

Service providers and international transfers

These providers process data on Keld's instructions under their service agreements, only to provide their service to us:

  • Cloudflare, Inc.: hosting, storage, database, queues, inbound email routing for your forwarding address, and delivery of sign-in code emails. Cloudflare operates a global network; data is processed in the United States and other countries.
  • Google LLC: place search (the text you type and a session token), place details (a place identifier), and time-zone lookup (coordinates and a timestamp). May be processed in the United States.
  • AeroDataBox (via RapidAPI): flight lookups (flight number and date only). May be processed in the United States and other countries.
  • Frankfurter (European Central Bank reference rates): currency conversions (currency pair and date; no account data). May be processed in the European Union or elsewhere.
  • Apple and Google: app distribution, and subscription billing when paid plans launch; they act as independent businesses for their own records.
  • We do not use advertising networks, analytics SDKs, session-replay tools, or data brokers.
  • [COUNSEL: EU/UK international-transfer mechanism wording — align to the actual contracts in place at launch (e.g. EU SCCs / UK IDTA / Data Privacy Framework participation of the providers above); also verify vendor processing locations against their agreements at launch.]
  • For Quebec residents: the information described in this policy may be processed outside Quebec, including in the United States.

How long we keep information

  • Active account data (trips, items, documents, Vault records, notifications): for as long as your account exists.
  • Original forwarded emails, including attachments: 30 days, then deleted automatically. The subject line, sender domain, parsed drafts, and your import history remain until you delete your account.
  • Sign-in code records and the device identifier: up to 24 hours.
  • Sign-in event records (event type, platform, truncated network address): while your account exists.
  • Operational server logs: retained briefly by our infrastructure provider under its standard settings; we do not archive them.
  • Support emails: kept as ordinary business correspondence.
  • Subscription and entitlement records, when they launch: while your account exists, plus what tax and accounting law requires.
  • Incident and breach records: as long as needed to investigate and meet legal duties.
  • Backups: our database platform keeps rolling recovery snapshots for approximately 30 days; deleted data leaves backups as those snapshots age out, within about 30 days of deletion.
  • After account deletion: everything in the deletion list on our account deletion page (/account/delete) is removed from active systems immediately; backups age out as above; a single unlinkable deletion event is retained.

Your rights and how to use them

  • Depending on where you live, you may have rights to access, correct, delete, receive a copy of (portability), restrict, or object to the processing of your personal information, to withdraw consent where processing is based on consent, and to complain to a supervisory authority.
  • To make a request, email privacy@keld.io from the email address on your account, or use the in-app tools (account deletion is built in; see /account/delete). We verify requests against the account email address; we will never ask you to send identity documents unless the law requires stronger verification for a specific request. Authorized agents may submit requests where local law provides for them; we verify with the account holder.
  • We respond within the time required by applicable law. If we decline a request, we explain why, and, where local law provides, you may appeal by replying to our decision, and you retain the right to complain to your regulator.
  • Self-serve data export is planned but not yet available; until it ships, portability requests are fulfilled manually through privacy@keld.io.

Regional information

  • EEA/EU and United Kingdom: the lawful bases above apply. You may lodge a complaint with your local supervisory authority (in the UK, the ICO).
  • Canada (including Quebec): you may request access to and correction of your personal information via privacy@keld.io. Complaints: Privacy Lead, Farholm LLC, privacy@keld.io; you may also contact the Office of the Privacy Commissioner of Canada or the Commission d'accès à l'information du Québec.
  • United States: [COUNSEL: state-privacy-law applicability determination (CCPA/CPRA thresholds and other state laws) — insert the required notices if thresholds are met at launch.] Regardless of applicability: Keld does not sell personal information and does not share it for cross-context behavioral advertising.

Children

Keld is not directed to children under 13, and we do not knowingly collect their information. If you believe a child has created an account, email privacy@keld.io and we will delete it.

Security

Connections between your device and Keld use encrypted transport (HTTPS). Vault record contents and sensitive-marked documents (including their filenames) are encrypted at rest with per-account data keys wrapped by a server-held key; Keld's service holds the keys needed to operate the Vault, so our systems can technically decrypt this data; access is limited to operating the service. Other content is protected by our provider's storage encryption and access controls. No system is perfectly secure; we describe here what we actually do rather than making absolute promises.

If something goes wrong

If a security incident affects your personal information, we will investigate and notify you and the relevant regulators where the law requires it.

Changes to this policy

We will post changes here and update the dates above. For material changes we will notify you in the app or by email before they take effect.

Contact

Privacy: privacy@keld.io · Security reports: security@keld.io · General support: support@keld.io. Postal: Farholm LLC, 521 Thorn St Unit 15, Sewickley, PA 15143, USA.

Keld is a product of Farholm LLC.