Privacy Policy

1 The "Zero-Knowledge" Rule

We cannot see, read, or access your clients' passwords, nor can anyone else. We only store the encrypted ciphertext, which can only be unlocked by your authenticated agency account.

2 What Information We Actually Collect

To run the service, we collect the bare minimum:

• Account Information:Your agency name, email address, and login credentials.
• Payment Information:Processed securely by Stripe. We never see or store your full credit card number.
• Basic Analytics:Anonymous usage data (like how many links you generate) to help us improve the software.
• IP Address Monitoring:Keze monitors end-user IP addresses strictly to detect unauthorized credential sharing, prevent fraud, and ensure system security.

3 How We Use Your Data

We use your email to send you important account updates, billing receipts, and security notices.

We do not sell, rent, or trade your personal information or your clients' encrypted data to third parties. Ever.

4 Third-Party Services

We rely on trusted infrastructure to keep Keze running:

• Cloudflare: For secure web hosting and database infrastructure.
• Stripe: For secure payment processing.

5 Data Retention & Deletion

Client request links self-destruct permanently the moment the credentials are submitted.

Encrypted credentials stored in your agency vault remain there until you delete them or close your account. You can request a full deletion of your account and all associated data at any time by contacting support.

6 International Compliance & Data Protection Standards

At Keze, privacy isn't just a policy-it is hardcoded into our architecture. Because we utilize true client-side Zero-Knowledge encryption, our servers are mathematically blind to the sensitive payloads (credentials, notes, etc.) you transmit. This fundamentally minimizes risk and helps your agency comply with strict international data protection regulations.

GDPR & UK-GDPR (Europe & United Kingdom)

We are fully aligned with the principles of the General Data Protection Regulation (GDPR).

• Privacy by Design (Article 25):Keze is built on a "Privacy by Design" framework. Sensitive data is encrypted on the user's local device before it ever reaches our servers.
• Security of Processing (Article 32):We utilize AES-256-GCM encryption and ephemeral, self-destructing links. Once a credential is viewed, the encrypted ciphertext is permanently purged from our database, ensuring no lingering data footprint.
• Data Minimization:Because we cannot decrypt your payload, we do not process, mine, or monetize your sensitive data. We act as a blind "Data Processor," transmitting only mathematically unbreakable ciphertext.

CCPA & CPRA (California & United States Privacy Laws)

For US-based agencies and clients, Keze supports your compliance with the California Consumer Privacy Act (CCPA) and subsequent state-level privacy laws. We do not sell or share personal information. Our zero-knowledge infrastructure ensures that your clients' sensitive credentials remain strictly under your control and are never exposed to third-party data aggregation.

ISO 27001 & SOC 2 Compliant Infrastructure

While Keze is a lightweight edge application, we rely on enterprise-grade foundations. Our application runs exclusively on Cloudflare's Edge Network (Workers and D1). Cloudflare maintains industry-leading security certifications, meaning your encrypted data is processed and stored on infrastructure that is strictly audited for:

• ISO/IEC 27001:2013 (Information Security Management)
• ISO/IEC 27701:2019 (Privacy Information Management)
• SOC 2 Type II (Security, Confidentiality, and Availability)

Data Residency & Edge Processing

Unlike traditional centralized servers that pull data to a single location, Keze operates on a serverless edge network. This means data requests are handled close to the user, reducing transit vulnerabilities. Combined with client-side encryption, your raw data never traverses international borders in an unencrypted state.