Privacy Policy
Effective date: May 31, 2026. This Privacy Policy explains how KeepTrack handles personal data for self-hosted and KeepTrack Cloud deployments.
1. Scope
This Policy applies to personal data processed through KeepTrack websites, support channels, and KeepTrack Cloud. If you self-host KeepTrack, you are the data controller for your deployment, except where we process limited data to provide support or project operations.
2. Data we collect
Depending on how you use KeepTrack, we may collect:
Account data: name, email, login credentials, authentication metadata. Service data: inventory entries, photos, files, tags, reminders, locations, automation settings, and household/member records you submit. Device and usage data: IP address, browser/device information, log events, product analytics events, and diagnostic telemetry. Billing data: subscription status and payment metadata from payment providers (we do not store full payment card numbers). Communications: support requests and related correspondence.
3. How we use data
We use personal data to provide and secure KeepTrack, authenticate users, process transactions, respond to support requests, analyze product reliability, prevent abuse, and comply with legal obligations.
Where lawful, we may use limited usage information to improve features, documentation, and service performance.
4. Legal bases (EEA/UK where applicable)
Where GDPR or similar laws apply, our legal bases include contract performance, legitimate interests (security, fraud prevention, product improvement), legal compliance, and consent when required.
5. Self-hosted deployments
For self-hosted deployments, your organization controls infrastructure, data storage, backups, access controls, and retention settings. We generally do not access self-hosted content unless you explicitly request support access or share logs/files with us.
6. Sharing and disclosures
We do not sell personal data. We may share data with service providers that support hosting, analytics (including PostHog where configured), communications, security, and billing, subject to contractual safeguards.
We may also disclose data when required by law, to enforce our terms, or to protect rights, safety, and security.
6A. Product analytics (PostHog)
KeepTrack Cloud uses PostHog for product analytics. Self-hosted deployments include this integration but it is inactive unless a PostHog API key is configured by the operator.
When PostHog analytics are active, the following data is collected and sent to PostHog's servers:
- Automatic interaction capture. Every click, page view, form submission, and scroll event is captured automatically ("autocapture"). You do not need to take any specific action for these events to be recorded.
- Page-leave events. We record when you navigate away from a page to understand user flows.
- JavaScript exception capture. Uncaught errors in the application are automatically reported to help us identify and fix bugs.
- User identification. When you sign in, your internal user ID, email address, and username are sent to PostHog and linked to all analytics events associated with your account.
- Household-level grouping. Events are also associated with your household, allowing us to understand usage patterns at the household level.
- Feature flag evaluation. To decide which features or experiments to show you, a request is made to PostHog to evaluate applicable feature flags. This involves sending your user profile to PostHog.
- Device and session identifiers. PostHog stores a persistent identifier in your browser's local storage to recognize your device across sessions. This is used alongside standard browser and device information (user agent, screen size, referrer, IP address).
- Session recordings. A random sample of sessions (approximately 10% by default, configurable by the operator) may be recorded as a video-like replay. Text inputs are automatically masked so that typed content is not visible in replays. Session recording is always sampled — not every session is recorded.
All events include the application version and platform (web). Sensitive URL parameters (such as tokens and reset links) are automatically redacted before being sent.
Opt out: You can opt out of analytics collection in your account privacy settings, or by enabling the Do Not Track signal in your browser. Your opt-out preference is stored locally and is respected immediately.
6B. AI processing
AI behavior depends on how KeepTrack is deployed and configured. Self-hosted deployments can use local providers such as Ollama or OCR tooling, or cloud providers such as OpenAI, Anthropic, or a custom OpenAI-compatible endpoint. KeepTrack Cloud uses configured providers to process recognition requests; inventory photos are not shared with insurers or advertisers.
AI suggestions are review-first: users can edit, confirm, or reject suggested item fields before saving them.
7. International data transfers
If personal data is transferred across borders, we use appropriate safeguards required by applicable law, such as contractual protections.
8. Data retention
We retain personal data for as long as needed to provide services, meet legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type and operational need.
You can export inventory records from the app before canceling or migrating. You may request deletion of account data by contacting support@keeptrack.at or by using available in-app privacy controls. When data is no longer required, we delete it or de-identify it where feasible, subject to legal, billing, security, and backup-retention obligations.
9. Security
We use reasonable administrative, technical, and organizational safeguards designed to protect personal data. No system is completely secure, and we cannot guarantee absolute security.
10. Your privacy rights
Depending on your location, you may have rights to access, correct, delete, or export personal data, and to object to or restrict certain processing. You may also have rights related to automated decision-making and to withdraw consent where processing is based on consent.
U.S. state residents may have additional rights (for example, rights to know, delete, correct, and opt out of certain data uses). We will not discriminate against you for exercising applicable privacy rights. To submit a privacy request, contact support@keeptrack.at.
11. Cookies and similar technologies
We may use cookies or similar technologies for authentication, session management, security, and analytics. KeepTrack uses local browser storage (localStorage) for settings, analytics preferences (opt-out status), and analytics session/device identifiers used by PostHog (see section 6A). If Do Not Track is enabled in your browser, analytics collection is disabled automatically. You can also opt out through account settings. You can control or clear local storage through browser settings, but some features may not function properly without required storage.
12. Children's privacy
KeepTrack is not directed to children under 13 (or older minimum age where required by local law). We do not knowingly collect personal data from children in violation of applicable law.
13. Third-party services
KeepTrack may link to or integrate with third-party services. Their privacy practices are governed by their own policies, not this Policy.
14. Changes to this Policy
We may update this Privacy Policy. If we make material changes, we will update the effective date and provide notice where required by law.
15. Contact
For privacy requests, subprocessor information, or data processing questions (including DPA requests), contact support@keeptrack.at.