Privacy Policy

Effective date: May 31, 2026. This Privacy Policy explains how KeepTrack handles personal data for self-hosted and KeepTrack Cloud deployments.

1. Scope

This Policy applies to personal data processed through KeepTrack websites, support channels, and KeepTrack Cloud. If you self-host KeepTrack, you are the data controller for your deployment, except where we process limited data to provide support or project operations.

2. Data we collect

Depending on how you use KeepTrack, we may collect:

Account data: name, email, login credentials, authentication metadata. Service data: inventory entries, photos, files, tags, reminders, locations, automation settings, and household/member records you submit. Device and usage data: IP address, browser/device information, log events, product analytics events, and diagnostic telemetry. Billing data: subscription status and payment metadata from payment providers (we do not store full payment card numbers). Communications: support requests and related correspondence.

3. How we use data

We use personal data to provide and secure KeepTrack, authenticate users, process transactions, respond to support requests, analyze product reliability, prevent abuse, and comply with legal obligations.

Where lawful, we may use limited usage information to improve features, documentation, and service performance.

4. Legal bases (EEA/UK where applicable)

Where GDPR or similar laws apply, our legal bases include contract performance, legitimate interests (security, fraud prevention, product improvement), legal compliance, and consent when required.

5. Self-hosted deployments

For self-hosted deployments, your organization controls infrastructure, data storage, backups, access controls, and retention settings. We generally do not access self-hosted content unless you explicitly request support access or share logs/files with us.

6. Sharing and disclosures

We do not sell personal data. We may share data with service providers that support hosting, analytics (including PostHog where configured), communications, security, and billing, subject to contractual safeguards.

We may also disclose data when required by law, to enforce our terms, or to protect rights, safety, and security.

6A. Product analytics (PostHog)

KeepTrack Cloud uses PostHog for product analytics. Self-hosted deployments include this integration but it is inactive unless a PostHog API key is configured by the operator.

When PostHog analytics are active, the following data is collected and sent to PostHog's servers:

All events include the application version and platform (web). Sensitive URL parameters (such as tokens and reset links) are automatically redacted before being sent.

Opt out: You can opt out of analytics collection in your account privacy settings, or by enabling the Do Not Track signal in your browser. Your opt-out preference is stored locally and is respected immediately.

6B. AI processing

AI behavior depends on how KeepTrack is deployed and configured. Self-hosted deployments can use local providers such as Ollama or OCR tooling, or cloud providers such as OpenAI, Anthropic, or a custom OpenAI-compatible endpoint. KeepTrack Cloud uses configured providers to process recognition requests; inventory photos are not shared with insurers or advertisers.

AI suggestions are review-first: users can edit, confirm, or reject suggested item fields before saving them.

7. International data transfers

If personal data is transferred across borders, we use appropriate safeguards required by applicable law, such as contractual protections.

8. Data retention

We retain personal data for as long as needed to provide services, meet legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type and operational need.

You can export inventory records from the app before canceling or migrating. You may request deletion of account data by contacting support@keeptrack.at or by using available in-app privacy controls. When data is no longer required, we delete it or de-identify it where feasible, subject to legal, billing, security, and backup-retention obligations.

9. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal data. No system is completely secure, and we cannot guarantee absolute security.

10. Your privacy rights

Depending on your location, you may have rights to access, correct, delete, or export personal data, and to object to or restrict certain processing. You may also have rights related to automated decision-making and to withdraw consent where processing is based on consent.

U.S. state residents may have additional rights (for example, rights to know, delete, correct, and opt out of certain data uses). We will not discriminate against you for exercising applicable privacy rights. To submit a privacy request, contact support@keeptrack.at.

11. Cookies and similar technologies

We may use cookies or similar technologies for authentication, session management, security, and analytics. KeepTrack uses local browser storage (localStorage) for settings, analytics preferences (opt-out status), and analytics session/device identifiers used by PostHog (see section 6A). If Do Not Track is enabled in your browser, analytics collection is disabled automatically. You can also opt out through account settings. You can control or clear local storage through browser settings, but some features may not function properly without required storage.

12. Children's privacy

KeepTrack is not directed to children under 13 (or older minimum age where required by local law). We do not knowingly collect personal data from children in violation of applicable law.

13. Third-party services

KeepTrack may link to or integrate with third-party services. Their privacy practices are governed by their own policies, not this Policy.

14. Changes to this Policy

We may update this Privacy Policy. If we make material changes, we will update the effective date and provide notice where required by law.

15. Contact

For privacy requests, subprocessor information, or data processing questions (including DPA requests), contact support@keeptrack.at.