Privacy Policy

Privacy Policy

How we handle your data.

The full privacy policy for the Keeper mobile app — written to be readable, as well as legally watertight.

Effective 21 May 2026 · Last updated 21 May 2026 · Version 1.0

Compliant with: EU GDPR (2016/679) · Swiss nDSG 2023 · California CCPA/CPRA · COPPA · CAN-SPAM · Apple App Store Requirements

1. Introduction

This Privacy Policy ("Policy") describes how Keeper ("Keeper", "we", "us", "our") collects, uses, stores, shares, and protects information about you ("User", "you", "your") when you use the Keeper mobile application and any related services (collectively, the "Service").

Keeper is a family storytelling application that sends one question per day to a designated storyteller (typically a parent or grandparent), who responds with a voice note that is preserved and made available to designated listeners within a private family group.

Important: By downloading, installing, or using Keeper, you acknowledge that you have read, understood, and agree to be bound by this Policy in its entirety. If you do not agree, you must immediately cease using the Service and delete the application.

This Policy is incorporated by reference into our Terms of Service and constitutes a legally binding agreement. Where you use the Service on behalf of a minor or another person, you represent that you have all necessary authority and consents to do so.

2. Who we are (Data Controller)

For the purposes of applicable data protection laws, including the EU General Data Protection Regulation ("GDPR"), the Swiss Federal Act on Data Protection ("nDSG"), and any other applicable legislation, the data controller is:

Data Controller Keeper — Individual Developer / Sole Trader · Geneva, Switzerland

Contact: privacy@keeperapp.website

We are a small independent operator. As of this date, we do not meet the threshold requiring appointment of a formal Data Protection Officer (DPO) under Article 37 GDPR, however the contact above fulfils all DPO-equivalent functions and will respond to data subject requests within the legally mandated timeframes.

EU/EEA Representative

As we are based in Switzerland (a country with an adequacy decision from the EU Commission under GDPR Article 45), no separate EU representative is required at this time. Swiss law provides equivalent protections.

Swiss FDPIC notification

We are registered with and subject to the oversight of the Swiss Federal Data Protection and Information Commissioner (FDPIC) to the extent required under the revised nDSG effective 1 September 2023.

3. Data we collect

We collect only data that is strictly necessary to provide the Service ("data minimisation" principle). The categories below are exhaustive — we do not collect anything outside of this list without updating this Policy and providing fresh notice.

CategorySpecific data pointsSourceRequired?
AccountEmail address, full name, role (Listener / Storyteller)You at signupYes
AuthenticationHashed password (never plain text), session tokensSupabase AuthYes
ProfileProfile photo (optional), display nameYou (optional)No
Voice recordingsAudio files (.m4a) of voice note responses. Duration. Associated question text.Recorded by youYes
Family groupFamily name, 6-character invite code, membership associations, rolesYou or another memberYes
UsageDay count, recording timestamps, playback timestampsAuto-generatedYes
Custom questionsText questions submitted by Listeners to StorytellersTyped by youNo
Device permissionsMicrophone; photo library (avatar — optional)System-level permissionMic: Yes. Photos: No
Technical logsIP address, device OS, app version, crash logsAutomaticAutomatic
ReactionsEmoji reactions to voice notes, linked to user ID and note IDYouNo
What we do NOT collect: precise geolocation, financial payment information (any payments via Apple In-App Purchase are handled solely by Apple), advertising identifiers, behavioural tracking data, third-party social media tokens, device contact lists, biometric identifiers, or anything beyond the table above.

Voice data — special-category notice

Voice recordings may constitute biometric data under certain jurisdictions (including Article 9 GDPR in specific contexts). We treat all voice recordings with heightened protection equivalent to special category data. Recordings are stored encrypted, accessible only to members of the specific private family group, and are never used for voice recognition, AI training, advertising targeting, or any purpose other than playback within the family group.

4. Why we process your data

Primary purposes

Expressly excluded purposes

We will never use your data for:

Under GDPR Article 6 and the Swiss nDSG, we must have a valid legal basis for each processing activity:

ActivityGDPR basis (Art. 6)Swiss nDSG
Account creation and managementArt. 6(1)(b) — ContractArt. 31 — Contract
Voice note recording and storageArt. 6(1)(b) Contract; Art. 6(1)(a) Consent (mic permission)Art. 31; Consent
Family group and invite managementArt. 6(1)(b) — ContractArt. 31
Security monitoring & fraud preventionArt. 6(1)(f) — Legitimate interestsArt. 31 — Legitimate interests
Technical log data & crash analyticsArt. 6(1)(f) — Legitimate interestsArt. 31 — Legitimate interests
Legal compliance obligationsArt. 6(1)(c) — Legal obligationArt. 31 — Legal obligation
Optional profile photoArt. 6(1)(a) — ConsentConsent
Push notifications (if enabled)Art. 6(1)(a) — ConsentConsent
Legitimate interests assessment: where we rely on legitimate interests (Art. 6(1)(f)), we have conducted a balancing test and concluded that our interests (service security, fraud prevention, operational reliability) do not override your fundamental rights and freedoms, given the minimal intrusiveness of the data processing involved and the reasonable expectations of users of a private family application.

Withdrawal of consent

Where processing is based on your consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal. You may withdraw consent for microphone access via your device settings (iOS: Settings → Privacy → Microphone; Android: Settings → Apps → Keeper → Permissions). Withdrawal of microphone consent will prevent use of the core recording feature.

6. Data retention

We retain your data only for as long as necessary for the purposes for which it was collected, or as required by applicable law.

DataRetention periodBasis
Account data (email, name, role)Duration of account + 30 days after deletion requestService delivery; recovery buffer
Voice recordingsUntil manually deleted by storyteller or family admin, OR 90 days after account deletion, whichever is soonerCore service; permanent preservation is the purpose
Authentication tokens / session dataExpires per Supabase default (1 hour access token; 7-day refresh token)Security
Technical log data / IP logsMaximum 90 days (Supabase infrastructure logs)Security monitoring
Deleted account dataPurged within 90 days of deletion requestLegal obligations; backup cycle
Legal hold data (if applicable)Until resolution of legal proceedingsLegal obligation

Account deletion

You may request full account deletion at any time via the Settings screen in the app or by emailing privacy@keeperapp.website. Upon deletion: your profile and account data will be purged; voice recordings you created will be purged from storage within 90 days; family membership associations will be removed. If other family members have downloaded or saved copies of recordings, we cannot control their use of those local copies. We will confirm completion of deletion in writing.

7. Data sharing & international transfers

Third-party service providers (data processors)

We engage the following third-party processors who act under our instruction and are contractually bound to protect your data:

ProcessorPurposeLocationSafeguard
Supabase, Inc.Database, authentication, file storageUSA (AWS)SCCs; Supabase DPA; SOC 2 Type II
Apple Inc.App distribution, in-app purchasesUSAApple Developer Agreement
Google LLCApp distribution (Google Play)USAGoogle Play DDA
Expo Technology, Inc.App build & distribution (EAS)USAExpo ToS; no personal user data shared

International data transfers (EEA/Switzerland → USA)

Your data is stored on Supabase infrastructure hosted on AWS in the United States. This constitutes a transfer of personal data to a third country for EEA and Swiss users. Safeguards:

We do not sell your personal data. We do not sell, rent, license, exchange, or otherwise transfer your personal information to any third party for commercial purposes, including for advertising. This applies equally under GDPR, the Swiss nDSG, the CCPA/CPRA, and all other applicable laws.

Permitted disclosures

We may disclose your data without your consent only in the following circumstances:

8. Security measures

We implement technical and organisational security measures appropriate to the risk:

No security is absolute. Despite these measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security. By using the Service, you acknowledge this inherent risk. See Section 15 for our limitation of liability in connection with security incidents.

9. Your data subject rights

Depending on your jurisdiction, you have the following rights. We honour all of these equally regardless of jurisdiction, as a matter of principle:

How to exercise your rights

Submit requests to privacy@keeperapp.website with the subject line "Data Subject Request". We will:

10. Children's privacy (COPPA & GDPR)

Keeper is not directed at children under the age of 13 (or 16 in EU/EEA jurisdictions where the applicable age of digital consent is higher). We do not knowingly collect personal information from children under these age thresholds.

If you are a parent or legal guardian and believe your child under 13 has provided us with personal information without your consent, please contact us immediately at privacy@keeperapp.website. Upon verification, we will delete the child's data.

Users must be at least 13 years of age to create an account. Users between 13 and 16 in the EU/EEA require verifiable parental consent before we may lawfully process their personal data under GDPR Article 8.

The Keeper App Store listing is rated for ages 4+ (family-appropriate content) but account creation and data processing applies only to users 13 and over.

11. Voice recordings — special provisions

Voice recordings are the core data type processed by Keeper and warrant specific disclosure.

Microphone permission

The app requests microphone access solely for the purpose of recording voice note responses to daily questions. The microphone is accessed only when you actively hold the record button. We do not access the microphone in the background, while the app is closed, or for any purpose other than voice note recording initiated by you.

Recording indicator

A visible recording indicator is displayed within the app at all times during recording. Recordings cannot be initiated without your active, affirmative, sustained physical interaction.

Ownership and access

Recordings you create are stored in a private, access-controlled storage bucket. Access is restricted exclusively to members of your specific family group. No Keeper employee, contractor, or administrator can access your recordings for any purpose other than (a) resolving a specific technical support request you have initiated, (b) responding to a lawful legal request, or (c) security investigations in the event of a suspected breach.

AI / machine learning prohibition

Your voice recordings will never be used to train artificial intelligence models, improve speech recognition systems, create voice profiles, or for any purpose beyond the Service's core function of family storytelling playback.

Recording by non-account holders

If you invite a family member who is not a registered account holder to join a family group, you represent and warrant that you have obtained their informed consent to the collection and storage of their voice recordings under this Policy before they use the Service.

12. Cookies, analytics & tracking

The Keeper mobile application does not use cookies (which are a web browser technology). The app does not use any third-party advertising networks, tracking SDKs, or behavioural analytics platforms.

If you access a Keeper website (e.g., keeperapp.website), that website may use essential cookies required for functionality. No third-party advertising or tracking cookies are used on any Keeper web properties.

We do not use Apple's IDFA or any equivalent advertising identifier. We do not check the Tracking Preference for advertising purposes because we do not serve advertising.

App Store analytics (aggregated, differential-privacy-protected data provided by Apple) may be used to understand general app performance. This data is anonymised and does not identify individual users.

13. California residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) provides additional rights:

Right to know

Disclosure of categories of personal information collected, sources, purposes, categories of third parties with whom we share, and specific pieces collected about you.

Right to delete

Request deletion of personal information collected from you, subject to certain exceptions.

Right to correct

Request correction of inaccurate personal information.

Right to opt-out of sale or sharing

We do not sell or share personal information for cross-context behavioural advertising. There is nothing to opt out of. We confirm we have not sold or shared California consumers' personal information in the preceding 12 months.

Right to limit use of sensitive personal information

Voice recordings may qualify as sensitive personal information under CPRA. We use them only for the purpose of providing the core Service (storage and playback within your family group).

Right to non-discrimination

We will not discriminate against you for exercising your CCPA/CPRA rights.

Submit requests to privacy@keeperapp.website. We will respond within 45 days (extendable to 90 days with notice).

14. Swiss users — revised nDSG

The revised Swiss Federal Act on Data Protection (nDSG / LPD / DSG), in force since 1 September 2023, provides Swiss residents with data protection rights substantially equivalent to GDPR:

Swiss residents may contact the FDPIC at edoeb.admin.ch with complaints regarding our data processing.

15. Limitation of liability

Maximum legal protection — read carefully

To the maximum extent permitted by applicable law, including but not limited to the laws of Switzerland, the European Union, the United States, and any other jurisdiction, Keeper and its operator expressly disclaim all liability, whether in contract, tort (including negligence), statutory duty, or otherwise, in connection with or arising from your use of the Service.

No warranty

THE SERVICE IS PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS WITHOUT ANY WARRANTY OF ANY KIND, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. We disclaim all warranties including, without limitation: implied warranties of merchantability, fitness for a particular purpose, and non-infringement; warranties that the Service will be uninterrupted, error-free, or secure; warranties regarding the accuracy, reliability, or completeness of any data; and warranties that any defects will be corrected.

Exclusion of consequential damages

To the maximum extent permitted by law, Keeper shall not be liable for any: indirect, incidental, special, consequential, punitive, or exemplary damages; loss of profits, revenue, data, goodwill, or anticipated savings; loss of or corruption of data, including voice recordings; costs of substitute services; or any other pecuniary or non-pecuniary loss, whether based on contract, tort, or any other theory, even if we have been advised of the possibility of such damages.

Aggregate liability cap

To the maximum extent permitted by law, our total aggregate liability to you for all claims arising out of or related to the Service shall not exceed the greater of: (a) the total amount you have paid to us in the twelve (12) months preceding the claim; or (b) one hundred Swiss francs (CHF 100). If you have not paid us anything, our maximum liability is CHF 100.

Data loss

We are not liable for any loss, corruption, or unavailability of your voice recordings or other data arising from technical failures, server outages, data centre incidents, cyberattacks, or any other cause beyond our reasonable control. You are responsible for maintaining your own backup copies of recordings that are important to you.

Force majeure

We shall not be liable for any failure or delay in performance resulting from causes beyond our reasonable control, including: acts of God, natural disasters, pandemic, war, government actions, internet infrastructure failures, third-party service provider outages (including Supabase or AWS), or cyberattacks.

Applicable-law limitations on exclusions

Some jurisdictions do not allow the exclusion of certain warranties or the limitation of certain types of damages. In such jurisdictions, our liability is limited to the greatest extent permitted by law. Nothing in this section limits liability for death or personal injury caused by our proven gross negligence or wilful misconduct, or for fraudulent misrepresentation.

IP infringement disclaimer

We are not liable for any intellectual property infringement arising from: user-generated content, including voice recordings; questions answered by users that reference third-party materials; or any content shared or transmitted by users within family groups. Users are solely responsible for ensuring that content they upload or record does not infringe the intellectual property rights of any third party.

16. User indemnification

Important: By using the Service, you agree to the following indemnification obligations.

To the fullest extent permitted by applicable law, you agree to indemnify, defend, and hold harmless Keeper and its operator, affiliates, officers, directors, employees, agents, licensors, and service providers from and against any and all claims, liabilities, damages, judgments, awards, losses, costs, expenses, and fees (including reasonable legal fees) ("Claims") arising out of or relating to:

This indemnification obligation survives termination of your use of the Service.

17. User-generated content

The Service enables users to create, upload, and share voice recordings and other content ("User Content"). You retain ownership of your User Content. By using the Service, you grant us a limited, non-exclusive, royalty-free, worldwide licence to store, process, transmit, and make available your User Content solely to the extent necessary to provide the Service.

Your responsibilities

You are solely and exclusively responsible for all User Content. You represent and warrant that:

Our rights regarding User Content

We reserve the right (but not the obligation) to remove any User Content that we determine, in our sole discretion, violates this Policy, our Terms of Service, or applicable law. We are not liable for any failure to remove User Content.

No operator liability

We are not responsible or liable for any User Content or for any claims, damages, or losses arising from or related to User Content. Users rely on User Content at their own risk. To the maximum extent permitted by applicable law, we expressly disclaim all liability in connection with User Content.

18. Data breach notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will comply with our notification obligations as follows:

Breach liability limitation

Notwithstanding our notification obligations above, to the maximum extent permitted by applicable law, we shall not be liable for any damages, losses, costs, or expenses suffered by you as a result of any data breach, cyberattack, unauthorised access, or security incident, whether arising from our negligence, third-party actions, or otherwise, except where such liability cannot be excluded under mandatory applicable law. Our obligation is limited to notification and reasonable remediation steps. We are not your insurer against data loss or breach.

19. Changes to this Policy

We reserve the right to update or modify this Policy at any time. When we make material changes, we will:

Your continued use of the Service after the effective date of a revised Policy constitutes your acceptance. If you do not agree, you must cease using the Service and delete your account. Prior versions will be archived and available upon request.

20. Contact, complaints & supervisory authorities

Contact us

Privacy enquiries & data subject requests privacy@keeperapp.website

We respond within 72 hours for acknowledgement; 30 days for substantive response.

Supervisory authorities

You have the right to lodge a complaint with the relevant supervisory authority:

JurisdictionAuthorityWebsite
SwitzerlandFederal Data Protection and Information Commissioner (FDPIC)edoeb.admin.ch
EU / EEASupervisory authority in your country of residence or place of workEDPB members list
USA — CaliforniaCalifornia Privacy Protection Agency (CPPA)cppa.ca.gov
USA — FederalFederal Trade Commission (FTC)ftc.gov

Governing law

This Policy is governed by and construed in accordance with the laws of Switzerland, without regard to its conflict of law provisions. To the extent mandatory provisions of GDPR or other applicable laws apply, those mandatory protections shall apply regardless of this choice of law clause.

Dispute resolution

Any dispute arising from this Policy shall first be addressed through good-faith negotiation. If not resolved within 30 days, disputes shall be submitted to the exclusive jurisdiction of the courts of Geneva, Switzerland, subject to mandatory consumer protection laws that may grant users rights in their country of residence.


If you have read this far, thank you. Privacy matters — it's why Keeper stores your family's stories in a private, encrypted vault accessible only to your family. That's our promise.