1. Who We Are
This policy applies to Keepra: a software product of IBRANICS: a software development company registered in South Korea (Business Reg. No. 233-37-01584) at Gyeonggi-do, Suwon-si, Yeongtong-gu, Korea.
Data controller contact: support@keepravault.com
2. Data We Collect
We collect the minimum data required to provide the service:
- Account data (optional): if you enable cloud sync, we derive a Firebase email/password from your Secret Key, no real email is ever submitted. We do not collect your name, phone number, or demographic data.
- Usage metadata (desktop app): anonymous Electron crash reports via the OS mechanism. These contain no personal data from Keepra.
- Contact form: if you contact us via contact.html, we receive your name, email address and message. This is used only to respond to your enquiry.
We do not collect: browsing history, behavioural analytics, advertising identifiers, or any content you store inside the app.
3. Local-First Data Storage
All Keepra data (links, vault, notes, tasks, contacts, files) is stored locally in your browser's localStorage and IndexedDB (for Drive files), or in Electron's equivalent on the desktop.
This data is never sent to IBRANICS or any server unless you explicitly enable cloud sync (see §4). Clearing your browser data or uninstalling the app removes all local data.
4. Cloud Sync (Optional)
If you choose to enable cloud sync, Keepra uses Firebase Firestore (Google LLC) to store synchronisation blobs. The process is zero-knowledge:
- Your Secret Key is used to derive both Firebase credentials (SHA-256 hash) and an AES-256-GCM encryption key (PBKDF2, 600k iterations), in memory only, never persisted except as the Secret Key itself.
- Every blob is encrypted on your device before upload. Firebase only stores
{iv, data, ts}ciphertext. - IBRANICS has no ability to decrypt your data. Even with full access to Firebase, the ciphertext is unreadable without your Secret Key.
- Firestore is operated by Google LLC. Google's Privacy Policy governs their infrastructure: policies.google.com/privacy.
You can delete your sync data at any time: Settings → Sync & Devices → Delete Sync Data.
5. AI / MCP Access
The MCP Connector creates a local API server on 127.0.0.1:47615. When an AI assistant (Claude, ChatGPT, Cursor, etc.) requests data:
- The request is routed entirely on your machine: from the AI client → localhost API → Keepra app in memory.
- No data is relayed through IBRANICS servers or any intermediary.
- Each MCP key has explicit scopes you define. Only the data within scope is returned to the AI.
Be aware: data returned to an AI client (e.g. Claude Desktop) is subject to that AI provider's own privacy policy. Only grant AI access to data you are comfortable sharing with your AI provider.
6. Cookies and Tracking
The Keepra web app and marketing pages use no advertising cookies, no analytics trackers: and no third-party scripts beyond locally-hosted Bootstrap Icons. We use localStorage for app preferences (theme, settings), not for cross-site tracking.
7. Third-Party Services
| Service | Purpose | Data shared |
|---|---|---|
| Firebase / Google | Cloud sync (optional) | Encrypted ciphertext only. Never plaintext. |
| None | Analytics, ads, social | We use no analytics or advertising services. |
8. Your Rights
Depending on your jurisdiction, you may have the following rights regarding personal data we hold:
- Access: request a copy of any personal data we hold about you.
- Deletion: delete your account instantly from the app, or see our Account Deletion page for full instructions.
- Portability: export your data via Settings → Export (available at any time, no account needed).
- Correction: request correction of inaccurate personal data we hold.
- Objection: object to processing of your personal data.
To exercise any right, email support@keepravault.com. We will respond within 30 days.
9. Security Measures
Keepra implements multiple layers of security: AES-256-GCM encryption (vault and sync), PBKDF2-SHA256 key derivation with 600,000 iterations, brute-force lockout (exponential back-off + 15-min hard lock), auto-lock after inactivity, clipboard auto-clear, Content Security Policy headers, and IPC path validation in the desktop app.
If you discover a security vulnerability, please disclose responsibly to support@keepravault.com before publishing.
10. Children's Privacy
Keepra is not directed at children under 13 (or under 16 in EU/EEA jurisdictions). We do not knowingly collect personal data from minors. If you believe a minor has submitted data, contact us at support@keepravault.com and we will delete it.
11. Policy Changes
We may update this policy to reflect changes in the product or legal requirements. Material changes will be communicated via an in-app notification and an updated "Last updated" date at the top of this page. Continued use of Keepra after a material change constitutes acceptance of the updated policy.
12. Contact Us
For privacy questions, data requests, or security disclosures:
- General / privacy: support@keepravault.com
- Security disclosures: support@keepravault.com
- Business: support@keepravault.com
- Postal: IBRANICS, Yeongtong-dong 1014-9, Yeongtong-gu, Suwon-si, Gyeonggi-do, Korea