KeepValid — Privacy Policy

Last updated: March 19, 2026

Effective date: March 19, 2026

Cloudsec SRL (“we”, “us”), a company registered in Romania, built KeepValid as a document expiration reminder app. This page explains what data we collect, how we use it, and your rights.

What We Collect

  • Email address — used for your account and to send expiration reminders by email.
  • Document metadata — document type (e.g., “passport”), name you assign, and expiration date. We do not store document numbers, personal names, or any other identifying information from your documents.
  • Notification preferences — your chosen reminder intervals and notification channels.
  • Device token — a unique Firebase Cloud Messaging device identifier used to deliver push notifications to your device.

What We Do Not Collect

  • Document images — all document scanning and OCR happens entirely on your device using Google ML Kit. Your document photos are never uploaded to our servers or any third-party service.
  • Location data — we do not access or store your location.
  • Contacts, browsing history, or usage analytics — we do not collect any of these.

How We Use Your Data

Your data is used exclusively to:

  • Authenticate your account
  • Store your document expiration dates and reminder preferences
  • Send you expiration reminders via email and push notifications

We do not sell, share, or use your data for advertising or profiling.

Under GDPR, we process your data based on:

  • Contract performance — processing your email, document metadata, and notification preferences is necessary to provide the KeepValid service you signed up for.
  • Legitimate interest — crash and error reporting (via Sentry) to maintain service reliability and fix issues.
  • Consent — you may withdraw consent at any time by deleting your account.

Third-Party Services

We use the following third-party services:

  • Supabase — hosts our database and handles authentication. Your email and document metadata are stored in Supabase. Supabase Privacy Policy
  • Firebase Cloud Messaging (FCM) — delivers push notifications to your device. Only your device token is sent to Firebase. Google Privacy Policy
  • Google ML Kit — performs on-device text recognition for document scanning. ML Kit runs entirely on your device; no data is sent to Google. ML Kit Terms
  • Resend — delivers email notifications. Only your email address and notification content are sent to Resend. Resend Privacy Policy
  • Sentry — collects crash reports and error diagnostics to help us fix bugs. Sentry may receive device type, OS version, and stack traces. No document data or personal information is included. Sentry processes data in the United States under the EU-US Data Privacy Framework. Sentry Privacy Policy

Data Storage and Security

  • Your data is stored on servers in the European Union. Crash and diagnostic data is processed by Sentry in the United States under the EU-US Data Privacy Framework.
  • All communication between the app and our servers is encrypted with TLS (HTTPS).
  • Passwords are hashed and never stored in plain text.
  • We maintain data processing agreements (DPAs) with our third-party processors (Supabase, Sentry, Resend) to ensure your data is handled in compliance with GDPR.

Data Retention

  • Your data is kept as long as your account is active.
  • You can delete individual documents at any time from within the app.
  • You can delete your entire account from the app settings, which permanently removes all your data from our servers.

Your Rights

Under GDPR and applicable privacy laws, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and all associated data
  • Data portability — export your data in a machine-readable format (contact us)
  • Restrict processing — request that we limit how we use your data
  • Object to processing based on legitimate interest
  • Withdraw consent at any time by deleting your account
  • Lodge a complaint with a supervisory authority — for Romania, this is ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal) at dataprotection.ro

To exercise any of these rights, contact us at the email below.

Children’s Privacy

KeepValid is not directed at children under 13. We do not knowingly collect data from children.

Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date.

Contact

If you have questions about this privacy policy or your data, contact us at:

Cloudsec SRL Email: privacy@groundspeedlabs.com