Privacy Policy

Keepsy — A Digital Message Preservation Platform | Operated by 2inBay LLC

Last updated: March 26, 2026

1. Introduction

Welcome to Keepsy. Keepsy is a digital message preservation platform operated by 2inBay LLC, a South Carolina limited liability company ("2inBay," "we," "us," or "our"). Keepsy allows users to create text, voice, and video messages that are securely stored and delivered to designated recipients upon the user's health check failure.

This Privacy Policy explains what information we collect, how we use and protect it, and the rights you have regarding your data. By using Keepsy, you agree to the collection and use of information as described in this policy.

This policy applies to all users of the Keepsy platform, including our website, mobile applications, and any related services.

2. Information We Collect

We collect the following categories of information:

2.1 Account Information

When you create an account, we collect:

  • Your name
  • Email address
  • Phone number

This information may be provided directly by you during signup or obtained through Google OAuth if you choose to sign in with Google. When you use Google sign-in, we receive your name, email address, and profile picture from your Google account.

2.2 Message Content

Keepsy stores the messages you create, which may include:

  • Text messages
  • Voice recordings
  • Video recordings

All message content is encrypted using AES-256 encryption at rest. 2inBay cannot view or access the content of your messages.

2.3 Recipient Information

To deliver your messages, we collect information about your designated recipients:

  • Recipient name
  • Recipient email address
  • Recipient phone number
  • Relationship to recipient

This information is provided by you and stored solely for the purpose of message delivery.

2.4 Trusted Contact Information

You may designate trusted contacts who participate in the health check process. We collect:

  • Trusted contact name
  • Trusted contact email address
  • Trusted contact phone number

2.5 Payment Information

If you subscribe to a paid plan, payment processing is handled entirely by Stripe, our third-party payment processor. Keepsy does not store, process, or have access to your credit card numbers or full payment card details. We receive only confirmation of payment status and basic transaction records from Stripe.

2.6 Usage Data

We automatically collect certain technical information when you use our platform:

  • IP address
  • Device information
  • Browser type and version

This data is collected through standard web analytics for the purpose of maintaining and improving our service.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service delivery: To create, store, and deliver your messages to designated recipients upon health check failure.
  • Account management: To create and maintain your account, authenticate your identity, and communicate with you about your account.
  • Health checks: To contact you and your trusted contacts as part of the health check process.
  • Payment processing: To process subscription payments through Stripe.
  • Service improvement: To understand how our platform is used and to improve its functionality, reliability, and security.
  • Security: To detect, prevent, and address fraud, abuse, and technical issues.
  • Legal compliance: To comply with applicable laws, regulations, and legal processes.

4. How We Share Your Information

We are committed to protecting your privacy. We handle data sharing as follows:

  • We never sell your personal information. Under no circumstances does 2inBay sell user data to third parties.
  • Message recipients: Your message content and any associated delivery information are shared with your designated recipients only when your messages are released following a health check failure. This is the core function of the service.
  • Service providers: We share information with the following service providers who assist us in operating Keepsy:
    • Amazon Web Services (AWS): Cloud infrastructure, hosting, data storage, authentication, and email/notification delivery.
    • Stripe: Payment processing for paid subscriptions.

    These providers access your information only to perform services on our behalf and are obligated to protect it.

  • Legal requirements: We may disclose your information if required to do so by law or in response to valid legal process, such as a subpoena, court order, or government request.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

5. Data Storage and Security

5.1 Infrastructure

Your data is stored on Amazon Web Services (AWS) infrastructure located in the United States. We use the following AWS services:

  • AWS Lambda for application processing
  • Amazon DynamoDB for structured data storage
  • Amazon S3 for media file storage
  • Amazon Cognito for authentication
  • Amazon SES and SNS for email and notification delivery
  • Amazon CloudFront for content delivery

5.2 Encryption

We employ strong encryption to protect your data:

  • At rest: All message content (text, voice recordings, and video recordings) is encrypted using AES-256 encryption. 2inBay personnel cannot view or access the content of your messages.
  • In transit: All data transmitted between your device and our servers is protected using TLS (Transport Layer Security) encryption.

5.3 Authentication

User authentication is managed through Amazon Cognito, which provides secure account access and session management. We support both email/password and Google OAuth sign-in methods.

6. Data Retention and Deletion

We retain your data according to the following practices:

  • Active accounts: Your data is retained for as long as your account remains active and you continue to use the service.
  • Released messages: When messages are delivered to recipients following a health check failure, the message content and associated download links remain available for 30 days. After 30 days, released messages are permanently deleted from our systems.
  • Account deletion: When you delete your account, all of your data — including account information, message content, recipient information, and trusted contact information — is permanently removed from our systems immediately.
  • Inactive free accounts: We reserve the right to delete accounts on free plans that have been inactive for an extended period. We will attempt to notify you before any such deletion.

7. Recipient Privacy

Recipients are individuals designated by Keepsy users to receive messages. We handle recipient data as follows:

  • Recipient contact information (name, email, phone, relationship) is provided by users and stored solely for the purpose of message delivery.
  • Recipients receive messages and download links only when messages are released following a health check failure.
  • Recipient data associated with a user's account is deleted when that user deletes their account.
  • Recipients who receive messages are not required to create a Keepsy account to access their messages.

8. Cookies and Tracking Technologies

Keepsy uses cookies in a limited and privacy-respecting manner:

  • Session cookies: We use session cookies that are necessary for authentication and to maintain your logged-in state. These cookies are essential for the platform to function.
  • No tracking or advertising cookies: We do not use cookies for advertising, cross-site tracking, or behavioral profiling. We do not serve ads on Keepsy.

9. Your Rights and Choices

All Keepsy users have the following rights regarding their personal information:

  • Access: You may request a copy of the personal information we hold about you.
  • Correction: You may update or correct inaccurate personal information through your account settings or by contacting us.
  • Deletion: You may delete your account at any time, which will result in the immediate and permanent removal of all your data from our systems.
  • Data export: In the event of a service wind-down, you will be provided an opportunity to export your data before the service is discontinued (see Section 16).

To exercise any of these rights, contact us at privacy@2inbay.com.

10. California Residents — CCPA Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know: You have the right to request that we disclose what personal information we have collected about you, the categories of sources from which it was collected, the purpose for collecting it, and the categories of third parties with whom we have shared it.
  • Right to delete: You have the right to request the deletion of your personal information, subject to certain exceptions.
  • Right to opt-out of sale: 2inBay does not sell personal information. Because we do not sell your data, there is no need to opt out, but we recognize and respect this right.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing or quality of service for making a privacy request.

To submit a CCPA request, contact us at privacy@2inbay.com. We will verify your identity before processing your request and respond within 45 days as required by law.

11. European Union Residents — GDPR Rights

If you are a resident of the European Union or the European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access: You have the right to obtain confirmation as to whether your personal data is being processed and to access that data.
  • Right to rectification: You have the right to have inaccurate personal data corrected.
  • Right to erasure: You have the right to have your personal data deleted under certain circumstances.
  • Right to restrict processing: You have the right to request that we limit how we use your data under certain circumstances.
  • Right to data portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.
  • Right to object: You have the right to object to the processing of your personal data under certain circumstances.

Our legal basis for processing your data is the performance of our contract with you (providing the Keepsy service), your consent (where applicable), and our legitimate interests in operating and improving our service.

To exercise any of these rights, contact us at privacy@2inbay.com. We will respond to your request within 30 days.

12. International Data Transfers

Keepsy's infrastructure is hosted in the United States on Amazon Web Services. If you access Keepsy from outside the United States, your data will be transferred to and stored in the United States.

For users in the European Union: data transfers from the EU to the United States are conducted under Standard Contractual Clauses (SCCs) as approved by the European Commission, ensuring that your data receives an adequate level of protection.

13. Children's Privacy

Keepsy is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

We do not collect data subject to the Children's Online Privacy Protection Act (COPPA). If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@2inbay.com.

14. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify affected users within 72 hours of discovering the breach.
  • Provide details about the nature of the breach, the types of data involved, and the steps we are taking to address it.
  • Notify relevant regulatory authorities as required by applicable law.
  • Recommend steps you can take to protect yourself.

15. Third-Party Services

Keepsy integrates with the following third-party services:

ServicePurposeData Shared
Amazon Web Services (AWS)Cloud hosting, data storage, authentication, email and notification deliveryAccount data, message content (encrypted), recipient data
StripePayment processingPayment and billing information
Amazon CognitoUser authenticationAccount credentials and session data
Google (OAuth)Optional social sign-inName, email, profile picture (with your consent)

Each of these providers maintains their own privacy policies. We encourage you to review them:

16. Service Wind-Down Policy

If 2inBay decides to discontinue the Keepsy service, we will:

  • Provide at least 90 days advance notice to all users.
  • Offer a data export option so that you can download your messages and account data before the service is shut down.
  • Permanently delete all user data from our systems after the wind-down period is complete.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy.
  • Notify you by email or through a prominent notice within the Keepsy platform.

We encourage you to review this policy periodically. Your continued use of Keepsy after any changes constitutes your acceptance of the updated policy.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

2inBay LLC

Email: privacy@2inbay.com

We will make every effort to respond to your inquiry promptly.

This Privacy Policy is effective as of March 26, 2026.