Privacy

Last updated: 2026-05-19

What we collect

  • Identity: the handle you claim. If you activate email-link sign-in (post-GA, behind operator activation), we also store the email you verify.
  • Content: playbooks you create, version history, comparison results, audit log of your actions (create/update/share/revoke/fork/export/trust events).
  • Authorization: trust-graph relationships, workspace memberships, share grants you create.
  • Operational telemetry: request IP (as a partially-hashed rate-limit key, not stored long-term beyond the limiter window) and user-agent (audit log entries for package export events only).

What we do with it

We use this data exclusively to run the service: render your playbooks, enforce permissions, log auditable actions, scan for sensitive content before share, and rate-limit abusive requests. We do not sell user data, share it with third-party advertisers, or use it to train AI models.

Privacy scanning

When you create or share a playbook, the privacy scanner (src/lib/privacy.ts) runs against the content locally on our server. The scanner uses NFKC normalization and zero-width-character stripping before pattern matching, so common Unicode evasion (zero-width joiners, lookalikes) does not bypass it. The scanner is deterministic, not LLM-based — we don't send your content to any external AI provider unless you have explicitly configured an OPENAI_API_KEY or ANTHROPIC_API_KEY on your account (and the AI enhancement feature is opt-in).

Your rights (GDPR / CCPA)

  • Access: every playbook you create is exportable as Markdown / JSON / YAML from /dotfiles.
  • Rectification: edit any playbook via the playbook detail page; each save creates a new version.
  • Erasure / right to be forgotten: email jckeen@keenmediainc.com from your verified email or from the address associated with your account. We anonymize your audit-trail references and hard-delete your User row, playbooks, versions, share grants, and trust relationships within 30 days. Workspaces you own require explicit ownership transfer or hand-deletion before User deletion can proceed (FK constraint).
  • Portability: exports use canonical Markdown / JSON / YAML; no proprietary lock-in.
  • Objection / restriction: revoke any share or set any playbook to private at any time.

Cookies

We set one cookie: ac_session, an HMAC-signed value containing your user id and an expiry timestamp. It is HttpOnly, Secure (in production), SameSite=Strict, and expires after at most 30 days (enforced server-side). We use no third-party analytics or tracking cookies.

Data retention

Active playbooks, versions, and audit events are retained for the life of your account or until you delete them. Audit events for users who deleted their accounts have actorId set to null per the schema'sON DELETE SET NULL contract. Rate-limit buckets are evicted after their window; no long-term IP logging.

Hosting

The application runs on Vercel; the database is hosted on Supabase (Postgres 17, us-east-1). Both providers have their own privacy practices that apply to data in transit and at rest within their infrastructure.

Contact

Privacy concerns, deletion requests, or DPA inquiries: jckeen@keenmediainc.com.

See also: Terms · Home