Last updated: June 2026
This Policy explains how Keply handles personal data. We act as a processorfor the customer data you connect (you are the controller), and as a controllerfor your account and usage data.
Account data (name, email, organization), data you connect (CRM, billing, mailbox, usage — which may include personal data of your customers), and product/usage logs. We do not sell personal data.
To provide the Service: normalize your data, compute health scores and risk, draft outreach, and operate the agent under your control. Connected tokens are encrypted at rest and never stored in plaintext.
We process personal data to perform our contract with you, on the basis of legitimate interests in operating and securing the Service, and on your instructions as processor. You are responsible for your lawful basis to connect customer data.
Access, rectification, erasure, restriction, portability, and objection. Where we are the processor, we assist the controller in fulfilling data-subject requests. Contact [privacy@yourdomain]; you may also lodge a complaint with your supervisory authority.
California residents have the right to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell or share personal information.To exercise rights, contact [privacy@yourdomain]. We will not discriminate against you for exercising them.
We use vetted sub-processors (e.g. cloud hosting, database, model and email providers) under data-protection terms. International transfers rely on appropriate safeguards (e.g. SCCs). A current sub-processor list is available on request.
We retain data for as long as your account is active or as needed to provide the Service, then delete or anonymize it. We use encryption in transit and at rest, tenant isolation, and access controls. No method is perfectly secure.
Data protection: [privacy@yourdomain]. We will update this Policy as needed.