Keepfri Privacy Policy

Last updated: May 14, 2026

1. Who we are

Keepfri is a mobile application that helps you maintain close relationships. This is a prototype distributed through closed testing for research purposes.

Data controller: Elena Bogdanovich (referred to as "we"). Privacy contact: hello@keepfri.com

2. What data we collect

2.1. About you

Category	Data	When collected
Device identifier	Random UUID generated on first launch. Not linked to email, phone, or Google account.	First app launch
Technical data	Device model, Android version, app version	First app launch
Push token	Expo Push Token for notification delivery	If you consent to notifications
Behavioral data	In-app events: screen navigation, session duration, dialog drop-off. May also include session replay (video recording of in-app actions, excluding screens of external apps)	Throughout app usage

2.2. About your friends (third parties)

This is a critical feature of Keepfri: you enter information about other people. You provide us with this data; we process it but do not request consent from the friends themselves.

Category	Data
Name	The name you give the friend in the app
Photo	If you choose one from your phone gallery
Contextual information	Answers to 3-5 short questions about the friend: where you met, what matters to them now, birthday, family, memorable moments
Interaction logs	Date and type of interaction (met / called / wrote), which you mark yourself
Dialog text	Your replies in in-app dialogs about the friend

Your responsibility: by adding friend data, you confirm that you have a legal basis (consent or other lawful basis) to share their personal data with Keepfri for the purposes described in this Policy.

3. Why we collect this

• So the app can remember your friends between sessions and send relevant reminders.
• So the AI assistant (Anthropic Claude) can generate context-aware questions and prompts based on what you've shared.
• To research how users interact with the prototype and decide on the product's future direction (research purpose — basis for processing).
• To deliver push notifications about good moments to reach out to friends (if you consent).

We do not use your data for advertising or third-party sales. According to Anthropic's public policy, data sent through the Claude API is not used to train their models.

4. Who we share data with

Keepfri uses the following data processors:

Service	Purpose	Hosting region
Supabase (Supabase Inc.)	Database and photo storage	Frankfurt, EU
Anthropic (Anthropic PBC)	LLM processing of dialog replies via Claude API	USA
Expo (650 Industries Inc.) + Google FCM	Push notification delivery	USA
PostHog	Behavioral analytics (if enabled)	EU (eu.posthog.com)

Transfer of data to the USA (Anthropic, Expo, FCM) is conducted under the EU-U.S. Data Privacy Framework (DPF) and/or the Standard Contractual Clauses of those companies.

We do not sell data to third parties.

5. How long we keep data

The Keepfri prototype is a time-limited research phase. We retain collected data while the current testing and analysis cycle is ongoing.

At the end of this cycle, two scenarios are possible:

• If we decide to discontinue the project, all collected data is deleted.
• If we decide to release a next version of the product, we will offer you an explicit choice inside the app or via notification: migrate your data to the new version (your consent will be required) or delete it. By default, in the absence of your consent within 30 days of the notification, the data is deleted.

Push tokens may be kept longer — until you revoke notification permission or uninstall the app.

6. Your rights

Regarding the data we store:

• Access: you can request a copy of the data we hold about you at hello@keepfri.com.
• Deletion: you can request deletion of all data associated with your device at hello@keepfri.com. We will delete it within 14 days.
• Objection and restriction: you can object to any processing and ask us to restrict it.
• Withdrawal of consent: for push notifications and analytics — via phone settings; for everything else — via email request.

If you are a third party whose data was added to Keepfri by a user (i.e. your friend), you can also request deletion: email hello@keepfri.com and we will delete records associated with your name within 14 days.

7. Security

• Data transfer between the app and servers uses HTTPS/TLS.
• Data in Supabase Postgres is encrypted at rest.
• Production database access is limited to the operator (Elena Bogdanovich) and automated Supabase services.

We are a research-stage prototype, not a bank. We cannot guarantee absolute protection from incidents. If one occurs, we will notify affected users within 72 hours.

8. Children

Keepfri is not intended for children under 16. We do not knowingly collect data about children. If you are a parent or guardian and discover that a child has provided us with data, email hello@keepfri.com and we will delete it.

9. International transfers

Because our processors operate in the USA and EU, your data may cross national borders. This occurs under: - EU-U.S. Data Privacy Framework (DPF) and/or EU Standard Contractual Clauses (for Anthropic, Expo, Google). - EU adequacy decision for hosting within the EU itself (Supabase Frankfurt, PostHog EU).

10. Policy changes

We may update this Policy. The version with the most recent date is the current one. If changes are substantial, we will notify you via the app or email.

11. Contact

All questions, requests, and complaints: hello@keepfri.com.

If you do not receive a response within 30 days or disagree with it, you have the right to contact the data protection supervisory authority in your country (e.g. Roskomnadzor in Russia; the national DPA in EU member states).