1. Who we are
Keeply ("we", "us", "our") is operated from Ireland. We provide a universal digital receipt service that lets shoppers receive and organise receipts from participating retailers, and lets those retailers send receipts to their customers without collecting customer email or phone numbers.
For consumer accounts (the Keeply mobile app and app.keeply.ie), Keeply is the data controller. For receipt data sent to us by participating retailers on behalf of their customers, Keeply acts as the data processor on the retailer's behalf.
Contact for privacy questions, data subject requests, or to reach our Data Protection contact: info@keeply.ie.
2. What we collect
Information you give us
- Account details: email address and password (stored as a salted bcrypt hash, never in plaintext).
- Profile information (optional): first name, last name, phone number, address. You can leave any of these blank.
- Account identifier (URID): a 19-character random string we generate for you. The URID is encoded in the barcode you show at checkout. It does not contain your name, email, or any personally identifying information on its own.
Information retailers send us about you
When you show your Keeply card at a participating shop, the retailer's point-of-sale system sends your receipt to Keeply. This typically includes:
- The merchant, transaction date, and store/till identifier
- Line items, quantities, prices, taxes, and the total
- The payment method used (e.g. card, cash) and, for card payments, the card brand and last 4 digits where the retailer provides them
Retailers do not share full card numbers, PINs, or bank account information with Keeply. The receipt is associated with your URID, not with any payment instrument.
Information we collect automatically
- Device and app information: operating system, device model, app version, language preference, and timezone. Used for compatibility, debugging, and abuse prevention.
- Authentication tokens: stored in the iOS Keychain / Android EncryptedSharedPreferences on your device, never on our servers in clear form.
- Push notification tokens (when you opt in): provided to us by Apple (APNs) or Google (FCM) to deliver notifications such as "Receipt from Tesco saved".
- Server logs: standard request logs (timestamp, IP address, endpoint) kept for 30 days for security and troubleshooting.
3. How we use your information
| Purpose | Legal basis (GDPR Article 6) |
|---|---|
| Provide the Keeply service (sign-in, receipt storage and retrieval, the Apple Wallet pass) | Performance of a contract |
| Route receipts from retailers into the correct account based on the URID | Performance of a contract |
| Send push notifications about new receipts (only when you opt in) | Consent — you can withdraw at any time in Settings |
| Detect fraud, abuse, and system errors | Legitimate interest in keeping the service safe |
| Comply with legal obligations (tax, court orders) | Legal obligation |
4. Who we share information with
We do not sell your personal information. We share it only in the limited circumstances below:
- Participating retailers: only the receipts a specific retailer has submitted to your account are visible to that retailer. They cannot see receipts from other shops, your name, email, address, phone, or your URID's mapping to your identity.
- Our infrastructure providers (sub-processors), all processing data within the EU:
- Neon — PostgreSQL database hosting (eu-central-1, Frankfurt)
- Fly.io — application server hosting (Frankfurt region)
- Vercel — web frontend hosting (EU regions)
- Cloudflare — DNS and traffic management
- Apple and Google — push notification routing (APNs / FCM), only when you opt in to notifications
- Law enforcement: only when we receive a valid legal order from an Irish court or another EU authority with jurisdiction.
5. Where your data is stored
All Keeply infrastructure operates within the European Union. Our primary database and application servers are located in Frankfurt, Germany. An Irish region is available for retailer partners on request.
Push notification routing (APNs and FCM) is provided by Apple and Google respectively. Where these providers process data outside the EU, they operate under Standard Contractual Clauses or equivalent safeguards.
6. How long we keep your data
| Data | Retention |
|---|---|
| Account, profile, receipts | Until you delete your account, or up to 12 months of inactivity, whichever is sooner. |
| Retired URIDs (after rotation) | Kept indefinitely to route late-arriving receipts to the right account, unless you delete your account. |
| Auth tokens / sessions | Until you sign out, or 90 days of inactivity. |
| Server access logs | 30 days, then automatically purged. |
| Email correspondence | Up to 24 months after the conversation closes, then deleted. |
7. Your rights under GDPR
If you are in the European Union, the United Kingdom, or any jurisdiction with equivalent law, you have the right to:
- Access the personal information we hold about you
- Rectify inaccurate or incomplete data
- Erase your data (the "right to be forgotten")
- Restrict or object to certain processing
- Port your data (we provide an export in a machine-readable format)
- Withdraw consent at any time without affecting the lawfulness of prior processing
- Lodge a complaint with the Irish Data Protection Commission (www.dataprotection.ie) or your local supervisory authority
To exercise any of these rights, email info@keeply.ie. We respond within 30 days; no charge for the first request in any 12-month period.
8. Children
Keeply is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us and we will delete the account.
9. Device permissions
- Face ID / Touch ID / fingerprint: used only on your device to unlock the app when you have opted in. The biometric data never leaves your device.
- Notifications: used to alert you when new receipts arrive in your account. Optional. You can disable any time in system Settings.
10. Cookies and similar technology
Our web app (app.keeply.ie) uses a single essential cookie to keep you signed in. We do not use third-party tracking cookies, advertising cookies, or analytics cookies. See our Cookie Policy for the full list.
11. Changes to this policy
We may update this policy from time to time. If we make material changes, we will notify you by email or via a notice in the app at least 14 days before they take effect. The "effective" date at the top of this page tells you when the current version took effect.
12. Contact
For any privacy question, including data subject requests or to report a concern, please contact:
Melanie Murphy
Keeply, Ireland
info@keeply.ie