Privacy Policy - KeyCliq

Privacy Policy

KeyCliq AI Key Identification Inc.

Effective Date: October 20, 2025Updated: October 20, 2025

KeyCliq AI Key Identification Inc. ("KeyCliq", "we", "our," or "us") is committed to protecting the privacy and security of our users and their proprietary information. This Privacy Policy explains how we collect, use, store, and protect information when you access or use our web-based application designed for property managers to organize and manage physical keys (the "Service").

By using KeyCliq, you agree to the terms of our Privacy Policy.

Information We Collect

We collect and store only the information necessary to operate, improve, and support the Service. This may include:

1.1 Account Information

  • First and last name
  • Email address
  • Organization or company name
  • User role

1.2 Key and Property Information

  • Key names, labels, associated notes, and optional metadata
  • Property/unit identifiers you provide

1.3 Usage Data (Automatic)

  • IP address
  • Browser type and device information
  • Log and activity data related to application use (for security, diagnostics, and product improvement)

1.4 Optional Submissions

  • Support messages, feature requests, or feedback you voluntarily submit

We do not collect financial information, payment data, or unnecessary personally identifiable information (PII).

How We Use Information

We use collected data only to:

  • Provide and maintain the Service
  • Authenticate users and manage accounts
  • Improve app functionality and user experience
  • Respond to support requests
  • Maintain security and prevent misuse
  • Generate anonymized, aggregated usage analytics (non-identifiable)

We do not sell or rent user data and do not use data for advertising purposes.

Data Security

The KeyCliq platform, hosted on Heroku, is designed with multiple layers of security to protect user data:

Data Protection

  • Sensitive data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Personally identifiable information is minimized and stored only when required.

Access Controls

  • Role-based access controls limit data visibility to authorized users.
  • Tenant isolation prevents cross-organization data exposure.

Encryption & Secrets Management

  • Application secrets and database credentials are securely stored via Heroku-managed configuration and secret storage.
  • Regular key and credential rotation is enforced.

Backups & Reliability

  • Automated database backups with point-in-time recovery
  • Redundant storage for media files with retention policies

Monitoring & Compliance

  • Hosting on Heroku leverages compliance frameworks such as SOC 2, ISO 27001, and GDPR-ready infrastructure.

User Authentication & Password Responsibilities

Users are responsible for maintaining the confidentiality of their login credentials and for all activity that occurs under their account. You agree to:

  • Use strong, unique passwords and update them periodically
  • Not share login credentials with unauthorized individuals
  • Notify us immediately if you suspect unauthorized access
  • Remove access for former users who no longer require it

We are not liable for unauthorized access resulting from weak passwords, credential sharing, phishing attacks, or user failure to secure authentication methods.

Data Sharing and Third Parties

We only share data with:

  • Essential infrastructure or service providers (e.g., hosting, email, and monitoring tools)
  • Legal authorities, if required by applicable law

We do not share data with advertisers, data brokers, or unrelated third parties.

Data Retention

We retain user data only for as long as needed to deliver the Service. Upon account deletion, data is removed or anonymized except where limited retention is required for legal, security, or disaster-recovery backup purposes.

User Rights

Users may request:

  • Access to their data
  • Correction of inaccurate data
  • Deletion of stored data and account closure
  • Export of data in a commonly used format

Requests can be made via: brittany@keycliq.com

Cookies

We use essential cookies for authentication, security, and app functionality. We do not use tracking or advertising cookies.

Do Not Track (DNT) Disclosure

Some browsers offer a "Do Not Track" (DNT) setting that signals a preference not to be tracked. Because there is currently no industry standard for recognizing or responding to DNT signals, our Service does not respond to DNT requests at this time.

We limit tracking to essential, non-advertising purposes only.

Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect data from minors.

International Storage

Data may be stored in regions supported by our hosting provider. By using the Service, you consent to data transfer and storage in such regions, protected under industry-standard encryption and compliance frameworks.

Policy Updates

We may update this Privacy Policy periodically. Material changes will be communicated in-app or by email notification.

Contact Information

For privacy questions or data requests, contact us at:

brittany@keycliq.com