Privacy Policy

Last updated: 16 March 2026

1. Introduction

Logical Llama Limited (Company Registration Number: 16803899), trading as keyhold.io ("we", "us", or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our zero-knowledge secret management platform.

We are registered in the United Kingdom. For any privacy-related enquiries, please .

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and organisation details. This information is necessary to provide our services and communicate with you.

Cryptographic Keys

We store your public cryptographic key to enable our zero-knowledge encryption system. Your private key is generated and stored exclusively on your device and is never transmitted to our servers in plaintext. We store an encrypted version of your private key (encrypted with your password and keyhold.io Secret Key) to enable access from multiple devices.

Organisational Data

We collect and store metadata about your organisation including client names, project names, secret labels, and organisational structure. This metadata is not encrypted with zero-knowledge and is accessible to us for service provision.

File Metadata

When you upload file attachments, we collect file metadata including file names, sizes, and MIME types. The file contents themselves are encrypted with zero-knowledge encryption and are not accessible to us.

Usage Data

We collect audit logs including access times, IP addresses, user agents, and user actions for security monitoring and compliance purposes. This helps us detect and prevent unauthorised access.

Payment Information

Payment processing is handled by Stripe. We do not store your full payment card details. We only receive limited information from Stripe such as the last four digits of your card for display purposes.

Integration Configuration

If you configure webhook integrations (Slack, Microsoft Teams, Google Chat), we store your webhook URLs (encrypted at rest) and event subscription preferences.

3. Information from External Submitters

When external parties submit secrets through our platform (via secret requests or batch submissions), we collect:

  • Email address (if provided for confirmation)
  • IP address and user agent at time of submission
  • Submission timestamp
  • Encrypted secret value (we cannot access the plaintext)
  • Encrypted file contents (if files are submitted)

External submitters are not required to create accounts. Their data is retained for as long as the associated secret exists, plus our standard retention period after deletion.

4. How We Use Your Information

  • To provide and maintain our secret management services
  • To process your subscription and billing
  • To send important service notifications and security alerts
  • To monitor and improve our platform's security
  • To comply with legal obligations and respond to lawful requests
  • To provide customer support (including via our Help Scout support widget)
  • To detect, prevent, and address technical issues and abuse
  • To send webhook notifications to your configured integrations

5. Zero-Knowledge Architecture

keyhold.io employs a zero-knowledge architecture for secret values and file contents. This means:

  • Secret values and file contents are encrypted client-side before transmission
  • We cannot decrypt your secrets without your private key
  • Decryption requires cooperation between our server and your device
  • Even in the event of a data breach, your secrets remain cryptographically protected

Note: Zero-knowledge encryption applies only to secret values and file contents. Metadata, account information, and organisational structure are not subject to zero-knowledge encryption and are accessible to us.

6. Data Sharing

We do not sell your personal information. We may share information with:

  • Service providers: We use third-party sub-processors to help provide our services. A complete list is available on our Sub-Processors page.
  • Your configured integrations: Event notifications (not secret values) are sent to webhook URLs you configure for Slack, Microsoft Teams, or Google Chat
  • Legal requirements: When required by law, court order, or governmental regulation
  • Business transfers: In connection with a merger, acquisition, or sale of assets

Third-Party Integrations: When you configure webhook integrations, event notifications are sent to your specified endpoints. These notifications contain metadata about events (e.g., "a secret was created", "a user was invited") but never contain decrypted secret values. You are responsible for the data handling practices of the third-party platforms you integrate with.

7. Data Retention

We retain your data as follows:

  • Account information: For as long as your account is active or as needed to provide services
  • Audit logs: Retained for a minimum of 12 months for security and compliance purposes
  • Deleted secrets and files: Soft-deleted for up to 90 days (for accidental deletion recovery), then permanently deleted
  • External submission data: Retained for as long as the associated secret exists, plus the standard retention period
  • Integration configuration: Retained until you remove the integration or delete your account

Upon account deletion, your data will be removed within 30 days, except where retention is required by law or for legitimate business purposes (such as fraud prevention).

8. Your Rights

Under UK GDPR, you have the right to:

  • Access: Request access to the personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data (subject to legal retention requirements)
  • Restriction: Object to or restrict processing of your data
  • Portability: Receive your data in a structured, commonly used format
  • Withdraw consent: Where processing is based on consent, withdraw it at any time
  • Lodge a complaint: With the Information Commissioner's Office (ICO) if you believe your rights have been violated

To exercise these rights, . Note that due to our zero-knowledge architecture, we cannot provide you with decrypted secret values — you must export these yourself while you have access.

9. International Data Transfers

Our service infrastructure is hosted on Amazon Web Services. Data may be processed in data centres located in the European Economic Area (EEA) or the United Kingdom. Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

10. Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest for all data
  • Zero-knowledge encryption for secret values and file contents
  • AWS Key Management Service (KMS) for server-side key management
  • Mandatory two-factor authentication (TOTP) for all users
  • Rate limiting to prevent abuse
  • Comprehensive audit logging
  • Regular security reviews

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Cookies and Local Storage

We use essential cookies for authentication and session management. These are strictly necessary for the platform to function and cannot be disabled. We do not use tracking or advertising cookies.

Cookies we use:

  • Session cookie: Maintains your authenticated session
  • CSRF token: Protects against cross-site request forgery attacks

Local storage:

  • Help Scout Beacon: Our customer support widget uses browser local storage to maintain your conversation history across sessions. This data remains on your device and is linked to your identity only when you are signed in.
  • Encryption keys: Your session encryption keys are stored temporarily in browser storage to enable decryption of secrets during your session.

12. Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us and we will take steps to delete such information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a notice on our platform at least 30 days before they take effect. Your continued use of the service after such modifications constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy, please .

Logical Llama Limited

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.