Privacy Policy

Last updated: 15 January 2026

1. Introduction

Logical Llama Limited (Company Registration Number: 16803899), trading as keyhold.io ("we", "us", or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our zero-knowledge secret management platform.

We are registered in the United Kingdom. For any privacy-related enquiries, please contact us at [email protected].

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and organisation details. This information is necessary to provide our services and communicate with you.

Cryptographic Keys

We store your public cryptographic key to enable our zero-knowledge encryption system. Your private key is generated and stored exclusively on your device and is never transmitted to our servers.

Usage Data

We collect audit logs including access times, IP addresses, and user actions for security monitoring and compliance purposes. This helps us detect and prevent unauthorised access.

Payment Information

Payment processing is handled by Stripe. We do not store your full payment card details. We only receive limited information from Stripe such as the last four digits of your card for display purposes.

3. How We Use Your Information

  • To provide and maintain our secret management services
  • To process your subscription and billing
  • To send important service notifications and security alerts
  • To monitor and improve our platform's security
  • To comply with legal obligations and respond to lawful requests
  • To provide customer support

4. Zero-Knowledge Architecture

keyhold.io employs a zero-knowledge architecture. This means:

  • Your secrets are encrypted client-side before transmission
  • We cannot decrypt your secrets without your private key
  • Decryption requires cooperation between our server and your device
  • Even in the event of a data breach, your secrets remain cryptographically protected

5. Data Sharing

We do not sell your personal information. We may share information with:

  • Service providers: AWS (infrastructure), Stripe (payments), and email providers for transactional communications
  • Legal requirements: When required by law, court order, or governmental regulation
  • Business transfers: In connection with a merger, acquisition, or sale of assets

6. Data Retention

We retain your account information for as long as your account is active or as needed to provide services. Audit logs are retained for a minimum of 12 months for security and compliance purposes. Upon account deletion, your data will be removed within 30 days, except where retention is required by law.

7. Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Data portability
  • Withdraw consent at any time

To exercise these rights, contact us at [email protected].

8. Security

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, AWS KMS for key management, two-factor authentication, and regular security audits. However, no method of transmission over the Internet is 100% secure.

9. Cookies

We use essential cookies for authentication and session management. These are strictly necessary for the platform to function and cannot be disabled. We do not use tracking or advertising cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a notice on our platform. Your continued use of the service after such modifications constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at:
[email protected]