Skip to content

Privacy Policy

Your privacy matters. Here's how we collect, use, and protect your data.

Last updated: April 5, 2026

Information We Collect

  • Account information: name, email address, and password when you create an account.
  • Organization data: company name, site locations, and team member details you provide during setup.
  • Usage data: asset tracking records, issue/return history, and audit logs generated through normal use of the platform.
  • Technical data: browser type, IP address, and device information collected automatically for security and performance.

How We Use Your Information

  • To provide and maintain the Kepto service, including asset tracking, team management, and reporting.
  • To authenticate your identity and secure your account.
  • To send important service notifications (e.g., security alerts, account changes).
  • To improve our platform based on aggregated, anonymized usage patterns.
  • We do not sell, rent, or share your personal data with third parties for marketing purposes.

Data Security

  • All passwords are hashed using industry-standard bcrypt with a cost factor of 12.
  • Sessions are managed via HTTP-only, secure cookies with JWT tokens.
  • All data in transit is encrypted via TLS/HTTPS.
  • Multi-tenant data isolation ensures your organization’s data is never accessible to other organizations.
  • We conduct regular security reviews and follow OWASP best practices.

Data Storage & Retention

  • Your data is stored on secure, encrypted servers.
  • Key history and audit logs are retained according to your subscription tier.
  • You may export your data at any time using our built-in CSV export features.
  • Upon account deletion, all associated data is permanently removed within 30 days.

Your Rights

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Update or correct inaccurate information via your Settings page.
  • Deletion: Request deletion of your account and all associated data.
  • Export: Download your data at any time through the platform’s export tools.
  • Withdraw consent: Opt out of non-essential communications at any time.

Contact Us

  • If you have questions about this Privacy Policy or how we handle your data, please contact us through our Contact page or email us at privacy@kepto.io.
  • We will respond to all privacy-related inquiries within 30 business days.