Privacy Policy

KeptWell holds some of the most sensitive information a family ever shares — diagnoses, scans, conversations with doctors. We treat it that way. We don't sell your data, we don't share it with advertisers, and we don't use it to train AI models.

This page explains what we collect, what we do with it, and what choices you have. If anything is unclear, email us at [email protected].

• Account information. Your name, email address, and — if you sign in with Apple on iOS — the Apple ID identifier Apple provides us. If you sign up from a specific marketing page (for example, /parents), we record which page so we can understand what reaches people.
• Medical documents and notes. When you upload a document, lab result, scan, or audio recording, we store it. When you write a note inside a circle, we store that too. Audio is uploaded directly from your device into encrypted file storage; everything else flows through our servers and into the same storage layer.
• AI chat history. When you chat with KeptWell about your family's care, we save your messages so the conversation persists across sessions. Chat content is encrypted at rest. AI chat history is private per user — even other members of the same care circle cannot read your conversations.
• Operational data. We keep what we need to run the service and debug problems: page views, error reports, request timing. We do not track you across other websites.

To provide the service. Reading documents, generating summaries, answering questions, sending notification emails, sharing inside care circles — that is what your data is for.

To improve the service. We look at aggregate, non-identifying patterns to make KeptWell better. We do not use your data to train AI models.

That is the entire list. We do not sell your data, share it with advertisers, or use it for any kind of profiling.

KeptWell runs on a small set of carefully chosen third parties. We share only what each one needs to do its job, and nothing more.

• Anthropic. Processes your documents and chat through the Claude API. Anthropic provides a Business Associate Agreement (BAA) under HIPAA, so protected health information stays inside that perimeter and is not used to train any model.
• Cloudflare. Stores your uploaded files (R2 object storage) and serves them via signed URLs that expire after five minutes by default. There are no permanent public URLs to your files.
• Database and infrastructure providers. Host the PostgreSQL database and application servers that run KeptWell.
• Sentry. Receives error reports so we can fix bugs. Identifying details are scrubbed before reports are sent.
• Email delivery service. Sends sign-in links and notification emails on our behalf.

Sensitive fields — chat messages, journal entries, patient names, API keys — are encrypted at rest. All traffic is TLS in transit. Uploaded files live behind signed, time-limited URLs. Every record is scoped to a care circle, and members of one circle cannot see data in another circle. Our Security page describes this in more detail.

• Account data. Kept while your account is active. If you delete your account, we delete your data within 30 days.
• Documents and notes. Kept until you delete them or delete your account. Deleted files are removed from object storage within 30 days.
• Chat history. Kept until you clear it or delete your account.
• Operational logs. Rotated within 90 days.

• Export. Download your full circle — documents, notes, timeline — as a ZIP, anytime, from inside the app.
• Delete. Delete individual items, or delete your entire account. Account deletion removes all data we hold for you within 30 days.
• Correct. Edit any record we hold (name, email, document metadata) from inside the app.
• Access. Ask us what we have on you and we will show you. Email [email protected].

KeptWell is built for adults coordinating care for family members. If a circle is created for a minor child receiving care, the adult who creates and manages the circle is responsible for the data inside it. The service is not directed at children, and we do not knowingly collect personal information from children under 13.

KeptWell is operated from the United States. If you use the service from outside the US, you are agreeing that your data may be processed in the US, where data-protection laws may differ from those in your country.

We update this page when our practices change. Material changes — new categories of data we collect, new third parties we share with — are flagged with a heading at the top of this page and, where appropriate, an in-app notice.

Questions, concerns, requests, or anything that needs a real human:

[email protected]