KeepMore.MoneyBETA
Sign InGet Started
Back

Legal

Privacy Policy

Effective Date: March 12, 2026  ·  Version 1.0

KeepMore.Money (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit keepmore.money (the “Site”) or use our Services.

We comply with the General Data Protection Regulation (GDPR) for users in the European Economic Area and United Kingdom, the California Consumer Privacy Act (CCPA / CPRA) for California residents, Canada’s PIPEDA, and other applicable North American privacy laws.

By using the Site or Services, you agree to the terms of this Policy. If you do not agree, please discontinue use. This Policy does not apply to third-party websites or services linked from our Site.

1. Information We Collect

Account and Profile Data

When you create an account or update your profile:
  • Email address (required for sign-in via Supabase Auth)
  • Display name and avatar URL (optional, if provided)
  • Timezone and locale preferences

Financial and Tax Data (Optional)

To enable personalized calculations and residency tracking, you may voluntarily provide:
  • Annual income — stored in your account preferences and included in saved calculations
  • Citizenship and home country
  • Number of dependents and marital status (where relevant)
  • Preferred currency

Saved calculations (Premium feature) store your full calculation inputs and results — including salary — as encrypted JSON in our database. You can delete saved calculations at any time.

Residency and Travel Data (Premium)

For the residency tracker (Premium only, with explicit opt-in):
  • Trip dates, country codes, visa types, visa expiry dates, and notes
  • Running day counts and computed risk scores per country per year
  • Visa and permit documents (document name, issue/expiry dates)
This data is stored in our database and processed to generate residency risk scores and threshold alerts. You can export it as CSV or delete all residency data at any time.

Usage and Analytics Data

Automatically collected when you interact with the Site:
  • IP address (used to infer approximate country/region for defaults; not stored long-term)
  • Browser type, device type, and operating system
  • Pages visited, features used, session duration, and referral source — tracked via Plausible Analytics
  • Custom product events: e.g., when a comparison is run, a result is saved, or the upgrade flow is opened
We use privacy-friendly, aggregate analytics and do not send personally identifiable information (such as name or email) in analytics events.

Payment Data

Payment is processed entirely by Stripe. We do not store credit card numbers, CVVs, or bank details. We store only:
  • Your Stripe customer ID, subscription ID, and subscription status
  • Trial start/end dates and billing period

Data We Do Not Collect

  • We do not collect GPS or precise location data (no location tracking of any kind is implemented)
  • We do not collect health, biometric, racial, religious, or political information
  • We do not use advertising cookies or track you across other websites
  • Tax calculation logs are disabled by default — individual calculation inputs and outputs are not logged at the server level unless you explicitly save a calculation

2. How We Use Your Information

  • Provide the Services — tax calculations, residency tracking, risk scoring, and saved comparisons
  • Personalize your experience — default country suggestions based on region, saved preferences, notification settings
  • AI-powered features — see Section 4 for a full disclosure of what data is shared with our AI provider
  • Transactional communications — residency threshold alerts, visa expiry reminders, subscription confirmations, and support replies. You can opt out of non-essential emails at any time
  • Analytics and improvement — understanding aggregate feature usage to prioritize product improvements
  • Legal compliance — payment processing, audit logs, and responding to lawful government requests

We do not use your data for advertising, behavioural profiling, or selling to third parties.

Legal bases (GDPR): We process data under the following legal bases: performance of a contract (account features), legitimate interests (analytics, security), and explicit consent (AI features, residency tracking with personal data).

Data retention: Account and preference data is retained for the lifetime of your account. If you request account deletion, all personal data is removed within 30 days, except where retention is legally required (e.g., payment records for tax/accounting purposes, typically 7 years).

3. How We Share Your Information

We do not sell your personal data. We share it only as follows:

Sub-Processors

We use the following third-party services to operate the platform. Each is bound by a data processing agreement (DPA) that restricts them from using your data for their own purposes:
  • Supabase — authentication, database hosting (PostgreSQL), and file storage
  • Stripe — payment processing and subscription management (PCI-DSS Level 1)
  • Brevo — transactional email delivery (account alerts, reminders)
  • OpenAI — AI-powered features (see Section 4 for full details)
  • Plausible Analytics — anonymized usage analytics

Legal Requirements

If required by law, court order, or government authority, we will disclose the minimum necessary information. Where legally permitted, we will notify you before complying.

Business Transfers

In the event of a merger, acquisition, or sale of assets, user data may transfer to a successor entity under the same privacy protections. We will notify you by email and post a notice on the Site before any such transfer takes place.

Shared Calculation Results

When you share a results link or image, only the parameters you chose to include (salary range, countries, selected regimes) are embedded. No account details or personal identifiers are included in shared URLs or images unless you explicitly add them.

4. AI-Powered Features and Third-Party AI Processing

Some Premium features use OpenAI’s API (model: gpt-4o-mini) to generate personalized insights. This section describes exactly what data is sent to OpenAI and under what conditions.

What Data is Sent to OpenAI

When you use any of the following AI features, the data listed below is included in the prompt sent to OpenAI:
  • AI Trip Suggestions (when you request analysis before adding a trip) — your citizenship, annual income, dependent count, home country, current residency day counts per country, and the proposed trip details
  • AI Log Narratives (residency risk summaries) — your citizenship, annual income, dependent count, and residency log data (country, days, risk score)
  • AI Alert Summary (personalized alert prioritization) — your citizenship, annual income, home country, and the content of your unread residency alerts
  • AI Trip Parser (parsing plain-English trip descriptions) — the text you type in the parser, which may contain trip details you choose to include

How OpenAI Uses This Data

Per OpenAI’s API data usage policy (as of 2026), data sent via the API is not used to train OpenAI models by default. Prompts and responses are retained by OpenAI for a limited period for abuse monitoring purposes. We rely on OpenAI’s API data privacy policy and their Data Processing Agreement (DPA) for compliance.

Opting Out of AI Features

AI features are optional. You can use the residency tracker, save trips, and view risk scores entirely without triggering any AI calls. AI features are only invoked when you explicitly click an AI-labeled button (e.g., “Get AI Suggestions,” “AI Trip Parser”). If you prefer not to share your data with OpenAI, simply do not use those features.

EU AI Act Transparency (2025–2026)

In line with the EU AI Act (effective August 2025), we disclose that our AI features are classified as limited-risk AI systems. The residency risk scores displayed in the dashboard are algorithmic calculations based on rules we define — not machine-learning predictions. AI-generated summaries and suggestions are advisory only and do not constitute automated decisions with legal or similarly significant effects.

5. Cookies, Local Storage, and Tracking

Authentication Tokens

We use Supabase Auth, which stores your JWT access token and refresh token in your browser’s localStorage (not in cookies). These tokens are required for authenticated features and are cleared when you sign out. No session cookies are set by our application.

Cookies We Set

  • Theme preference — stored in localStorage to remember your dark/light mode setting
  • Supabase authentication cookies — Supabase may set short-lived sb-* cookies as part of its auth flow

Plausible Analytics

We use Plausible to track aggregate, anonymized usage and product events. Plausible is configured as a privacy-friendly analytics provider and does not rely on personal identifiers from your account. You can use browser privacy controls such as Do Not Track to limit analytics collection.

We do not use advertising cookies, retargeting pixels, or social media tracking scripts. No data is shared with Meta, TikTok, or ad networks.

6. Data Security

  • All data in transit is protected by HTTPS/TLS
  • Database data is encrypted at rest
  • Authentication uses short-lived JWT tokens managed by Supabase — no passwords are stored by us
  • Payment processing is handled entirely by Stripe (PCI-DSS Level 1 certified) — we never handle raw card data
  • API access is rate-limited per user to prevent abuse
  • Production infrastructure access is restricted and logged

No system is 100% secure. If you believe your account has been compromised, contact support@keepmore.money immediately. In the event of a data breach affecting EU users, we will notify the relevant supervisory authority within 72 hours as required by GDPR Article 33, and affected users without undue delay.

7. Your Rights and Choices

All Users

  • Access: Request a copy of the personal data we hold about you by contacting us at privacy@keepmore.money
  • Correction: Update your data via your profile and preferences settings at any time
  • Residency data deletion: Delete all residency tracking data (trips, logs, alerts) from your dashboard settings
  • Account deletion: Request full account deletion by emailing privacy@keepmore.money. We will process the deletion within 30 days and confirm by email
  • Data export: Export your residency travel data as CSV from the residency dashboard. For a full export of all account data, submit a request to privacy@keepmore.money
  • Opt-out of emails: Use the unsubscribe link in any email or manage notification preferences in your account settings

EU / EEA / UK Users (GDPR / UK GDPR)

In addition to the above, you have the right to:
  • Object to processing based on legitimate interests
  • Restrict processing in certain circumstances (e.g., while a dispute is resolved)
  • Portability — receive your data in a structured, machine-readable format
  • Withdraw consent at any time for processing based on consent, without affecting prior lawful processing
  • Lodge a complaint with your national supervisory authority — e.g., the ICO (UK), CNIL (France), BfDI (Germany), or your local Data Protection Authority

California Residents (CCPA / CPRA 2023)

California residents have the right to:
  • Know what personal information we collect, use, and disclose
  • Request deletion of personal information
  • Opt out of the “sale” or “sharing” of personal information — we do neither
  • Correct inaccurate personal information
  • Limit the use of sensitive personal information — we do not use sensitive PI beyond what is necessary to deliver the Service
  • Non-discrimination for exercising these rights
To exercise your CCPA rights, contact privacy@keepmore.money.

Canadian Users (PIPEDA / Law 25)

Canadian users have rights to access, correct, and withdraw consent for their personal information under PIPEDA and provincial laws (including Quebec’s Law 25). Contact us at privacy@keepmore.money to exercise these rights.

Children

Our Services are not directed to individuals under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us and we will delete it promptly.

8. International Data Transfers

KeepMore.Money is operated from North America. By using our Services, your data may be processed in the United States or European Union, depending on your region and the infrastructure provider’s configuration.

For users in the EEA and UK, transfers to third countries (including the US) are conducted under appropriate safeguards including Standard Contractual Clauses (SCCs) as approved by the European Commission, or other recognized transfer mechanisms under GDPR Chapter V.

Our key infrastructure providers and their transfer frameworks:

  • Supabase — offers EU-hosted databases; we use SCCs where applicable
  • Stripe — EU–US Data Privacy Framework and SCCs
  • Brevo — GDPR compliant; EU-based infrastructure available
  • OpenAI — EU–US DPA available; API data not used for model training

9. Changes to This Policy

We may update this Policy to reflect changes in our practices, new features, or evolving legal requirements. For material changes — such as new categories of data collection or new sharing arrangements — we will notify you by email (if you have an account) and post a prominent notice on the Site at least 30 days before the changes take effect.

Minor clarifications will be updated on this page with a revised effective date. Your continued use after the effective date of a material change constitutes acceptance.

10. Contact Us

For any questions, requests, or complaints regarding this Policy or your data:

We will respond to privacy inquiries within 5 business days and to formal data subject access requests within 30 days (extendable to 90 days where permitted by law, with notice).

EU and UK users who are not satisfied with our response have the right to lodge a complaint with their local supervisory authority.