# Kept Privacy Policy

Last updated: May 9, 2026

Kept is local-first by design. This policy explains what Kept records, where that information is stored, and what happens when a user exports or shares a proof bundle.

## Summary

Kept is a Chrome extension that lets users intentionally record a browser tab and create a tamper-evident receipt of important online sessions. In v1, recording data is stored locally in the user's browser profile by default. Kept does not upload recordings, screenshots, event logs, or proof bundles to Kept servers.

## Information Kept Records

When a user starts a recording, Kept may save active-tab video, screenshots, page URLs, page titles, navigation events, click metadata, form-submit metadata, timestamps, artifact hashes, and verification metadata.

Kept records the active tab, not the whole desktop.

Kept avoids saving raw form values in event metadata where possible and marks sensitive-looking fields as unsafe to persist. Visible page content may still appear in screenshots or video if it is displayed during recording.

## Where Information Is Stored

Kept stores sessions and artifacts locally in Chrome extension storage and IndexedDB for the browser profile where the extension is installed. Data remains there until the user deletes it from Kept, removes browser extension data, or uninstalls the extension.

## Exports and Sharing

Users can choose to export a proof bundle. Exported files are saved through the browser download flow and are controlled by the user.

If a user sends an exported bundle to another person or service, that sharing is outside Kept's local storage environment.

Kept includes tools to blur screenshot regions before export. Those tools help prepare a bundle for sharing, but they are not a guarantee that every sensitive detail has been removed from every artifact.

## Information Kept Does Not Sell

Kept does not sell personal information. Kept does not use recording data for advertising, credit decisions, or data broker activity. Kept does not transfer recording data to third parties for purposes unrelated to the extension's user-facing proof features.

## Accounts and Payments

The local recording flow does not upload proof contents to Kept servers. Account, licensing, support, and payment services may use contact, billing, and entitlement information to unlock paid features or provide support.

## Website Analytics

Kept uses PostHog on the marketing and account website to understand basic site usage, such as page views, selected button clicks, and website session replay. Website replay masks input values. Kept does not send extension recordings, screenshots, event logs, proof bundles, or raw form values to PostHog.

Kept may also record limited server-side events for AI crawler and LLM resource requests, such as requests for `llms.txt`, `robots.txt`, sitemap, or Markdown page mirrors. These events are intended to measure whether machine-readable resources are being discovered.

## Chrome Permissions

Kept requests Chrome permissions needed to record a user-started browser session, save local artifacts, inject the content script while recording, observe navigation during an active session, and export proof bundles.

Kept does not use these permissions to silently monitor unrelated browsing.

## Security and Verification

Kept uses hashes to make exported proof bundles tamper-evident. Verification can detect changes to bundle contents after export, but Kept is not court-certified evidence and does not prove that a website was authentic.

## Children

Kept is not intended for children under 13. Do not use Kept to record information about children unless you have the legal right to do so.

## Changes to This Policy

Kept may update this policy as the product changes. Material changes should be reflected on the privacy page with an updated date.

## Contact

Questions about this policy can be sent to support@itskept.app.