Who controls access to my Keepsake stories?

You decide who can view each story. Everything is private by default, and you can invite or remove readers whenever you choose.

Can I export or download my stories?

Yes. You can download a PDF backup of all stories at any time, and prompt replies sent through email stay in your inbox.

How does Keepsake secure my data?

Stories are protected in secure databases, the app uses encrypted connections, Stripe processes payments, and staff use physical security keys with strict access logging.

Privacy & Trust

How Keepsake protects your stories

Keepsake exists so families can preserve their memories. That goal only works if you trust us with your stories. This page explains in clear language how we keep your data under your control, and it complements the legal details in our Privacy Policy.

Summary at a glance

You decide who can view each story. Content is private by default and nothing is shared unless you invite someone.
You can download every story whenever you like. We never lock you into the platform.
We invest in secure hosting, storage, payments, and email infrastructure so your archive stays safe. The vendors we work with appear in the sections below.

You stay in control

Stories, photos, and videos are private by default until you invite readers.
Only you, and if relevant the person who gifted your subscription, can add or remove collaborators.
We never post to social media or share content publicly without your consent.
Sign in with email links by default. You can add a password or Google login if you prefer.
Cookie and tracking preferences are available at any time, and we respect Do Not Track requests.

Your stories are always accessible

Prompt replies that you submit through email stay in your inbox for your personal records.
Download a PDF backup of your entire Keepsake project whenever you want, and regenerate it as often as you like.
We run nightly backups across multiple secure locations. If hardware fails, your archive remains intact.

Security that matches the story you are telling

Our technical stack is built on services with strong security track records, and we add our own controls on top.

Keepsake runs on Vercel, which provides secure connections, attack protection, and automatic updates.
Stories and attachments are stored in Supabase's secure databases and file storage. Data is encrypted in transit and at rest, and every read or write event is logged.
Payments go through Stripe, so card details never touch Keepsake servers.
Transactional emails such as prompts and login links are delivered via Resend, with email security protocols in place.
Error monitoring runs through Sentry, which lets us respond quickly to issues.
Product analytics run through PostHog, and tracking only activates after you grant consent.
Team members authenticate with physical security keys. Access to production data is limited, audited, and granted only when you request support.

Transparent support practices

We only open a story if you ask for help and we log every access event.
When you delete content it is removed from active storage immediately and purged from backups within thirty days.
Our incident response plan follows GDPR and United States privacy requirements. If something goes wrong we will let you know promptly with mitigation steps.
Privacy questions are triaged by trained staff. Contact support@makekeepsake.com and expect a reply within two business days.

Next steps

Review the formal language in our Privacy Policy. If you want a human conversation about how Keepsake protects your family, email support@makekeepsake.com. We keep our own family memories here, so we are committed to keeping yours safe too.