KeyBolt

Privacy Policy

Last updated: March 11, 2026

1. Data We Collect

Account information: Name, email address, phone number, and organization details provided during signup.

Business data: Customer records, job details, invoices, inventory data, and team member information you enter into KeyBolt.

Usage data: Pages visited, features used, device type, and browser information for improving the Service.

Payment information: Processed and stored by Stripe. We never see or store your full credit card number.

2. Data Storage & Encryption

All data is stored in Supabase (PostgreSQL) with encryption at rest and in transit. Database connections use TLS. Backups are encrypted. Infrastructure is hosted on enterprise-grade cloud providers with SOC 2 compliance.

3. Sensitive Locksmith Data

We understand that key codes, bitting data, and safe combinations are security-sensitive information. This data receives special treatment:

  • Key codes and safe combinations are stored encrypted in the database
  • Sensitive data is never included in application logs
  • Access is restricted by row-level security to your organization only
  • No KeyBolt employee can view your key codes or safe combinations
  • Sensitive fields are excluded from analytics, error reporting, and debugging tools

4. Third-Party Services

We share data with the following service providers, only as needed:

  • Stripe — payment processing and invoice hosting. Receives customer name, email, and invoice amounts.
  • Resend — transactional email delivery. Receives recipient email addresses and email content.
  • Twilio — SMS notifications. Receives phone numbers and message content.
  • Vercel — application hosting. Processes HTTP requests.

We do not sell your data to third parties. We do not share data with advertising networks. No sensitive locksmith data (key codes, bitting, safe combinations) is ever sent to third-party services.

5. Cookies

We use essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies. No cookie consent banner is needed because we only use strictly necessary cookies.

6. Data Retention

Your data is retained for as long as your account is active. Soft-deleted records (customers) are retained for 90 days before permanent deletion. After account cancellation, your data is retained for 30 days to allow for reactivation or data export, then permanently deleted.

7. Your Rights

Depending on your location, you may have rights under CCPA, GDPR, or similar laws:

  • Access: Request a copy of all data we hold about you
  • Correction: Update or correct inaccurate data
  • Deletion: Request permanent deletion of your data
  • Portability: Export your data in a standard format (CSV/JSON)
  • Opt-out: Unsubscribe from marketing emails at any time

To exercise these rights, email support@keybolt.app. We respond within 30 days.

8. Account Deletion

You can delete your account from Settings at any time. Account deletion permanently removes all your data, including customer records, jobs, invoices, and team member information. This action cannot be undone after the 30-day retention period.

9. Security

We implement industry-standard security measures including encryption at rest and in transit, row-level security on all database tables, rate limiting on sensitive endpoints, and regular security audits. We follow the principle of least privilege for all data access.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email at least 30 days before taking effect. The “last updated” date at the top of this page reflects the most recent revision.

11. Contact

For privacy-related questions or requests, contact us at support@keybolt.app.