KeptMind

Privacy & data

Are my recordings secure?

Yes. Voice recordings are encrypted in transit, processed within 24 hours, and never used to train third-party AI models. Transcripts stay in your account; audio is deleted automatically.

KeptMind handles voice data with the discipline its intimacy deserves. Voice captures often contain medical concerns, relationship doubts, work frustrations, financial stress, and the names of people you care about. The privacy and security architecture is designed around treating that content as the sensitive data it is, not as just another input.

## How voice data flows through KeptMind

When you capture a voice note in the app, here is what happens:

1. **Capture happens on-device** — the audio stream is recorded locally on your phone first. No part of your voice leaves the device until you finish speaking and the capture is saved.

2. **Transit is encrypted** — when the audio uploads for transcription, it travels over TLS 1.3. The audio file in transit is encrypted end-to-end between your device and our processing servers.

3. **Transcription happens on EU servers** — KeptMind processes audio on infrastructure located in Frankfurt, Germany. The audio file is held in volatile memory long enough to produce a transcript, then the audio file is deleted within 24 hours.

4. **Transcripts stay in your account** — the text version of your capture is stored in your task system, encrypted at rest. You can read, edit, export, or delete it at any time.

5. **Tasks and metadata** are stored alongside the transcript — the parsed task, energy level, scheduling info. None of this is shared externally.

## What we do not do

Three things are explicitly excluded from how we handle your data:

- **No training on your voice or transcripts**. Your captures are not used to train any AI model — ours, OpenAI's, Anthropic's, or anyone else's. The transcription provider receives the audio for processing only and contractually cannot retain or train on it.

- **No cross-site tracking**. We do not run third-party tracking pixels, ad networks, or behavior fingerprinting. The site has no Facebook Pixel, no Google Ads tracking, no fingerprinting libraries.

- **No selling data**. We do not sell, rent, or share user data with marketers, data brokers, or any commercial third party.

## GDPR and your rights

KeptMind is GDPR-compliant by design. As a user (in the EU or elsewhere — we extend GDPR rights globally), you have:

- **Right of access**: download a complete export of your data anytime — see [How do I export all my data?](/help/export-data)

- **Right of erasure**: delete your account and all associated data permanently from Settings → Data → Delete account

- **Right to rectification**: edit any captured task or transcript directly

- **Right to portability**: the export is JSON, machine-readable, importable into other tools

- **Right to object**: opt out of the few optional analytics signals (none required for the service)

To exercise any of these rights, use the app settings or email hello@keptmind.com. We respond within 5 business days for normal requests and 30 days maximum for complex ones (the GDPR ceiling).

## Retention periods

- **Audio files**: 24 hours maximum after transcription

- **Transcripts and tasks**: kept until you delete them or close your account

- **Account metadata** (email, plan, signup date): kept while account is active; deleted within 30 days of account closure

- **Server logs**: 30 days, scrubbed of personally identifying information after 7 days

- **Backups**: encrypted, retained 30 days, then permanently destroyed

## Frequently asked questions

### Can I use KeptMind without my voice ever leaving my device?

Partially. Text capture is fully on-device — the only outbound network traffic is the task save. Voice capture requires uploading audio for transcription because the on-device speech models we have evaluated are not yet accurate enough for ADHD-style speech (fast, hesitant, code-switching). We are tracking on-device transcription progress and will make it available as a setting once the accuracy gap closes.

### What if a hacker gets into my account?

KeptMind requires email + password (with optional 2FA via TOTP). If you suspect unauthorized access, change your password immediately and email hello@keptmind.com — we can audit recent access and force a session reset across all devices. We do not allow login from new devices without an email confirmation if you have 2FA enabled.

### Are voice captures encrypted at rest in addition to in transit?

Audio files in our 24-hour processing window are not encrypted at rest separately from the disk-level encryption on EU servers (which encrypts everything by default). Transcripts and tasks are encrypted at rest with per-account keys. The trade-off: encrypting individual audio files at the application layer would slow transcription by 2-4x and the file is deleted within hours anyway.

### What happens during a security incident?

KeptMind follows a documented incident response process. If user data is involved, affected users are notified within 72 hours (GDPR requirement) with the specific incident scope and remediation steps. We have not had a publicly-disclosed security incident to date; if we do, we will publish a post-mortem and you will hear from us directly.

### Can I see KeptMind's security audit?

We undergo annual third-party security review (penetration testing + SOC 2 readiness assessment). The summary report is available on request from compliance@keptmind.com for enterprise customers and partners. Individual users do not typically request it but can if interested.

For the full privacy policy with legal-grade detail, see [keptmind.com/privacy](/privacy). For exporting your data right now, see [How do I export all my data?](/help/export-data).

← Back to help center

← Back to help centerPrivacy & data

Are my recordings secure?

Yes. Voice recordings are encrypted in transit, processed within 24 hours, and never used to train third-party AI models. Transcripts stay in your account; audio is deleted automatically.

KeptMind handles voice data with the discipline its intimacy deserves. Voice captures often contain medical concerns, relationship doubts, work frustrations, financial stress, and the names of people you care about. The privacy and security architecture is designed around treating that content as the sensitive data it is, not as just another input.

How voice data flows through KeptMind

When you capture a voice note in the app, here is what happens:

  1. Capture happens on-device — the audio stream is recorded locally on your phone first. No part of your voice leaves the device until you finish speaking and the capture is saved.

  2. Transit is encrypted — when the audio uploads for transcription, it travels over TLS 1.3. The audio file in transit is encrypted end-to-end between your device and our processing servers.

  3. Transcription happens on EU servers — KeptMind processes audio on infrastructure located in Frankfurt, Germany. The audio file is held in volatile memory long enough to produce a transcript, then the audio file is deleted within 24 hours.

  4. Transcripts stay in your account — the text version of your capture is stored in your task system, encrypted at rest. You can read, edit, export, or delete it at any time.

  5. Tasks and metadata are stored alongside the transcript — the parsed task, energy level, scheduling info. None of this is shared externally.

What we do not do

Three things are explicitly excluded from how we handle your data:

  • No training on your voice or transcripts. Your captures are not used to train any AI model — ours, OpenAI's, Anthropic's, or anyone else's. The transcription provider receives the audio for processing only and contractually cannot retain or train on it.

  • No cross-site tracking. We do not run third-party tracking pixels, ad networks, or behavior fingerprinting. The site has no Facebook Pixel, no Google Ads tracking, no fingerprinting libraries.

  • No selling data. We do not sell, rent, or share user data with marketers, data brokers, or any commercial third party.

GDPR and your rights

KeptMind is GDPR-compliant by design. As a user (in the EU or elsewhere — we extend GDPR rights globally), you have:

  • Right of access: download a complete export of your data anytime — see How do I export all my data?

  • Right of erasure: delete your account and all associated data permanently from Settings → Data → Delete account

  • Right to rectification: edit any captured task or transcript directly

  • Right to portability: the export is JSON, machine-readable, importable into other tools

  • Right to object: opt out of the few optional analytics signals (none required for the service)

To exercise any of these rights, use the app settings or email hello@keptmind.com. We respond within 5 business days for normal requests and 30 days maximum for complex ones (the GDPR ceiling).

Retention periods

  • Audio files: 24 hours maximum after transcription

  • Transcripts and tasks: kept until you delete them or close your account

  • Account metadata (email, plan, signup date): kept while account is active; deleted within 30 days of account closure

  • Server logs: 30 days, scrubbed of personally identifying information after 7 days

  • Backups: encrypted, retained 30 days, then permanently destroyed

Frequently asked questions

Can I use KeptMind without my voice ever leaving my device?

Partially. Text capture is fully on-device — the only outbound network traffic is the task save. Voice capture requires uploading audio for transcription because the on-device speech models we have evaluated are not yet accurate enough for ADHD-style speech (fast, hesitant, code-switching). We are tracking on-device transcription progress and will make it available as a setting once the accuracy gap closes.

What if a hacker gets into my account?

KeptMind requires email + password (with optional 2FA via TOTP). If you suspect unauthorized access, change your password immediately and email hello@keptmind.com — we can audit recent access and force a session reset across all devices. We do not allow login from new devices without an email confirmation if you have 2FA enabled.

Are voice captures encrypted at rest in addition to in transit?

Audio files in our 24-hour processing window are not encrypted at rest separately from the disk-level encryption on EU servers (which encrypts everything by default). Transcripts and tasks are encrypted at rest with per-account keys. The trade-off: encrypting individual audio files at the application layer would slow transcription by 2-4x and the file is deleted within hours anyway.

What happens during a security incident?

KeptMind follows a documented incident response process. If user data is involved, affected users are notified within 72 hours (GDPR requirement) with the specific incident scope and remediation steps. We have not had a publicly-disclosed security incident to date; if we do, we will publish a post-mortem and you will hear from us directly.

Can I see KeptMind's security audit?

We undergo annual third-party security review (penetration testing + SOC 2 readiness assessment). The summary report is available on request from compliance@keptmind.com for enterprise customers and partners. Individual users do not typically request it but can if interested.

For the full privacy policy with legal-grade detail, see keptmind.com/privacy. For exporting your data right now, see How do I export all my data?.

Still stuck? hello@keptmind.com

Are my recordings secure? · KeptMind