Privacy Policy

1. Who we are

Keen (“Keen,” “we,” “us,” “our”) operates the Keen personal-finance messaging service available at keen.money. Contact: hey@keen.money.

2. Information we collect

a) Information you provide directly

• Phone number. The number you text Keen from is your account identifier. Required.
• Conversation content. The messages you send Keen and our replies. Stored so the agent can remember what you've discussed.
• Voluntary financial details. Income, rent, recurring bills, goals, balances, or other facts you share in messages.
• Photos. If you send a photo (e.g., a bill or receipt), we extract structured data (merchant, total, line items) and may keep the extracted summary plus a short-term cached copy of the image.

b) Information from your bank, only if you connect Plaid

Connecting your bank is optional. If you choose to, you authorize read-only access via Plaid Inc. (“Plaid”). Through Plaid we receive:

• Account names, types, and last-four account numbers
• Account balances
• Transaction history (date, amount, merchant, category)
• Account-holder name as reported by your bank

Plaid handles bank authentication on its own platform. We never see your banking username or password, and we have no ability to move money, initiate payments, or change your bank settings.

c) Payment information (Pro subscribers only)

If you subscribe to Keen Pro, payment is processed by Stripe, Inc. (“Stripe”). We receive a confirmation that payment succeeded plus the last four digits of your card and brand for receipts. We never receive or store your full card number.

d) Automatic technical information

• Server logs (IP address, timestamps, request paths) for security and abuse prevention.
• Anonymous error telemetry via Sentry (no message content).
• Aggregate usage metrics (e.g., total negotiations completed) for product improvement.

3. How we use your information

• Power the conversation — understanding your messages, generating relevant responses, remembering details across turns.
• Look up market rates and run live web searches when you discuss a price, bill, or product.
• Detect events worth flagging proactively — recurring price hikes, bank fees, charges from a service you cancelled, free-trial conversions, savings opportunities.
• Negotiate bills, cancel subscriptions, and recover bank fees when you authorize Keen to act on your behalf.
• Send transactional notifications (renewal reminders, action results, payment confirmations).
• Provide and bill for the Keen Pro subscription.
• Detect, prevent, and respond to fraud, abuse, and security incidents.
• Comply with legal obligations.
• Improve Keen using aggregated, de-identified usage patterns. We do not use your raw transactions or messages to train AI models, and we do not allow our LLM providers to do so either.

4. Sensitive personal information

We treat your financial information as sensitive personal information. Specifically:

• Bank-data access is encrypted in transit and at rest, with access restricted to authorized personnel and the subprocessors listed below.
• We never proactively flag transactions in sensitive categories — alcohol, gambling, adult content, healthcare/therapy, pharmacies, legal services. If you ask Keen directly about your spending in those categories, it will answer honestly, but it will not volunteer observations.
• We do not use sensitive personal information for any purpose beyond providing and securing the service. You have a right to limit our use of sensitive personal information; we already do.

5. How we share your information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We share information only with the service providers and in the situations listed below.

a) Subprocessors

We use the following third-party service providers to deliver the service. Each operates under a written data-processing agreement that limits their use of your information to providing services to us.

• Plaid Inc. — bank-account data access. Plaid's End User Privacy Policy: https://plaid.com/legal/#end-user-privacy-policy
• Sendblue — iMessage / SMS delivery infrastructure.
• Stripe, Inc. — payment processing for Pro subscriptions.
• LLM providers (Anthropic and equivalent) — process your messages to generate Keen's responses. Messages sent for inference are not retained for training.
• Resend — transactional email delivery.
• Retell AI — automated phone calls for bill negotiations and cancellations you authorize.
• Sentry — error and exception monitoring (does not include message content).
• Cloud infrastructure (Railway, AWS, GCP) — hosting and database storage in the United States.

b) Other situations

• Legal requirements — to comply with subpoenas, court orders, or other legal obligations.
• Safety — to protect rights, property, or safety of Keen, our users, or the public.
• Business transfers — in connection with a merger, acquisition, or sale of assets, with notice to you and continued protection.

6. Plaid-specific disclosures

If you connect a bank account to Keen via Plaid:

• You are also subject to Plaid's End User Privacy Policy: https://plaid.com/legal/#end-user-privacy-policy
• You can view all your Plaid connections, disconnect specific apps, and request data deletion at Plaid Portal: https://my.plaid.com
• Disconnecting Keen via Plaid Portal will revoke our access to your bank data; we delete the corresponding access token and bank-derived data within 30 days.
• Keen receives data only as Plaid directs at our request. We do not access additional Plaid products beyond what is necessary to provide Keen's features.

7. Messaging (iMessage / SMS)

• Opt-in. By texting Keen first, you consent to receive replies from Keen and to the proactive notification cadence described in the Terms of Service.
• Frequency. Variable. Keen replies when you text it. Keen also sends proactive messages (reminders you scheduled, action results you authorized, infrequent opportunity alerts) — typically 0–3 per day. You can adjust the cadence at any time by telling Keen "fewer texts" or "minimal."
• Opt-out. Reply STOP at any time to stop all proactive messaging from Keen. We acknowledge once and stop. We also honor STOPALL, UNSUBSCRIBE, OPTOUT, CANCEL, END, REVOKE, and QUIT.
• Help. Reply HELP for support information.
• Sender ID. Messages from Keen come from (305) 333-3940.
• Carrier charges. Standard message and data rates from your carrier may apply. Keen itself does not charge per message.
• Delivery infrastructure. We use Sendblue to deliver messages. Sendblue processes your phone number and message content on our behalf under a data-processing agreement.

8. Data retention

• While your account is active: we retain your data as long as needed to provide the service.
• After deletion: full deletion within 30 days of your deletion request, including conversation history, financial details, and any Plaid bank tokens.
• Plaid access tokens: deleted immediately upon disconnection (via the agent or Plaid Portal).
• Server logs: 90 days.
• Aggregated, de-identified analytics: retained indefinitely (no longer linked to you).
• Records required by law (e.g., tax records for paid subscriptions): retained for the period required by law.

9. Your rights

All users

• Access — request a copy of the personal information we hold about you.
• Correction — ask us to fix inaccurate information.
• Deletion — ask us to delete your account and data.
• Withdrawal of consent — disconnect Plaid, opt out of messaging, or close your account at any time.

California residents (CCPA / CPRA)

You also have the right to:

• Know what personal information we collect, use, disclose, and sell or share — disclosed in this Policy.
• Opt out of sale or sharing of personal information — we do not sell or share for cross-context behavioral advertising; nothing to opt out of.
• Limit our use of sensitive personal information — we already limit use to providing and securing the service.
• Non-discrimination for exercising your rights — we will not deny you service or charge a different price for exercising any right.

EU / UK residents (GDPR / UK GDPR)

You also have the right to:

• Data portability — receive your data in a structured, machine-readable format.
• Object to processing based on legitimate interests.
• Lodge a complaint with your local data protection authority.

How to exercise your rights — two equivalent methods

1. Text Keen from your registered phone — phrases like "delete my data," "export my data," "stop messaging me."
2. Email hey@keen.money.

We respond within 45 days for CCPA/CPRA requests and within 30 days for GDPR requests. We may verify your identity (typically by confirming you control the registered phone number).

10. Security

• TLS encryption for all data in transit.
• Encryption at rest for stored data.
• Bank credentials are never seen by Keen — Plaid handles authentication on its own platform.
• Card numbers are never seen by Keen — Stripe handles payment on its own platform.
• Access controls and least-privilege principles for production systems.
• Regular security review and dependency monitoring.
• In the event of a confirmed personal-data breach affecting you, we will notify you within 72 hours of confirmation, consistent with applicable law.

No system is perfectly secure. Use a unique, strong password for your bank and enable multi-factor authentication.

11. Children

Keen is not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact hey@keen.money and we will delete it.

12. International users and data transfers

Keen is operated in the United States. By using Keen you understand that your information will be processed in the US and may be processed in other jurisdictions where our subprocessors operate. Where required by law (e.g., for EU/UK transfers), we rely on Standard Contractual Clauses or equivalent safeguards.

13. Changes to this Policy

We may update this Policy. The "Last updated" date at the top reflects the current version. Material changes will be communicated via Keen text or email at least 14 days before they take effect. Continued use after the effective date constitutes acceptance.

14. Contact

Privacy questions, data requests, or complaints: hey@keen.money or text Keen at (305) 333-3940.