Privacy Policy

Keystead is a property management software product operated by Kellzi Group (“Keystead,” “we,” “us”). This policy describes what data we collect, why, and how it's handled.

• Account info: email, name, organization name (via Clerk authentication).
• Property data you enter or upload: property addresses, units, lease PDFs, tenant names, emails, phone numbers, rent amounts, dates, work orders, expenses.
• Banking data (via Plaid): if you choose to connect a bank account, we receive read-only transaction data (date, amount, description, merchant, account type) from your accounts so we can match incoming rent payments to leases. We never receive your bank login credentials — those stay between you and Plaid.
• Billing data: handled by Stripe. We store your plan, subscription status, and a Stripe customer ID — not your card details.
• Usage logs: standard server logs (request paths, timestamps, error stack traces) retained ~30 days for debugging.

• To provide the product's features (AI lease parsing, rent tracking, reports, etc.).
• To send transactional emails (welcome, trial reminders, receipts, lease/payment notifications).
• To respond to your support requests.
• To improve the product (in aggregate — never to train AI models on your tenant data).

We do not sell your data, share it with advertisers, or use it for marketing to third parties.

• All data is transmitted over HTTPS.
• Plaid access tokens are encrypted at rest using AES-256-GCM with a key stored separately from the database.
• Database backups are encrypted at rest by our hosting provider (Vercel Postgres / Neon).
• Authentication is handled by Clerk (SOC 2 Type II compliant).
• Lease PDFs are stored in Vercel Blob with auth-gated proxy access — only members of the lease's organization can fetch them.

We share data with these providers only as needed to deliver the service:

• Vercel — hosting, blob storage, Postgres database
• Clerk — user authentication and organization management
• Stripe — subscription billing
• Plaid — bank account data aggregation (only if you opt in)
• Anthropic — lease PDF text extraction (file is sent for processing, not retained by Anthropic for training)
• Resend — transactional email delivery
• RentCast, Mapbox — public records lookups and address autocomplete

• Access — request a copy of your data.
• Correct — fix anything that's wrong directly in-app.
• Delete — close your account and we will delete your data within 30 days, except where retention is required by law (e.g. tax records).
• Disconnect Plaid — revoke bank access from the Connections page anytime.
• California and EU residents have additional rights under CCPA and GDPR — contact us and we'll handle requests within the required timeframes.

We retain your data for as long as your account is active. After account deletion, we delete primary copies within 30 days. Encrypted backups roll off within 90 days. Aggregated, anonymized usage statistics may be retained indefinitely.

Questions, requests, or concerns: alec@kellzigroup.com