Privacy Policy

01Who we are

Keyzee ("we", "us") provides a cloud-based master key system generator for licensed locksmiths. Our service is hosted on Vercel (US) with data stored in Supabase (AU region where available).

02Information we collect

• Account data — name, email address, and hashed password (managed by Supabase Auth).
• System data — master key system designs, customer names, door schedules, and hardware specifications you create within the app.
• Usage analytics — page views via Plausible Analytics (privacy-friendly, no cookies, no personal data).
• Error reports — crash data via Sentry (when enabled) including stack traces and browser metadata — no key bittings or customer PII.

03How we use your data

• To provide and improve the Keyzee service.
• To authenticate your account and enforce access controls.
• To diagnose errors and maintain service reliability.

We do not sell, rent, or share your data with third parties for marketing purposes.

04Data storage and security

All system data is stored in a PostgreSQL database with Row-Level Security (RLS) ensuring users can only access their own records. Data is encrypted in transit (TLS 1.2+) and at rest. Passwords are hashed with bcrypt.

05Data retention and deletion

Your data is retained for as long as your account is active. You may request deletion of your account and all associated data by contacting sales@keyzee.app. We will process deletion requests within 30 days, consistent with the Australian Privacy Act 1988.

06Your rights

Under the Australian Privacy Act and NZ Privacy Act 2020, you have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate information.
• Request deletion of your account and data.
• Lodge a complaint with the OAIC (AU) or OPC (NZ).

07Exporting your data

You can download a complete archive of your customers, systems, prefs, and photos at any time from Settings → Backup & data. The archive is a standard ZIP with a JSON file (schema documented inline) plus the original photo binaries.

You can optionally encrypt the archive with a passphrase. The passphrase never leaves your browser; we cannot recover it. Without it, an encrypted archive cannot be opened.

For service-continuity disaster recovery (region outage, accidental table drop), we rely on database-level backups maintained by our infrastructure provider (Supabase). We do not retain per-user point-in-time historical snapshots; if you want a backup as of a specific date, export it yourself and keep the file.

08Cookies

Keyzee uses a single essential cookie for session authentication (Supabase auth token). We do not use tracking cookies. Plausible Analytics is cookie-free.

09Changes to this policy

We may update this policy from time to time. Material changes will be communicated via the app or email.

10Contact

For privacy enquiries — sales@keyzee.app