Privacy Policy

1. Introduction

Welcome to KeyResults.io ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our goal tracking and productivity platform.

By using KeyResults.io, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not access or use our services.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Full name (optional)
• Authentication credentials (securely hashed)
• Profile information you choose to provide

2.2 User Content

When you use our services, you may provide content including:

• Tasks, subtasks, goals, and project information
• Journal entries, personal notes, and mood tracking data
• Weekly plans and reflections (Plans, Progress, Problems)
• Comments and descriptions
• Inspirations and highlights
• Workspace and team collaboration data (if using team features)

2.3 Payment Information

When you subscribe to a paid plan, our payment processor (LemonSqueezy) collects:

• Payment card or payment method details
• Billing address
• Transaction history

We do not store your complete payment card information on our servers. LemonSqueezy acts as our Merchant of Record and handles all payment processing in compliance with PCI-DSS standards.

2.4 Usage Data

We automatically collect certain information when you use our services:

• Device information (browser type, operating system)
• IP address and approximate location
• Pages visited and features used
• Date and time of access
• Referring website or source

2.5 Optional Integration Data

If you enable optional integrations, we may collect additional data:

• Slack Integration: Workspace ID, channel name for sending weekly summaries
• Google Calendar: Calendar events and scheduling data (when enabled)
• Google OAuth: Basic profile information (name, email, profile picture) when signing in with Google

2.6 API Access

If you use our API or MCP (Model Context Protocol) integration with tools like Claude Desktop:

• API key identifiers and usage statistics
• Requests made through the API
• IP addresses of API clients

2.7 Cookies and Tracking Technologies

We use the following types of cookies and tracking:

• Essential cookies: Required for authentication and core functionality
• Analytics cookies: Help us understand how you use our service (via Google Analytics and Vercel Analytics)

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process your requests, transactions, and subscription payments
• Send you service-related communications (welcome emails, weekly summaries, trial reminders)
• Calculate productivity analytics (Health Score, velocity metrics, momentum tracking)
• Respond to your inquiries and support requests
• Analyze usage patterns to improve user experience
• Detect, prevent, and address technical issues or abuse
• Comply with legal obligations

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

• Contract: Processing necessary to provide our services to you
• Legitimate interests: Processing for our legitimate business interests, such as improving our services and preventing fraud
• Consent: Where you have given explicit consent for specific processing activities
• Legal obligation: Processing necessary to comply with applicable laws

5. Data Sharing and Third Parties

We share your information only with trusted service providers who assist us in operating our platform:

5.1 Optional Integrations

The following services only receive your data if you explicitly enable the integration:

We do not sell, trade, or rent your personal information to third parties for marketing purposes.

5.2 Workspace and Team Sharing

If you use workspace features to collaborate with others, your tasks, projects, goals, and related content may be visible to other workspace members based on the permissions you configure. You control what data is shared within your workspace.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to:

• Comply with legal obligations
• Resolve disputes
• Enforce our agreements

If you request deletion of your account, we will delete your personal data within 30 days, except where retention is required by law.

7. Your Privacy Rights

7.1 Rights for EU Residents (GDPR)

If you are located in the European Economic Area, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request limitation of processing
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time

7.2 Rights for California Residents (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

• Right to Know: Request information about the categories and specific pieces of personal information we collect
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale of personal information (note: we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

7.3 Exercising Your Rights

To exercise any of these rights, please contact us at support@keyresults.io. You can also export your data at any time through the Settings page in your account.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit using TLS/HTTPS
• Secure authentication with industry-standard practices
• Regular security assessments and monitoring
• Access controls and authentication requirements
• Rate limiting to prevent abuse

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer your data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission, to protect your information.

10. Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@keyresults.io, and we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes. Your continued use of our services after any modifications indicates your acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

For GDPR-related inquiries, EU residents may also lodge a complaint with their local data protection authority.