Security and your data

You're trusting Keystone with your companies' work. Here is how we protect it, in plain terms.

Private by default

Every workspace is private to you. The areas, projects, and actions inside it inherit that privacy. A workspace becomes visible to anyone else only when you explicitly share it with members of your own organization. Nobody reaches your data by guessing a name or a link.

Isolated per account

Your data is scoped to your account, and access is checked on every request, not only at sign-in. A request for something you don't own returns nothing. Workspaces, projects, and areas are resolved through your organization membership, so one account can never read another's data.

Authentication

Sign-in and password management are handled by Clerk, a dedicated authentication provider. Your password never touches Keystone's servers. Sessions are managed securely and you can sign out of your account at any time.

Encryption

Connections to Keystone run over HTTPS, so your data is encrypted in transit. It is also encrypted at rest in our database. We host on Vercel and store data in Supabase (managed PostgreSQL).

Payments

Billing runs through Stripe. Card details go directly to Stripe and are never stored by Keystone. We keep only what we need to manage your subscription.

What we never do

We do not sell your data. We do not run ads. We do not use your actions to train models. Your data is used to operate the service you signed up for, and nothing else.

Deletion and retention

You can delete your account and all of its data from Settings at any time. Deleted actions move to Trash and are permanently removed after 30 days on the Free plan, or 90 days on Pro. We keep billing records only as long as the law requires.

Where we are

Keystone is early, and we'd rather be straight with you than imply more than is true. We do not yet hold formal certifications such as SOC 2. The protections above are in place today, and we treat your data with the same care we'd want for our own company's.

Found a security issue, or have a question about how your data is handled? Email hello@keystonefocus.app and we'll respond quickly.