Keepsake icon Keepsake

Privacy Policy

Effective July 7, 2026

The short version: Keepsake has no accounts, no servers, no analytics, and no telemetry. Your passwords are encrypted on your device with a key derived from your master password, and they are stored only where you put them: a local file or your own Dropbox. We never see, receive, or transmit any of your data.

What Keepsake stores, and where

Dropbox

If you connect Dropbox, Keepsake talks directly from your device to Dropbox's API over HTTPS to list, download, and upload your .kdbx files. No intermediary server is involved. The OAuth tokens that authorize this access are stored only on your device, and you can revoke them at any time from your Dropbox connected-apps page or by disconnecting inside Keepsake. Your use of Dropbox is governed by Dropbox's privacy policy. Files stored in Dropbox remain encrypted with your master password; Dropbox only ever holds the same encrypted bytes as your local disk would.

What Keepsake collects about you

Nothing. Keepsake contains no analytics, no crash reporting, no advertising identifiers, and no network calls other than the Dropbox API requests you initiate. We do not know who uses Keepsake, and we cannot access anyone's data.

Clipboard

When you copy a password or other secret, Keepsake automatically clears it from the clipboard 30 seconds later (if the clipboard still contains that value). Be aware that other apps on your device can read the clipboard while a value is on it; this is a property of every operating system, not something any password manager can prevent.

Children

Keepsake does not collect personal information from anyone, including children.

Changes

If this policy ever changes, the new version will be published at this address with an updated effective date, and the change history is public in the project repository.

Contact

Questions? Open an issue on GitHub.