Effective July 7, 2026
The short version: Keepsake has no accounts, no servers, no analytics, and no telemetry. Your passwords are encrypted on your device with a key derived from your master password, and they are stored only where you put them: a local file or your own Dropbox. We never see, receive, or transmit any of your data.
.kdbx file, encrypted with
your master password (Argon2/AES). It lives wherever you choose: a file on your
device, or a file in your own Dropbox account. Keepsake writes a .bak
backup next to local vault files when saving.
If you connect Dropbox, Keepsake talks directly from your device to
Dropbox's API over HTTPS to list, download, and upload your .kdbx files.
No intermediary server is involved. The OAuth tokens that authorize this access are
stored only on your device, and you can revoke them at any time from your
Dropbox connected-apps page
or by disconnecting inside Keepsake. Your use of Dropbox is governed by
Dropbox's privacy policy.
Files stored in Dropbox remain encrypted with your master password; Dropbox
only ever holds the same encrypted bytes as your local disk would.
Nothing. Keepsake contains no analytics, no crash reporting, no advertising identifiers, and no network calls other than the Dropbox API requests you initiate. We do not know who uses Keepsake, and we cannot access anyone's data.
When you copy a password or other secret, Keepsake automatically clears it from the clipboard 30 seconds later (if the clipboard still contains that value). Be aware that other apps on your device can read the clipboard while a value is on it; this is a property of every operating system, not something any password manager can prevent.
Keepsake does not collect personal information from anyone, including children.
If this policy ever changes, the new version will be published at this address with an updated effective date, and the change history is public in the project repository.
Questions? Open an issue on GitHub.