Legal

Keepsake Privacy — Washington Residents (Consumer Health Data)

Effective Date: May 1, 2026 · Last Updated: May 1, 2026

What this page is. This is the Washington-specific supplement to Keepsake's main Privacy Policy. It exists because Washington's My Health My Data Act (MHMDA) requires consumer wellness apps that handle health information about Washington residents to publish a distinct consumer health data privacy policy — separate from the general privacy policy — and to list specific rights, categories of data, and contact options. If you live in Washington (or your information was collected while you were physically in Washington), this page applies to you in addition to the main policy. Equivalent rights for Nevada (SB 370) and Connecticut residents under their consumer health data amendments are covered here as well; everyone else should read the main Privacy Policy.

This Consumer Health Data Privacy Policy describes how Keepsake ("we," "us," or "our") handles consumer health data in connection with the Keepsake mobile application (the "Service").

Defined terms follow MHMDA (RCW 19.373). Where Washington law uses "consumer," we use it in the MHMDA sense (a Washington resident, or a person whose consumer health data is collected in Washington).

1. What Counts as Consumer Health Data

"Consumer health data" means personal information that identifies a consumer's past, present, or future physical or mental health status. In Keepsake, consumer health data typically includes:

  • Information you enter about a Care Recipient's health — diagnoses, conditions, symptoms, and treatments (often in notes categorized as medical, medications, observations, care_plan, or appointments);
  • Medications: names, dosages, schedules, prescriber information;
  • Health-care appointments, visits, and providers;
  • Uploaded medical documents, such as lab results, discharge summaries, after-visit summaries, and care plans;
  • Audio voice notes that describe any of the above, and their transcripts;
  • Legal health documents such as powers of attorney and advance directives (uploaded in the legal category).

Consumer health data does not include personal information that is de-identified, aggregated, or that is subject to HIPAA as protected health information in the hands of a covered entity. Keepsake is not a HIPAA-covered entity; see Section 9 of our main Privacy Policy.

2. Categories of Consumer Health Data We Collect

We collect consumer health data only from you, the caregiver, when you enter or upload it through the App. Specifically:

  • Free-text notes you type into a note titled, categorized, or tagged with a health-related category;
  • Voice recordings you create within the App, and the transcripts we generate from them;
  • Documents and scans you upload (PDF, DOCX, or camera-captured images converted to PDF on your device before upload);
  • Task metadata that you link to a health-related note or category;
  • Information you enter about a Care Recipient's health-care providers, caregivers, or other contacts;
  • Metadata automatically attached to the above (timestamps, category labels, the user who created the item, file size, and file type).

We do not collect consumer health data from any source other than the App.

3. Purposes for Which We Collect and Process Consumer Health Data

We collect and process consumer health data solely to provide the Service you have requested. Specifically, to:

  1. Store your notes, tasks, audio, and documents so you and your caregiver team can retrieve them;
  2. Transcribe audio recordings into text (see Section 4);
  3. Extract text from uploaded PDF and DOCX documents so you can search and read the content inside the App;
  4. Render thumbnails and PDF previews for uploaded documents;
  5. Deliver task reminders via device notifications;
  6. Share notes and tasks among the caregivers you add to a Care Recipient profile, at the roles you set (owner, editor, viewer);
  7. Secure the Service — detect and prevent unauthorized access, investigate security incidents, and maintain the integrity of the system;
  8. Support you — respond to messages you send us;
  9. Comply with legal obligations — respond to valid legal process;
  10. Improve the Service using aggregated and de-identified data.

We will not:

  • Sell consumer health data. We do not and will not sell consumer health data.
  • Use consumer health data for targeted advertising or cross-context behavioral advertising.
  • Use consumer health data to train third-party AI models.
  • Use consumer health data for any purpose beyond the purposes listed above without first obtaining your separate, affirmative consent — and in the case of sale, a signed authorization under Section 9 below (which we have no plans to seek).

4. Third Parties With Whom We Share Consumer Health Data

We share consumer health data only with the service providers ("processors") that help us operate the Service. They process consumer health data on our behalf under contractual terms that limit their use to providing services to us. The relevant processors are:

ProcessorRoleData received
RailwayHosts our backend APIAll request/response bodies in transit; ephemeral server logs
ClerkAuthentication, session management, and SMS phone verificationYour phone number and any email/name returned by SSO; session metadata. Clerk does not receive the body of your notes, audio, transcripts, or documents.
Supabase (managed Postgres)Primary databaseYour account information; all notes, tasks, audio metadata, document metadata, streak counters, including the text content of notes and transcripts
Cloudflare R2Object storageAudio recordings, documents, thumbnails, DOCX-to-PDF previews, and Care Recipient profile pictures
DeepgramPrimary audio transcription providerRaw audio bytes of voice notes and the generated transcript text
OpenAI (Whisper API)Fallback audio transcription provider (used only if Deepgram fails)Raw audio bytes of voice notes and the generated transcript text
SentryCrash and error monitoring (mobile + backend)Stack traces, device/OS metadata, App version, the request path that triggered the error, and any small in-flight payload that happened to be on the stack at the moment of the error. We do not deliberately attach the body of notes, audio, transcripts, or documents to Sentry events.
PostHog (only when product analytics are enabled in your build)Pseudonymous product analyticsAn internal user UUID (not your name, phone, or email); event names from a fixed catalog; an allow-listed set of event property keys. PostHog does not receive consumer health data: the App's analytics wrapper blocks property keys whose names contain body, content, transcript, note_id, task_id, recipient_id, phone, email, query, url, uri, etc., and truncates string values to 80 characters.
Expo / Expo Application ServicesMobile runtime, builds, and submissionsApp build/update metadata. Keepsake does not currently register remote push tokens or send remote push notifications through Expo Push.

Each processor is located in the United States or operates globally. We do not share consumer health data with any other third party except:

  • With your direction (for example, if you ask support to share data with your own legal or medical representative);
  • For legal reasons, as described in Section 6 of our main Privacy Policy (subpoenas, court orders, enforcement of our Terms, safety);
  • In a business transfer (merger, acquisition, asset sale, bankruptcy), in which case the acquirer will assume the same obligations.

We do not share consumer health data with advertising networks, data brokers, or behavioral analytics providers. No third party receives consumer health data for its own purposes. Our analytics processor (PostHog) does not receive the content of your notes, audio, transcripts, or documents; we use it only to count events and measure product usage. Our optional marketing-email service (Loops, used only if you opt in to product updates during sign-up) receives your email address and basic profile metadata only — it never receives consumer health data.

5. Your Rights Under MHMDA (Washington Consumers)

If you are a Washington resident, or if we collected your consumer health data while you were in Washington, you have the following rights:

  • Right to confirm whether we are collecting, sharing, or selling your consumer health data, and to access that data;
  • Right to delete your consumer health data (subject to the limited retention obligations in Section 11 of our main Privacy Policy);
  • Right to withdraw consent to our collection and sharing of consumer health data at any time;
  • Right to a list of third parties with whom we have shared or sold your consumer health data (we maintain no list of third-party buyers because we do not sell consumer health data; the processors we share with are listed in Section 4 above);
  • Right to non-discrimination for exercising any of these rights.

5.1 How to exercise your rights

To exercise any of these rights, email info@keepsakecares.com with your request and the phone number or SSO email on your account. We verify requests by confirming account control through the sign-in method or another reasonable identity check. We respond within 45 days; we may extend by an additional 45 days where legally permitted, and will notify you if we do.

We do not charge a fee for your first request in any 12-month period.

5.2 Deletion

When you exercise the right to delete, we will delete the consumer health data we hold about you from our operational systems within 60 days of the verified request, as described in Section 11 of our main Privacy Policy. We will also direct our processors (Clerk, Supabase, Cloudflare R2, Deepgram, OpenAI, Sentry, PostHog, Railway, and Expo) to delete the data they hold on our behalf in accordance with their contracts. Backup copies expire on ordinary rotation schedules and are not used for any purpose other than disaster recovery.

5.3 Appeal

If we deny your request, you may appeal by replying to our denial email or writing to info@keepsakecares.com with "MHMDA Appeal" in the subject line. We will respond to appeals within 45 days. If your appeal is denied, you may file a complaint with the Washington State Attorney General at https://www.atg.wa.gov/file-complaint.

5.4 Non-Washington residents

Residents of Nevada, Connecticut, and other states with consumer health data laws have substantially similar rights; we honor them on the same terms described above. Email info@keepsakecares.com to exercise any such right.

6.1 Collection and processing

When you use Keepsake, you affirmatively consent to our collection and processing of the consumer health data you enter, for the purposes described in Section 3. You can withdraw that consent at any time by deleting the data and/or your account (see Section 5.2).

6.2 Sharing with processors

By using the Service, you also consent to our sharing of consumer health data with the processors listed in Section 4, solely for the purposes of delivering the Service.

6.3 No sale

We do not sell consumer health data, and we have not obtained your signed authorization for any sale. If we ever wish to do so, we will first obtain your separate, signed valid authorization meeting MHMDA's requirements under RCW 19.373.070, describing the specific data and recipient, and disclosing your rights — including your right to revoke. We have no plans to seek such authorization.

6.4 Changes to purposes

If we ever want to process consumer health data for a purpose not disclosed in this policy, we will obtain your consent before doing so.

7. Security

We describe our security controls in Section 8 of our main Privacy Policy. The same controls apply to consumer health data:

  • TLS in transit;
  • Encryption at rest by our database and object-storage providers;
  • Row-level security tied to your user ID and role;
  • Short-lived (15-minute) presigned URLs for any file access;
  • Signed JWTs for authentication;
  • Internal access restrictions — Keepsake staff do not access medical documents, audio recordings, transcriptions, or the body text of notes that may contain sensitive information. Staff access, where authorized, is limited to quality-assurance review of user-set metadata (account information, category labels, task titles and completion status, and usage events) and is de-identified where possible.

No system is perfectly secure, and we cannot guarantee absolute security; but we work to safeguard your consumer health data consistent with industry practice.

8. Retention

We keep consumer health data only as long as necessary to provide the Service to you. Retention timelines are described in Section 11 of our main Privacy Policy:

  • Soft-deleted (archived) notes remain in the database until you delete your account or until a future hard-delete change takes effect.
  • Upon account deletion, we purge consumer health data from operational systems within 60 days. Backup copies expire on ordinary rotation schedules.

9. No Sale of Consumer Health Data

We do not sell consumer health data. "Sale" has the meaning given in MHMDA (the exchange of consumer health data for monetary or other valuable consideration). We have no data broker relationships and no revenue model based on consumer health data.

10. Geofencing

We do not use geofences around any facility that provides in-person health-care services to identify, track, or target consumers for advertising. We do not collect location data server-side at all.

11. Children

Keepsake is intended for users 18 years of age or older. We do not knowingly collect consumer health data from anyone under 18 acting as a caregiver. Consumer health data about a Care Recipient who is a minor may be stored by an adult caregiver who has lawful authority to act for them (see our Terms of Service, Section 5).

12. Changes to This Policy

We may update this Consumer Health Data Privacy Policy from time to time. For material changes affecting the processing of consumer health data, we will notify you at least 30 days in advance through an in-app banner and an email to the address on your account, and — where required — obtain your renewed consent. The "Last Updated" date at the top reflects the most recent version.

13. Contact Us

This Consumer Health Data Privacy Policy is incorporated by reference into our main Privacy Policy.