The short version. We collect the minimum data needed to run Keyda: your account identifier, your notes (scoped to your account), encrypted BYOK API keys, AI request logs for usage analytics, and subscription/payment records. We don't read your keystrokes outside the AI features you trigger. AI Memory, your profile bio, profile photo, and clipboard history all stay on your device — they only travel to an AI provider when you actively make a call that needs them. On-device features (local models, image generation) stay on your device entirely.
"Keyda", "we", "us" and "our" refer to the operator of the Keyda keyboard application for iOS and Android, the Keyda browser extension, the keyda.in website, and accompanying services (the "Service"). If you have questions about this policy, contact us at support@keyda.in or via the Contact page.
For privacy, data-protection, account-deletion, and grievance requests, email support@keyda.in with the subject line Privacy Request — Keyda. We use that inbox as our privacy and grievance contact point.
When you sign up with phone OTP, Sign in with Apple, or Google/Facebook (if enabled), we receive a stable provider identifier and, where you consent, your email, display name and phone number. We also generate a device identifier for your installation.
Keyda stores the following user content, always scoped to your authenticated user id:
user_notes table.The trial is opt-in: you must tap "Start Free Trial" inside the app. We then create a user_subscriptions row with status trialing, a 3-day window, and a 10-AI-use cap. We track:
When you have no active trial or paid plan, our backend returns a synthetic "no plan" entitlement (Cloud AI locked client-side) — no row is created until you tap Start Trial or purchase.
If you choose to use your own AI provider API key, we store it encrypted (AES-256-GCM) in our database tied to your user id. Decryption happens only at the moment we forward a request to your chosen provider. You can delete any stored key from the app at any time.
Each AI request you trigger (correction, rephrase, smart-assist, etc.) is logged with: provider, model, prompt, result, latency, success/failure, and your user id. These logs power usage analytics and your in-app "Token utilization" stats. Prompts and results are not shared with anyone outside the Service, and are not used to train any AI model.
Reading links you ask about. When you paste a web link and ask Keyda about it, our server fetches that publicly accessible page, extracts its text, and includes it in your AI request so the model can answer (for example, to summarise it). In the app, a small number of links that the page directly references may also be fetched; in the keyboard only the single page you paste is read. We fetch only the link you provide — we do not crawl the web or track your browsing — and the fetched text is processed exactly like any other prompt described above. This feature is on by default and can be turned off in Settings.
When you purchase a Lite or Pro plan through the app, the transaction is processed by the Apple App Store (iOS) or Google Play (Android). We record the store-issued purchase identifier (such as the Apple original transaction id or Google purchase token), the product/plan code, billing period (monthly or yearly), and the purchase, renewal and expiry dates and status, which we validate against Apple's or Google's servers to keep your entitlement in sync. Your card, UPI, bank and other payment-instrument details are handled exclusively by Apple and Google — we never see or store them.
Web checkout (keyda.in/subscribe). If instead you buy a one-time period directly on our website, the transaction is processed by our payment partner Razorpay. To start that checkout, the app first asks our server for a short-lived, single-use code (valid ~60 seconds) that signs you into the web page without re-entering a password; the page never sees your account password. Razorpay collects your card/UPI/bank details directly — we never see or store them. We store the order id, payment id, amount, currency, plan code and billing period, and status (created/paid/failed) for that transaction, and use it to activate your Lite/Pro entitlement for the period you paid for.
To diagnose issues and improve reliability we log activity events like sign-in, app foreground/background, theme change, and aggregated counts (e.g. characters corrected). These events are tied to your user id but do not contain the text you typed.
If you use the voice typing / voice assistant feature, Keyda accesses your microphone only while you are actively recording — you start it by tapping the mic, and it stops automatically after a short pause. Keyda never listens in the background. On iOS, Apple's platform rules prohibit third-party keyboards from accessing the microphone at all — a security restriction that applies to every keyboard on the system, not only Keyda. To comply with it, the recording is performed by the Keyda app, which transcribes your speech and hands only the resulting text back to the keyboard; the keyboard extension itself never touches the microphone. (On Android, where the platform permits it, recording happens within the keyboard, but the same data handling described below applies.)
Our marketing website keeps a simple, first-party visit log so we can see how many people reach the site and which pages and download buttons they use. For each visit we record the page path, referrer, any UTM campaign tags, your device/browser type, your IP address, and an approximate location (country, and where available region/city) that our server derives from that IP using an offline geo-IP database — there is no precise/GPS location, no location permission prompt, and no call to any third-party service. We use this only in aggregate to understand traffic and demand (for example, interest in the Android app before it launches). This applies to the website only and is unrelated to anything you type in the keyboard. The log uses no cookies and no third-party trackers, and honours your browser's Do Not Track signal.
The Keyda browser extension (Chrome) adds spelling/grammar correction to text fields on websites you visit, and gives you access to your Notes, Documents and AI Sessions in the browser. It handles data differently depending on the feature:
You can invite up to 100 people into one shared AI chat (for planning, group study, teamwork). If you create or join a shared session:
| Purpose | Data used | Basis / context where applicable |
|---|---|---|
| Run the Service (auth, AI proxy, notes sync) | Account data, BYOK keys, AI logs | Provide the Service you request and perform our agreement with you. |
| Voice typing & voice assistant | Microphone audio (transcribed on-device/by Apple, not stored), resulting transcript | Your active action and permission when you tap the mic. |
| Process subscription payments | Apple App Store / Google Play purchase metadata, or (for web checkout) Razorpay order/payment metadata | Maintain your subscription entitlement and comply with store, tax and accounting requirements. |
| Shared AI sessions | Shared conversation messages, member display names/avatars | Deliver the group chat you or another member created, to everyone you or they invited. |
| Detect abuse, fraud, quota overruns | AI request logs, usage quotas | Protect the Service, enforce quotas, prevent misuse and comply with law. |
| Improve product reliability | Activity events, error logs | Operate, secure, debug and improve the Service. |
| Understand website traffic & demand | Page views, referrer/UTM, IP address & approximate (IP-derived) location | Measure first-party site performance without cookies or third-party tracking. |
| Respond to your support requests | Whatever you send us | Provide support and keep a record of the request. |
Where privacy law requires a specific legal basis, our basis may include performance of a contract, consent, compliance with legal obligations, legitimate interests, or other permitted uses depending on the jurisdiction and feature involved. You may withdraw consent for optional features at any time by turning the feature off, clearing its data, or contacting us.
We use a small number of processors strictly to deliver the Service. None of them are sold or rented your data.
We do not sell your personal data, and we do not run third-party advertising or behavioural-tracking SDKs.
Depending on where you live, you may have the right to access, correct, export or delete your personal data, restrict or object to certain processing, withdraw consent, appeal or complain, and appoint someone to exercise rights on your behalf where the law allows. To exercise any of these rights, email support@keyda.in. We respond within 30 days unless a shorter period is required by law.
Indian users may have rights under the Digital Personal Data Protection Act, 2023 (DPDP Act). EU/UK users may have rights under the GDPR/UK GDPR. California users may have rights under the CCPA/CPRA. We will not discriminate against you for exercising privacy rights.
You can request account deletion or a copy of your account data by emailing support@keyda.in. Deleting your account removes or anonymises account-scoped content unless we must keep limited records for legal, tax, fraud-prevention, chargeback, security, or dispute reasons. Device-only data such as clipboard history, AI Memory, profile bio, profile photo and local voice history can also be cleared from the app or removed by uninstalling the app.
Keyda is not directed to children. You must be at least 13 to use the Service, and if you are under 18 you may use it only with consent from a parent or legal guardian where required. We do not knowingly collect personal data from children under 13. We also do not knowingly process children's personal data for targeted advertising, behavioural monitoring, tracking, or in a way that is detrimental to a child. If you believe a minor has provided us with personal data without the required consent, contact us and we will take appropriate steps to delete it.
We use HTTPS everywhere, AES-256-GCM at-rest encryption for BYOK keys, JWT-based authentication with short token lifetimes, and per-user data scoping so two accounts on the same device cannot read each other's content. We continuously monitor for vulnerabilities and apply security updates. No system is perfectly secure — please report any issue you discover to support@keyda.in.
Our servers, infrastructure providers, app-store providers and AI providers may process data in countries other than the one where you live. Where required, we rely on applicable transfer safeguards, store-provider terms, processor commitments, and any jurisdictional restrictions that apply to the Service.
We may update this policy. Material changes will be announced in-app and on this page. The "Last updated" date at the top of this page reflects the current version.
Questions or requests? Email support@keyda.in or use the Contact form.