Keyda
  • Features
  • Pricing
  • Models
  • FAQ
  • Get the App

Privacy Policy

Last updated: 14 July 2026 · Effective: 14 July 2026

The short version. We collect the minimum data needed to run Keyda: your account identifier, your notes (scoped to your account), encrypted BYOK API keys, AI request logs for usage analytics, and subscription/payment records. We don't read your keystrokes outside the AI features you trigger. AI Memory, your profile bio, profile photo, and clipboard history all stay on your device — they only travel to an AI provider when you actively make a call that needs them. On-device features (local models, image generation) stay on your device entirely.

1. Who we are

"Keyda", "we", "us" and "our" refer to the operator of the Keyda keyboard application for iOS and Android, the Keyda browser extension, the keyda.in website, and accompanying services (the "Service"). If you have questions about this policy, contact us at support@keyda.in or via the Contact page.

For privacy, data-protection, account-deletion, and grievance requests, email support@keyda.in with the subject line Privacy Request — Keyda. We use that inbox as our privacy and grievance contact point.

2. What we collect

2.1 Account data

When you sign up with phone OTP, Sign in with Apple, or Google/Facebook (if enabled), we receive a stable provider identifier and, where you consent, your email, display name and phone number. We also generate a device identifier for your installation.

2.2 User content (scoped per account)

Keyda stores the following user content, always scoped to your authenticated user id:

  • Notes you save through the keyboard's "Save as note" action — stored on our database in the user_notes table.
  • Clipboard history — kept locally on your device only (App Group storage). Never uploaded.
  • Stickers, image-gen outputs, document summaries, response history — kept locally on your device only.
  • Profile photo, display-name override, and bio — stored locally only. The bio is sent to the AI provider as part of a prompt when you fire an AI call so the model can personalise its reply; it is never uploaded to our servers.
  • AI Memory (opt-in) — when you enable "Remember conversation context" in Settings, a per-text-field SQLite database is created in your App Group container. It stores prompt/response pairs and a rolling summary so the AI stays coherent across multiple calls. Entries older than 30 days are auto-pruned. The database lives only on your device — we never see it. "Forget everything" in Settings drops every row in one tap.
  • Preferences like theme, preferred language, keyboard feature toggles, AI Memory opt-in, and BYOK opt-in — stored locally; selected preferences sync to the server for cross-device continuity.

2.3 Subscription & trial state

The trial is opt-in: you must tap "Start Free Trial" inside the app. We then create a user_subscriptions row with status trialing, a 3-day window, and a 10-AI-use cap. We track:

  • Trial start time, current period end, AI uses consumed, AI uses cap.
  • Whether you converted the trial into a paid plan and when.
  • Subscription transitions (active → canceled → expired) on conversion.

When you have no active trial or paid plan, our backend returns a synthetic "no plan" entitlement (Cloud AI locked client-side) — no row is created until you tap Start Trial or purchase.

2.4 Bring-Your-Own-Key (BYOK) credentials

If you choose to use your own AI provider API key, we store it encrypted (AES-256-GCM) in our database tied to your user id. Decryption happens only at the moment we forward a request to your chosen provider. You can delete any stored key from the app at any time.

2.5 AI request logs

Each AI request you trigger (correction, rephrase, smart-assist, etc.) is logged with: provider, model, prompt, result, latency, success/failure, and your user id. These logs power usage analytics and your in-app "Token utilization" stats. Prompts and results are not shared with anyone outside the Service, and are not used to train any AI model.

Reading links you ask about. When you paste a web link and ask Keyda about it, our server fetches that publicly accessible page, extracts its text, and includes it in your AI request so the model can answer (for example, to summarise it). In the app, a small number of links that the page directly references may also be fetched; in the keyboard only the single page you paste is read. We fetch only the link you provide — we do not crawl the web or track your browsing — and the fetched text is processed exactly like any other prompt described above. This feature is on by default and can be turned off in Settings.

2.6 Subscription and payment data

When you purchase a Lite or Pro plan through the app, the transaction is processed by the Apple App Store (iOS) or Google Play (Android). We record the store-issued purchase identifier (such as the Apple original transaction id or Google purchase token), the product/plan code, billing period (monthly or yearly), and the purchase, renewal and expiry dates and status, which we validate against Apple's or Google's servers to keep your entitlement in sync. Your card, UPI, bank and other payment-instrument details are handled exclusively by Apple and Google — we never see or store them.

Web checkout (keyda.in/subscribe). If instead you buy a one-time period directly on our website, the transaction is processed by our payment partner Razorpay. To start that checkout, the app first asks our server for a short-lived, single-use code (valid ~60 seconds) that signs you into the web page without re-entering a password; the page never sees your account password. Razorpay collects your card/UPI/bank details directly — we never see or store them. We store the order id, payment id, amount, currency, plan code and billing period, and status (created/paid/failed) for that transaction, and use it to activate your Lite/Pro entitlement for the period you paid for.

2.7 Telemetry & activity events

To diagnose issues and improve reliability we log activity events like sign-in, app foreground/background, theme change, and aggregated counts (e.g. characters corrected). These events are tied to your user id but do not contain the text you typed.

2.8 Voice & speech data

If you use the voice typing / voice assistant feature, Keyda accesses your microphone only while you are actively recording — you start it by tapping the mic, and it stops automatically after a short pause. Keyda never listens in the background. On iOS, Apple's platform rules prohibit third-party keyboards from accessing the microphone at all — a security restriction that applies to every keyboard on the system, not only Keyda. To comply with it, the recording is performed by the Keyda app, which transcribes your speech and hands only the resulting text back to the keyboard; the keyboard extension itself never touches the microphone. (On Android, where the platform permits it, recording happens within the keyboard, but the same data handling described below applies.)

  • Transcription: audio is converted to text by Apple's Speech Recognition framework — on your device where the language supports it, otherwise by Apple-hosted speech services under Apple's privacy policy. Keyda does not store or upload the raw audio.
  • Transcripts: the recognised text is saved to a private, per-user voice history stored on your device (so features like undo work). Syncing that history to your Keyda account is off by default and only occurs if you enable it in Settings → Voice; you can clear it at any time.
  • Voice commands & AI: if a phrase is an AI request, the transcribed text (not the audio) is sent to your chosen AI provider exactly like a typed AI request (see 2.5).

2.9 Website analytics (keyda.in)

Our marketing website keeps a simple, first-party visit log so we can see how many people reach the site and which pages and download buttons they use. For each visit we record the page path, referrer, any UTM campaign tags, your device/browser type, your IP address, and an approximate location (country, and where available region/city) that our server derives from that IP using an offline geo-IP database — there is no precise/GPS location, no location permission prompt, and no call to any third-party service. We use this only in aggregate to understand traffic and demand (for example, interest in the Android app before it launches). This applies to the website only and is unrelated to anything you type in the keyboard. The log uses no cookies and no third-party trackers, and honours your browser's Do Not Track signal.

2.10 Browser extension

The Keyda browser extension (Chrome) adds spelling/grammar correction to text fields on websites you visit, and gives you access to your Notes, Documents and AI Sessions in the browser. It handles data differently depending on the feature:

  • Sign-in. You sign in with Google or phone OTP, the same as the app (see 2.1). We receive a stable provider identifier and, where you consent, your email, display name and phone number.
  • Spelling fixes — on-device only. The extension checks words you type against a dictionary bundled with the extension itself, entirely on your device. Misspelled words, and the word you click to fix, are never sent to our servers or anywhere else — this happens whether or not you're signed in for the underline, and requires sign-in only (no AI, no plan) for the one-tap fix.
  • Sentence-level suggestions — sent to our servers. Unlike the mobile keyboard's AI features, which only activate when you tap something, the extension's fuller "Keyda suggests" correction runs automatically a short moment after you pause typing near a misspelling, without a separate trigger tap. When it runs, the text of the field you're currently editing is sent to Keyda's servers for grammar correction, rephrasing, or tone rewriting (processed the same way as the AI requests described in 2.5), then discarded from that request once a result is returned; usage is logged the same way other AI requests are (see 2.5). You can turn this off entirely in the extension's Settings, leaving only the on-device spelling fixes.
  • Right-click actions. "Fix grammar," "Rephrase," and "Save selection to Keyda Notes" from the right-click menu send only the text you've selected, and only when you choose one of those actions.
  • Preferences. Theme, feature toggles, and the position you've dragged the suggestion popup to are stored locally in your browser (not on our servers).
  • The extension does not collect your browsing history, the URLs of pages you visit, or the content of any field you are not actively being corrected on.

2.12 Shared AI Sessions

You can invite up to 100 people into one shared AI chat (for planning, group study, teamwork). If you create or join a shared session:

  • Who sees what. Every message sent in a shared session, and every AI reply to it, is visible to every other member of that session, along with a display name/avatar identifying who sent it. Members can see the full running conversation, not just their own messages.
  • Whose quota it runs on. When a member asks the AI something in a shared session, the request is served using the session creator's subscription/quota, not the asking member's — the creator's plan and daily caps apply to the whole session.
  • No personal context leaks in. AI replies inside a shared session never draw on any individual member's private notes, documents, AI Memory, or profile bio — only the shared conversation itself is used as context, so one member's personal data is never surfaced to the others through an AI answer.
  • Retention. Shared session messages are stored on our servers (scoped to that session) for as long as the session exists. Any member can leave a session at any time; the creator can end the whole session, which removes it for everyone.
  • Invitations. Session links let anyone who has the link join — treat a session link like an invitation you'd hand to a specific group, since Keyda cannot verify who ultimately opens it.

2.13 What we never collect

  • On the mobile keyboard: the text you type outside features you explicitly trigger. On the browser extension: any text beyond the field you're actively being corrected on, or a selection you explicitly acted on (see 2.10) — spelling fixes there never leave your device at all.
  • Passwords, OTP codes after verification, or your contacts/photos.
  • Background screen activity, background or always-on microphone audio, and your precise (GPS) device location. (Our website derives only an approximate city/country from your IP address — see 2.9.)
  • Raw voice recordings — only the transcribed text, and only as described in 2.8.
  • Your browsing history or the URLs of pages you visit, from the browser extension.

3. Why we collect it

PurposeData usedBasis / context where applicable
Run the Service (auth, AI proxy, notes sync)Account data, BYOK keys, AI logsProvide the Service you request and perform our agreement with you.
Voice typing & voice assistantMicrophone audio (transcribed on-device/by Apple, not stored), resulting transcriptYour active action and permission when you tap the mic.
Process subscription paymentsApple App Store / Google Play purchase metadata, or (for web checkout) Razorpay order/payment metadataMaintain your subscription entitlement and comply with store, tax and accounting requirements.
Shared AI sessionsShared conversation messages, member display names/avatarsDeliver the group chat you or another member created, to everyone you or they invited.
Detect abuse, fraud, quota overrunsAI request logs, usage quotasProtect the Service, enforce quotas, prevent misuse and comply with law.
Improve product reliabilityActivity events, error logsOperate, secure, debug and improve the Service.
Understand website traffic & demandPage views, referrer/UTM, IP address & approximate (IP-derived) locationMeasure first-party site performance without cookies or third-party tracking.
Respond to your support requestsWhatever you send usProvide support and keep a record of the request.

Where privacy law requires a specific legal basis, our basis may include performance of a contract, consent, compliance with legal obligations, legitimate interests, or other permitted uses depending on the jurisdiction and feature involved. You may withdraw consent for optional features at any time by turning the feature off, clearing its data, or contacting us.

4. Who we share it with

We use a small number of processors strictly to deliver the Service. None of them are sold or rented your data.

  • Apple & Google — app-store subscription purchases are processed by the Apple App Store or Google Play, which act as merchant of record and handle your payment details directly under Apple's and Google's privacy policies.
  • Razorpay — if you buy a subscription through our web checkout at keyda.in/subscribe, Razorpay processes that payment and handles your payment details directly under Razorpay's privacy policy.
  • AI providers you choose (Groq, OpenAI, Anthropic, Google, xAI) — receive your prompt and any model parameters when you trigger an AI request. We never share data with a provider you have not chosen.
  • Apple — App Store, Sign in with Apple, and Speech Recognition (used to transcribe your voice input when on-device recognition isn't available), governed by Apple's own privacy policies.
  • Cloud hosting and database — our servers run on commercial hosting infrastructure under standard data-processing terms.

We do not sell your personal data, and we do not run third-party advertising or behavioural-tracking SDKs.

5. How long we keep it

  • Account data: until you delete your account.
  • Notes & subscription records: for the lifetime of your account; longer if required for tax or accounting compliance (typically 7 years for payment records under Indian law, which also applies to web-checkout order/payment records).
  • Shared AI sessions: messages persist for as long as the session exists; ended by any member leaving (removes them from that session only) or the creator ending the session (removes it for everyone).
  • AI request logs: rolling 12 months for analytics, then aggregated.
  • Website visit logs (incl. IP & approximate location): rolling 12 months, then aggregated or deleted.
  • BYOK keys: until you remove them or your account is deleted.
  • Activity events: rolling 90 days.
  • AI Memory (device-only): auto-pruned 30 days after the last activity per conversation; "Forget everything" wipes the whole database in one tap. Sign-out wipes it too.
  • Voice transcripts (device-only by default): kept in a capped on-device history; "Clear voice history" wipes it. If you opt in to cloud sync, the synced copy is removed when you clear it or delete your account. Raw audio is never retained.
  • Profile photo, bio, and display-name override (device-only): kept until you change them, sign out, or uninstall.
  • Trial state: the trialing row is kept on our server permanently for fraud-prevention (we use it to enforce one-trial-per-user). It's automatically marked expired when it ends.

6. Your rights

Depending on where you live, you may have the right to access, correct, export or delete your personal data, restrict or object to certain processing, withdraw consent, appeal or complain, and appoint someone to exercise rights on your behalf where the law allows. To exercise any of these rights, email support@keyda.in. We respond within 30 days unless a shorter period is required by law.

Indian users may have rights under the Digital Personal Data Protection Act, 2023 (DPDP Act). EU/UK users may have rights under the GDPR/UK GDPR. California users may have rights under the CCPA/CPRA. We will not discriminate against you for exercising privacy rights.

7. Account deletion and data export

You can request account deletion or a copy of your account data by emailing support@keyda.in. Deleting your account removes or anonymises account-scoped content unless we must keep limited records for legal, tax, fraud-prevention, chargeback, security, or dispute reasons. Device-only data such as clipboard history, AI Memory, profile bio, profile photo and local voice history can also be cleared from the app or removed by uninstalling the app.

8. Children and minors

Keyda is not directed to children. You must be at least 13 to use the Service, and if you are under 18 you may use it only with consent from a parent or legal guardian where required. We do not knowingly collect personal data from children under 13. We also do not knowingly process children's personal data for targeted advertising, behavioural monitoring, tracking, or in a way that is detrimental to a child. If you believe a minor has provided us with personal data without the required consent, contact us and we will take appropriate steps to delete it.

9. Security

We use HTTPS everywhere, AES-256-GCM at-rest encryption for BYOK keys, JWT-based authentication with short token lifetimes, and per-user data scoping so two accounts on the same device cannot read each other's content. We continuously monitor for vulnerabilities and apply security updates. No system is perfectly secure — please report any issue you discover to support@keyda.in.

10. International transfers

Our servers, infrastructure providers, app-store providers and AI providers may process data in countries other than the one where you live. Where required, we rely on applicable transfer safeguards, store-provider terms, processor commitments, and any jurisdictional restrictions that apply to the Service.

11. Changes to this policy

We may update this policy. Material changes will be announced in-app and on this page. The "Last updated" date at the top of this page reflects the current version.

12. Contact

Questions or requests? Email support@keyda.in or use the Contact form.

Keyda

The AI-powered keyboard for iOS and Android with on-device models, notes, stickers and BYOK support.

Product

  • Features
  • Pricing
  • How it works
  • Models & limits
  • FAQ
  • Blog
  • Download

Company

  • Contact us
  • Support email

Legal

  • Privacy Policy
  • Terms & Conditions
  • Refund Policy
© 2026 Keyda. All rights reserved. Made in India.