Privacy
How Keel handles customer data.
Last updated May 14, 2026
The formal Keel privacy policy is in preparation. Until it is published, this page describes our current handling of customer data and our commitments. Customers evaluating Keel for production use should request the current data processing agreement and security overview by email.
What we collect
Keel collects the QuickBooks Online ledger data you authorize through OAuth, the workflow data your team enters in the app (mappings, classifications, intercompany pairs, FX rates, close decisions, deferred revenue schedules), and authentication metadata managed by WorkOS. We do not collect bank credentials, card numbers, or personal financial data outside what your accounting source ledger already exposes.
How we store it
Customer data sits in tenant-scoped Postgres schemas. Every database query is scoped to a single customer workspace. Encryption in transit uses TLS 1.2+; encryption at rest is provided by our managed Postgres provider. OAuth refresh tokens are encrypted at the application layer.
Who has access
Customer users authenticated through your workspace can access your data within their assigned roles. Internal Keel support access is allowlisted, scoped per support session, and recorded in the audit log. We do not use customer ledger data for analytics, model training, or marketing without explicit, written consent.
Sub-processors
Keel relies on a small set of vendors to operate the service: Vercel (hosting), Neon (managed Postgres), Vercel Blob (audit binder storage), WorkOS (authentication), Inngest (background workflows), OpenAI (AI controller assistant workflows, opt-out available), and email transport. The current sub-processor list is available on request.
Privacy requests
For data export, deletion, or sub-processor list requests, email privacy@keelos.io. We respond within five business days.