This page summarises your data-protection rights under the EU General Data Protection Regulation (GDPR), the UK GDPR, and equivalent laws (such as the California Consumer Privacy Act, CCPA), and explains how to exercise them with Keepface Global, Inc. For the full description of how we collect, use, and share personal data, please read our Privacy Policy.
1. Who Is Responsible for Your Data
Keepface Global, Inc., a Delaware corporation with its registered office at 1145 Amarillo Avenue, Palo Alto, CA 94303, USA, is the data controller for personal data processed through the Service. We do not currently appoint a Data Protection Officer because we are not legally required to, but you can reach our privacy team at info@keepface.com.
2. Lawful Bases We Rely On
We process personal data on one of the following lawful bases:
- Contract — to operate your account, run Campaigns, and process payouts.
- Legitimate interests — to keep the Service secure, prevent fraud, and build the marketplace catalogue from publicly available data. We have weighed those interests against your rights and freedoms before relying on this basis.
- Consent — for analytics cookies, marketing emails, and any optional data we ask you to provide.
- Legal obligation — for tax, accounting, sanctions screening, anti-money-laundering checks, and lawful authority requests.
3. Your Rights
Depending on where you live, you may exercise some or all of the following rights free of charge. We respond within thirty (30) days, or sooner where required by law, and may extend the deadline by up to two (2) further months for complex requests after notifying you.
- Access — confirm whether we hold personal data about you and request a copy.
- Rectification — correct data that is inaccurate or incomplete.
- Erasure ("right to be forgotten") — ask us to delete data we no longer have a lawful basis to keep. Some records (e.g. Campaign payouts) we are required by law to retain for a fixed period and cannot delete on request.
- Restriction — ask us to pause processing while a request is reviewed.
- Portability — receive a copy of personal data you provided to us in a structured, machine-readable format and, where technically feasible, have us transmit it to another controller.
- Objection — object to processing based on legitimate interests or for direct marketing.
- Withdraw consent — at any time, without affecting the lawfulness of processing carried out before withdrawal.
- Avoid solely automated decisions — request human review where a decision is based purely on automated processing and produces a legal or similarly significant effect on you. The Intelligence Profile classification we run on public data does not produce decisions of this kind, but you may still ask for context.
- Lodge a complaint — with your local supervisory authority. EU users can find their authority at edpb.europa.eu; UK users at ico.org.uk.
4. Rights Specific to California Residents
Under the CCPA you can request a list of the categories and specific pieces of personal information we have collected, sold (we do not sell personal information), or shared in the previous twelve (12) months; ask us to delete personal information we hold; ask us to correct inaccurate personal information; and limit our use of "sensitive personal information" (we do not use sensitive personal information for purposes that trigger this right). We will not discriminate against you for exercising these rights.
5. How to Exercise a Right
Send an email to info@keepface.com from the address registered to your Keepface account, briefly describing the right you would like to exercise and any details that help us locate the relevant records. We may need to verify your identity before responding to protect against impersonation.
If your request comes through an authorised agent (e.g. a lawyer or family member), we will ask for a signed authorisation in addition to verifying your identity.
6. International Data Transfers
Keepface and most of our sub-processors are based in the United States. When we transfer personal data out of the EU, EEA, or UK we rely on the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, or another lawful transfer mechanism, plus encryption in transit and at rest, role-based access controls, and audit logs.
7. Children
The Service is not directed at children under 13 (or the higher minimum age set by your jurisdiction). We do not knowingly process personal data from children. If you believe a child has registered, please contact us so we can remove the account and any associated data.
8. Internal Data-Protection Programme
Keepface maintains an internal Data Processing Policy that governs employee access controls, vendor onboarding, breach response, and Records of Processing Activities (RoPA). It is not published in full because it contains operational detail (system inventories, secret-management procedures, incident playbooks) that would weaken our security if disclosed. Auditors, customers under a Data Processing Addendum, and regulators may request a summary by contacting info@keepface.com.
9. Changes
We may update this page when our processing changes or to reflect new legal requirements. When the change is material we will update the "Effective" date at the top of this page and, where appropriate, notify users by email.
10. Contact
Questions, complaints, or formal requests under this page should be sent to info@keepface.com or to Keepface Global, Inc., 1145 Amarillo Avenue, Palo Alto, CA 94303, USA.