Privacy Policy
Last updated 2026-05-08
About this Privacy Policy
This Privacy Policy reflects the way keyless handles personal data. It defines the relationship between keyless and its users as they interact with the keyless software and services. Please read this document carefully — using keyless's offerings means you accept this Privacy Policy.
Capitalized terms are defined in the "Definitions" section below.
The keyless software and related services are provided by:
keyless
New York, NY, USA
Contact: privacy@keyless.fit
Definitions
Privacy Policy
All information and provisions applicable to the use of the keyless software and services as described here, as updated from time to time.
keyless
The entity that provides the keyless software and services to users.
keyless software
The desktop and web software provided by keyless that lets users generate AI overlay graphics for video — including message conversations, profile cards, experience updates, language translations, and similar overlays — and export them as transparent ProRes 4444 files for use in any video editor.
Personal Data
Any information that directly, indirectly, or in combination with other information allows for the identification of a natural person.
Non-Personal Data
Any information that does not qualify as Personal Data (anonymized or pseudo-anonymized data).
Usage Data
Information collected automatically by keyless (or third-party services keyless uses), which may include:
- IP addresses or domain names of computers used by users
- URI addresses
- The time of the request and the method used
- The size of the file received in response
- The numerical status code of the server's answer
- The country of origin
- Browser and operating system features
- Time-per-visit and path-followed details
- The user's IT environment and device parameters
- The user's interactions with the keyless software
- License-validation telemetry collected when the desktop app is used with a license key, including IP address, license tier, and AI generation counts (no overlay content)
User
The individual using the keyless software or related services.
Data Subject
The natural person to whom the Personal Data refers.
Data Processor
A natural or legal person, public authority, or other body that processes Personal Data on behalf of the Data Controller.
Data Controller
The natural or legal person that determines the purposes and means of processing Personal Data. Unless otherwise specified, the Data Controller is keyless.
Types of Personal Data collected
Among the types of Personal Data that keyless collects, by itself or through third parties, there are: first name; last name; email address; billing address; payment information; IP addresses collected through telemetry (see Telemetry); and Usage Data.
Method of collecting Personal Data
Personal Data may be freely provided by the user, or collected automatically as Usage Data, when using the keyless software and/or services. Telemetry data (including IP addresses) is collected automatically when the desktop app validates a license key or generates an overlay.
Users own their Personal Data and are responsible for any Personal Data they upload, publish, or share through keyless.
Methods of processing Personal Data
Personal Data processing is carried out using computers and/or IT-enabled tools, following organizational procedures and modes strictly related to the purposes indicated. keyless takes appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data.
In addition to keyless, Personal Data may be accessible to certain external parties appointed as Data Processors. The updated list of these parties may be requested at any time via the contact above.
Place of processing Personal Data
Personal Data is processed at keyless's operating offices in New York, USA, and at any other places where the third parties involved in the processing (i.e., Data Processors) are located. Users are entitled to learn about the legal basis for data transfers and the security measures taken to safeguard their Personal Data via the contact above.
How keyless uses Personal Data
keyless needs a valid legal basis to process Personal Data. The main legal bases under the EU GDPR are:
- Performance of a contract — when Personal Data is necessary to enter into or perform a contract with a user (e.g., the keyless terms).
- Consent — when a user has consented to keyless's use of Personal Data.
- Legitimate interests — when keyless uses Personal Data to achieve a legitimate interest.
- Legal obligation — when keyless has to use Personal Data to comply with legal obligations.
- Legal claims — when Personal Data is necessary to defend, prosecute, or make a claim.
keyless may use Personal Data to: provide access to and use of the software; process and complete transactions; respond to queries; improve content and administration; detect fraud, illegal activities, or security breaches; ensure compliance with applicable laws; conduct statistical analyses; send commercial communications in line with user preferences; and provide information to regulatory bodies when legally required.
Sharing information
Third-party service providers
keyless discloses Personal Data to third-party agents, contractors, and service providers hired to perform services on behalf of keyless. These help provide the software and services — for example, payment processing is handled by Lemon Squeezy and Stripe.
Functions for which keyless may use third-party providers include:
- Analytics services
- Payment processors
- Email and customer support services
- Hosting and content delivery network services
- Lead generation and marketing partners
- Professional service providers (auditors, lawyers, consultants, accountants, insurers)
This Privacy Policy applies only to keyless's offerings. Offerings may contain links to other websites not operated or controlled by keyless ("third-party sites"). The policies and procedures described here do not apply to such third-party sites.
Business transfers
keyless may, as part of business growth, purchase or sell businesses or business units, merge with other entities, or sell assets. As part of these transactions, keyless may transfer Personal Data to a successor entity or purchaser of all or a portion of keyless's assets.
Anonymized data
keyless shares Non-Personal Data with third parties for various purposes, including reporting obligations, business and marketing purposes, and to assist in understanding usage patterns.
Legal obligations and security
Personal Data may be used by keyless in court or in stages leading to legal action arising from improper use of the software or services. keyless will preserve or disclose Personal Data in limited circumstances, including: with the user's consent; when required by law for any judicial or administrative order; to protect the safety of any person; to protect the safety or security of its offerings; or to protect keyless's rights and property.
Telemetry
The keyless desktop app uses license-validation telemetry to enforce the licensing tiers and provide users with insights into their AI generation usage. The information collected through telemetry is limited to:
- IP address
- License tier (Plus, Pro, Enterprise)
- Number of AI generations performed
- Whether a render was for production or development use
No information about the content or metadata of generated overlays is collected via telemetry.
Retention time
Personal Data is processed and stored for as long as required by the purpose it was collected for, and may be retained longer due to applicable legal obligations (e.g., tax and accounting requirements) or based on the user's consent.
When there is no longer an ongoing legitimate business need to process the user's Personal Data, keyless will either delete or anonymize it, or — if this is not possible (for example, because the data has been stored in backup archives) — store it securely and isolate it from any further processing until deletion is possible.
Data security and integrity
keyless takes steps that are reasonably necessary to securely provide its software and services. Reasonably appropriate security measures are in place to prevent Personal Data from being accidentally lost, used, accessed in an unauthorized way, altered, or disclosed. Access is limited to those employees, agents, contractors, and third parties who have a legitimate need to know.
If required, keyless will notify the user and any applicable regulator of a suspected data security breach.
No internet or email transmission is ever fully secure. For any questions about the security of your information, please contact privacy@keyless.fit.
Your rights under GDPR
To the extent permitted by law, users may exercise the following rights regarding their Personal Data:
- Right to be informed — about how Personal Data is processed.
- Withdraw consent at any time.
- Access Personal Data — obtain a copy of the Personal Data undergoing processing.
- Verify and seek rectification — verify accuracy and ask for updates or corrections.
- Have Personal Data deleted — unless it remains necessary for keyless to continue processing for a legitimate business need or legal obligation.
- Restrict processing — ask keyless to suspend processing of Personal Data.
- Data portability — receive Personal Data in a structured, commonly used, machine-readable format.
- Object to processing — including for direct marketing purposes.
- Lodge a complaint with a competent data protection authority.
How to exercise these rights
Any requests to exercise user rights can be directed to keyless at privacy@keyless.fit. Requests are free of charge and will be answered as early as possible and always within one month.
Changes to this Privacy Policy
keyless reserves the right to update or modify this Privacy Policy at any time. If changes are believed to materially impact the user's rights, keyless will promptly notify users. Continued use of the software and/or services after changes take effect constitutes agreement with the revised Privacy Policy.
