Legal

Privacy Policy

Effective May 21, 2026 · Last updated May 21, 2026

01Introduction

Kaydency is a commercial-lease deal management service operated by KeyEase Inc. (“KeyEase,” “Kaydency,” “we,” “us,” “our”), a corporation registered in Vancouver, British Columbia, Canada. This Privacy Policy explains what information we collect about you when you visit kaydency.app or use the Kaydency service (the “Service”), how we use and share it, the rights you have, and how to reach us.

For the purposes of Canadian privacy law (PIPEDA and BC PIPA) and, where applicable, the EU and UK GDPR, KeyEase Inc. is the data controller for the personal information processed through Kaydency. Questions about this policy or your information can be sent to privacy@kaydency.app.

02Scope

This policy applies to:

  • visitors to our marketing pages at kaydency.app;
  • account holders who sign up for Kaydency, the organizations and teams they create, and the individual team members they invite;
  • people whose information our customers upload into Kaydency — for example, tenant or landlord contacts, deal counter-parties, or meeting attendees. For that data our customer is the controller and we act as a service provider on their behalf.

It does not apply to third-party websites or services that Kaydency links to, or to mailbox providers (Google, Microsoft) and other integrations that you choose to connect — those are governed by their own privacy policies.

03Information we collect

Account information

Authentication is provided by Clerk, our identity sub-processor. When you sign up we receive your email address, name, profile image (if you supply one), the authentication identifiers Clerk issues, and a record of sign-in events. If you enter additional details in your profile (for example a phone number, time zone, or preferences) we store those alongside your account.

Workspace and content you create

When you use Kaydency you and your teammates create workspace content. Depending on how you use the product this can include:

  • organizations, teams, and team memberships, including each member’s role;
  • deals you track (property addresses, tenant and landlord names, deal type, status, phase/step timelines, dates, templates);
  • documents you upload (PDF, DOC, DOCX, XLS, XLSX, JPG, PNG — up to 50 MB per file) and the structured clauses and facts our AI extracts from them;
  • contact records (tenant and landlord contacts: name, email, phone, company, mailing address, industry, target size and rate, tags, free-form notes), interaction logs, meetings, and AI-generated meeting briefs;
  • notice windows (renewal, termination, default, consent, assignment, relocation, estoppel) and any drafts you write against them;
  • conversations with Ask Kaydency, including the questions you ask and the cited document chunks the assistant returns;
  • audit logs that record actions taken in your workspace (created, updated, deleted) for security and traceability.

Mailbox connections (optional)

If you choose to connect Gmail or Outlook to your Kaydency account, we store only the encrypted OAuth tokens issued by the provider (AES-256 at rest, keyed by an environment-scoped secret we never expose to the browser). The tokens let us read message metadata and bodies live from the provider on demand; we do not copy your mailbox into our database. The two exceptions are:

  • messages you (or your forwarding rule) explicitly send to your team’s capture address team-…@in.kaydency.app — those inbound messages are stored in full (sender, subject, body, timestamps) so the team can act on them; and
  • transactional copies in your provider’s sent or trash folders, which are managed by the provider, not us.

For Gmail we request the scopes gmail.readonly, gmail.compose, openid, email, and profile. We deliberately do not request gmail.send. For Microsoft Graph we request Mail.Read, Mail.ReadWrite, offline_access, and User.Read; we do not request Mail.Send.

Automatically collected information

When you use Kaydency we automatically receive:

  • Device and network metadata — IP address, user-agent string, language, the pages you load, and the actions you take. We use PostHog (US region, proxied through /ingest) for product analytics; once you sign in we associate these events with your Clerk user id so that we can debug and improve the product.
  • Error reports and a 10% sample of session replays via Sentry (EU region). Sentry replay is configured with sendDefaultPii: true, which means your IP address and user identifier may be attached to replays of sessions that triggered an error. Replays are redacted of input field contents by default.

Cookies and similar technologies

We use a small number of cookies and local-storage entries:

  • Strictly necessary cookies set by Clerk to maintain your signed-in session;
  • Analytics cookies and local-storage entries set by PostHog to recognise repeat visits and to attribute events to a stable visitor identifier.

Kaydency does not currently display a cookie consent banner. Visitors who do not wish to be tracked can block third-party cookies in their browser. We will add a consent flow before general availability that lets EEA and UK visitors decline analytics before any cookies are set.

04How we use your information

We use the information described above to:

  • operate, secure, support, and improve the Service, including authenticating you, syncing your workspace, sending transactional email about account, billing, and deal events, and detecting and preventing abuse;
  • extract clauses and structured facts from documents you upload and generate AI summaries, briefs, and answers (see Section 5);
  • understand how the product is used so we can prioritise fixes and improvements;
  • comply with our legal obligations and enforce our Terms of Service.

We do not sell your personal information, and we do not run third-party advertising on Kaydency.

05AI processing

Several Kaydency features rely on large language models: clause extraction from lease documents, contact briefs, AI-drafted notices, AI-generated meeting briefs, and the Ask Kaydency assistant. To power these features we transmit the relevant portions of your workspace content — document text, contact and deal context, and the messages you send to the assistant — to large language models.

All AI requests are routed through Vercel AI Gateway, which forwards them to the underlying provider under zero-data-retention configurations where the provider supports them. The providers and models we use today are:

  • Anthropicclaude-sonnet-4.6 (primary model for drafting, chat, extraction, and diff);
  • OpenAIgpt-5.2, gpt-5.2-mini (fallback chat and lighter extraction), and text-embedding-3-small (embeddings for retrieval);
  • Googlegemini-2.5-flash (fallback for high-volume tasks).

We do not use your Content to train general-purpose AI models. Outputs from AI features can be inaccurate, incomplete, or out of date — see the AI disclaimer in our Terms of Service.

07How we share information — sub-processors

We do not sell personal information. We share it only with the sub-processors listed below, who help us run Kaydency, and with authorities when we are required to do so by law.

ServicePurposeRegionData
VercelApplication hosting and serverless computeUS + global edgeAll server-rendered request data
Vercel BlobFile storage for uploaded documentsUSUploaded documents
Vercel AI GatewayRoutes AI requests to model providersUSPrompts, document text, chat messages
NeonPrimary Postgres databaseUS / EU (per project)All primary application data
ClerkAuthentication and user managementUSEmail, name, image, auth identifiers
ResendTransactional email and inbound captureUSRecipient email, subject, body
InngestBackground jobs and scheduled tasksUSJob payload metadata
StripeBilling (inactive during free beta)USName, email, billing address (when subscribed)
SentryError tracking and session replay samplingEU / GermanyError events, IP address, replay frames
PostHogProduct analyticsUSPageviews, events, Clerk user id
AnthropicLarge language model (via Vercel AI Gateway)USPrompts and document text sent for processing
OpenAILLM + embeddings (via Vercel AI Gateway)USPrompts and text sent for processing
GoogleGemini LLM (via Vercel AI Gateway) + optional Gmail OAuthUSPrompts; read-only Gmail data per scopes
MicrosoftOptional Outlook / Microsoft Graph OAuthUS / EU (per tenant)Read-write Outlook mail per scopes
SvixWebhook signature verificationUSNo user data persisted by Svix

Each sub-processor is bound by a data-processing agreement that restricts use of your personal information to the purposes for which we engaged them. We may update this list as the product evolves; material changes will be reflected in this page and the “Last updated” date.

08International data transfers

Personal information processed through Kaydency is stored and processed in Canada, the United States, and the European Union, depending on the sub-processor. We rely on contractual safeguards with each sub-processor and, for transfers from the EEA and UK, on the European Commission’s adequacy decision for Canada and on Standard Contractual Clauses where adequacy does not apply.

09Google API Services — Limited Use disclosure

Kaydency’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

When you connect a Gmail mailbox to Kaydency, the OAuth scopes we request are gmail.readonly, gmail.compose, openid, email, and profile. We deliberately do not request gmail.send.

We use Gmail data only to surface email context inside your Kaydency workspace — linking messages to the right deal or contact, drafting replies for you to send from Gmail, and showing recent correspondence. We do not transfer Gmail data to third parties except as needed to provide the Service or as required by law; we do not use Gmail data for advertising; we do not allow humans to read Gmail data except for security investigations, to comply with applicable law, or with your explicit consent; and we do not use Gmail data to develop, improve, or train generalised or non-personalised AI or machine learning models. When Gmail message text is sent to an AI model for one-off summarization (for example, to draft a reply on your behalf), it is sent via Vercel AI Gateway under zero-retention configurations where supported by the provider.

You can revoke Kaydency’s access to your Gmail account at any time at myaccount.google.com/permissions and inside Kaydency’s integration settings.

10Microsoft Graph — Outlook integration disclosure

When you connect an Outlook or Microsoft 365 mailbox, the Microsoft Graph scopes we request are Mail.Read, Mail.ReadWrite, offline_access, and User.Read. We do not request Mail.Send.

We use Microsoft mailbox data only to surface email context in your Kaydency workspace; access tokens are encrypted at rest; mailbox data is not used for advertising and is not used to train AI models. You can revoke Kaydency’s access at account.live.com/consent/Manage (consumer accounts) or in your Microsoft 365 admin centre (work accounts), and inside Kaydency’s integration settings.

11Data retention

We retain account, workspace, and content data for the life of your account, plus the time reasonably needed for backups, security audits, and legal compliance.

When you delete your account in Kaydency’s Settings, we immediately soft-delete your user record so that you can no longer sign in, and we remove your team memberships. Today, authored workspace content (deals, documents, AI-extracted clauses, embeddings, chat messages, and audit logs) remains in the database until you or another team owner requests purge. On written request to privacy@kaydency.app from the email address associated with your account, we will purge your authored content within 30 days. We are actively working on extending the in-app “Delete account” flow to perform this purge automatically.

Inbound emails captured at your team capture address are retained for the life of the team unless individually deleted. Sentry retains error events and replay samples for 90 days. PostHog event data is retained per its default retention.

12Your rights

Under PIPEDA and BC PIPA you have the right to access and correct your personal information, to withdraw consent (subject to legal or contractual limits), and to complain to the Office of the Privacy Commissioner of Canada or to British Columbia’s Office of the Information and Privacy Commissioner.

If you are in the EEA or the UK, you additionally have the right to request erasure, restriction of processing, data portability, and to object to processing based on our legitimate interests. You can lodge a complaint with your local supervisory authority.

To exercise any of these rights, email privacy@kaydency.app from the address associated with your Kaydency account. We respond within 30 days. For information you uploaded about other people (for example, your contacts), the right exercise typically goes through the customer who controls that workspace; we will route requests accordingly.

13Security

We protect your information with TLS in transit, AES-256 encryption at rest for OAuth tokens, database encryption at rest provided by Neon, least-privilege access for our engineers, and Clerk-managed credentials (we never see your password). No system is perfectly secure; if we become aware of a breach that affects your personal information we will notify you as required by applicable law.

14Children

Kaydency is a business product and is not directed to children under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided personal information to us, please contact privacy@kaydency.app and we will delete it.

15Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of the page. For material changes — for example a new sub-processor that materially expands what data is shared — we will give additional notice inside Kaydency or by email to the address on file before the change takes effect.

16Contact us

KeyEase Inc.
Vancouver, British Columbia, Canada

Privacy and data-rights requests: privacy@kaydency.app
General legal: legal@kaydency.app