Our approach
We have a belief most software companies won't put in writing: ask the least of your users' data, mean every privacy claim you publish, and ship nothing that only works because it manipulates. This page explains exactly how we hold to that - across every product.
How we think
We collect the least we need. We never sell it, rent it, or use it to build an advertising profile. Export or delete everything at any time - no dark patterns, no friction, no confirmation screens designed to confuse you.
Different products sit at different points on the privacy spectrum - and we're honest about where each one sits. Kept collects nothing and runs on-device. Veyago travel needs more. In every case: we never collect more than the task requires, and we tell you exactly what we read and why before we read it.
On-device wherever possible - health data, preference modelling, and local recommendations stay on your phone. Where cloud AI is genuinely necessary - Veyago travel uses GPT-4o via our own backend for itineraries, briefings, and Co-pilot responses - we proxy every call. We send destination context and anonymised preference signals. We never send your name, health data, or personal details to a third-party AI provider. We will never use an AI model that trains on your personal data without your explicit, informed opt-in.
No manufactured urgency. No countdown timers on prices that don't expire. No guilt-trip cancel flows. No burying the unsubscribe. No notifications engineered for our engagement metrics rather than yours. If a design pattern only works because it exploits a cognitive bias or manufactures a feeling you didn't arrive with, we don't ship it.
Kept is a one-time purchase - you pay once, it's yours, no recurring charges. Veyago travel is free with an optional Premium subscription at €4.99/month or €29.99/year. The free tier is genuinely useful, not a crippled demo. No advertising business. No data sales. You pay for the software. You are never the product being sold.
We keep a small catalogue and hold every product to the same question: would we want this on our own phone for five years? If not, we don't ship it. No features added to look impressive. No rushing to beta. When something leaves this studio it's finished, or it doesn't leave.
Privacy, across a spectrum
Different apps need different amounts of data. We don't pretend otherwise - we're transparent about where each one sits, and exactly what it reads and why.
Kept · Data Not Collected
No account, no servers of ours, nothing collected. Everything lives on your device and syncs only through your own iCloud. Its App Store privacy label reads "Data Not Collected" - the strictest category Apple offers.
Veyago travel · Account required · Minimal by design
Veyago travel needs more than Kept to do its job - and we'd rather explain that clearly than pretend otherwise.
What we collect: An account is required - we store your email, display name, and travel preferences. Analytics via PostHog: anonymised behaviour, no advertising IDs, no cross-app tracking.
What stays on-device: Health and activity data (Apple Health or Health Connect), calendar access for free-window detection, and location are all processed locally. None is stored server-side.
Cloud AI: Itinerary generation and Co-pilot responses use GPT-4o, proxied through our own backend. We send anonymised preference context, not your identity. Every permission is requested in context, individually revocable, and one-click account deletion removes everything we hold.
In short
Collect the least, sell none, export or delete anytime.
On-device where we can, minimal-data where we can't - honest about where each product sits.
On-device where it can be. In the cloud, we proxy every call and never send your identity.
If a design only works because it manipulates someone, we don't ship it.
You pay for the software. You are never the product being sold.
A small catalogue, every product held to the same high bar.
Read each app's formal privacy policy for the full detail - or just take us at our word and try one.
Veyago