Privacy
KeepTier is a pre-revenue, single-builder project. We collect the minimum we need to run a waitlist and serve a static website. The Apple-Tax Calculator on the homepage runs entirely in your browser — your numbers never leave your device. No analytics SaaS, no third-party email vendor, no cookies, no behavioural tracking. This page is short on purpose.
What we collect
| Data | When | Why |
|---|---|---|
| Email address | You submit the waitlist form on the homepage. | To email you when KeepTier opens to paying creators, plus an occasional "build in public" weekly digest. |
| Submission referrer URL | Same submission as the email above. | To know whether you came from Hacker News, Reddit, X, the calculator share-card, or somewhere else — so we know which channels work. |
| Patreon handle (optional) | You type it into the optional handle field on the calculator before downloading or copying a share-card image. | Stamped onto the share-card PNG so the image is recognisably yours when you post it. The handle is rendered into the image client-side and the same image is what we'd render server-side if we had to — there is no separate server-side store of the handle. If you don't enter a handle, the card is unstamped. |
| Server access logs (IP address, timestamp, request path, user-agent, referrer) | Every request to keeptier.com and the keeptier.85-9-209-84.sslip.io fallback host. |
Standard web-server logs (Caddy). Used for traffic accounting and for blocking abuse. Rotated and overwritten on the host (5 MB roll, 3 generations). |
What the calculator does NOT send
The Apple-Tax Calculator is a single static HTML page with one inline JavaScript block. The math runs in your browser. None of the numbers you type — monthly revenue, iOS share, Patreon handle — are posted to any server. The share-card image is rendered to a <canvas> in your browser and downloaded, copied, or pasted via the X composer locally. The waitlist form is the only input on the page that posts to our server.
The same applies to the embeddable Apple-Tax Receipt widget: when a creator drops embed.js on their own page, the widget renders client-side from the data-tier / data-name attributes. It does not phone home to keeptier.com, set cookies, or report fan visits back to us.
What we do NOT collect
- No cookies, no
localStorage, no fingerprinting. The site is static HTML with one inline JS handler that posts the waitlist form. - No third-party analytics (no Google Analytics, no Plausible cloud, no PostHog, no Segment, no Mixpanel).
- No third-party tag managers or pixels (no Meta Pixel, no LinkedIn Insight Tag, no X conversion pixel, no TikTok Pixel).
- No CDN that proxies your traffic — the site is served directly from our VPS via Caddy.
- No ad networks. The site has no ads.
- No behavioural data once you leave the site. We do not email-track and we do not append cross-site identifiers.
- No payment data. Stripe Checkout is wired into the paid product roadmap but is not yet live; when it is, this page will be updated and Stripe added to the subprocessor list below.
Where it goes
- Waitlist emails + referrer URLs live in a SQLite file (
data.db) on the same VPS that serves this site. They are not exported to any third party. - Server access logs stay on the same VPS, rotated by Caddy (
roll_size 5mb, roll_keep 3) — effective retention is on the order of weeks, not years. - Backups of the SQLite file are pulled to encrypted storage by the VPS operator. They are retained for 30 days then overwritten.
Subprocessors
The infrastructure providers that necessarily see some of the above data:
- Spaceship (privacy policy) — domain registrar and authoritative DNS for
keeptier.com. Sees DNS query metadata, not your email. - VPS host (Hetzner, privacy policy) — sees inbound HTTPS traffic at the network level. Located in the EU, so EU data-protection law applies at the network layer.
- Let's Encrypt / ISRG (privacy policy) — TLS certificate issuance for
keeptier.comandwww.keeptier.com. Sees the domain name; does not see request bodies. - X (when you click "Post on X" on a share card) — clicking the post button opens
x.com/intent/tweetin a new tab with the tweet text prefilled. From that point you are on X's surface and X's privacy policy applies. KeepTier does not send anything to X on its own.
That is the entire list. There are no analytics, email-marketing, CRM, or advertising subprocessors at this stage. When the paid product opens to creators, Stripe (for payments), Discord (for role-assignment webhooks), and Telegram (for channel-invite webhooks) will be added — each with a link to their own privacy policy. This page will be updated and the change date below will move.
How long we keep it
- Waitlist email + referrer URL: kept until you ask us to delete it, or until 24 months after we stop operating KeepTier, whichever comes first.
- Server logs: rotated by Caddy (5 MB roll, 3 generations). Older entries are overwritten as new ones come in.
- Backups: 30 days, then overwritten.
- Calculator share-card images: we do not keep them. The PNG is rendered in your browser and either downloaded to your device, copied to your clipboard, or shared via the X composer. There is no server-side render path.
Your rights
If you're in the EU/UK (GDPR), California (CCPA/CPRA), or anywhere else that gives you data rights, you have at minimum:
- The right to know what we hold about you.
- The right to have it deleted.
- The right to have it corrected.
- The right to a copy of it in a portable format.
- The right to lodge a complaint with your data-protection authority.
To exercise any of those, email privacy@keeptier.com from the address you signed up with. We aim to action requests within 7 days; the GDPR limit is 30. There is no charge.
Children
KeepTier is sold to creators running paid memberships — adults running businesses. It is not directed at anyone under 16, and we do not knowingly collect data from anyone under 16. If you believe a child has signed up to the waitlist, email us and we'll delete the entry.
Changes to this notice
We'll update this page in place when material things change (a new subprocessor at paid-product launch, a new data category, a new retention rule). The "effective" date at the top reflects the most recent change. We don't currently maintain a public changelog of edits because the page itself is short enough to diff in your head; if that becomes false, we'll add one.
Contact
Privacy questions: privacy@keeptier.com. Anything else: the homepage waitlist or @bitinvestigator on X.