Privacy Policy

Last updated: December 5, 2025

Overview

Keyboard is built and maintained by Dev-Docs Inc. ("we," "us," or "our"). We make a local-first, open-source tool that helps you connect your apps and AI clients securely. We believe privacy should be the default.

This policy explains what information we collect (very little), how we use it, and how we protect it.

Questions? Email privacy@keyboard.dev.

  1. How Keyboard Works

Keyboard acts as a universal MCP (Model Context Protocol) server that runs locally on your machine, enabling secure communication between AI clients and your connected applications.

Keyboard is designed with security and privacy at its core. We follow a zero-trust architecture, meaning we build every feature from the ground up with data protection in mind. Our approach minimizes data collection and ensures that what we do store is encrypted and necessary for functionality.

Credentials: We store the minimum credentials necessary to run Keyboard. WebSocket connections communicate locally on your device.

Application data: We never train on, access, or store any of your third-party application data (such as messages, files, or code) that flows through Keyboard. This data remains private and is never transmitted to our servers.

Third-party connections: When you connect tools like ChatGPT, Claude, GitHub, or Notion, data goes directly between you and them under their privacy policies.

Open source: Our code is publicly auditable on GitHub. You can verify exactly how your data is handled.

  1. Information We Collect

Account Information

To use the hosted Keyboard service at keyboard.dev, you must create an account. When you register, we collect:

  • Name

  • Organization name

  • Email address

  • Account creation date

This information is used solely for authentication, account management, and essential service communications.

We use WorkOS to handle all authentication, including email/password and Single Sign-On (SSO). WorkOS encrypts data at rest and in transit, and only stores the data necessary from your identity provider to facilitate authentication.

Credentials

To enable Keyboard's remote server functionality, we securely store your initial GitHub Personal Access Token (PAT) in the cloud. This token is scoped only to a public repository that is forked when you create your Keyboard account. The token is encrypted and necessary for the service to function. Other service credentials and OAuth tokens remain on your device.

From the Keyboard App

Keyboard may collect anonymized usage metrics to help us improve the product. You can opt out of usage data collection at any time. We do not store any of your third-party application data that flows through Keyboard.

We may temporarily log errors and security events for debugging and incident response purposes. These logs are retained for 30 days and are used solely to maintain service security and reliability.

Any scripts you save in Keyboard are encrypted and stored so you can reuse them across sessions. These scripts remain private and encrypted.

From the Keyboard Website

When you visit keyboard.dev, we may collect limited anonymized technical information such as:

  • Page views and referral sources

  • Information you voluntarily provide (for example, through contact forms or support requests)

Payments

We use Stripe to process payments. Stripe may collect:

  • Billing information (name, address, payment card details)

  • Transaction history

We never see or store your full payment card information. Stripe handles all payment processing securely under their privacy policy.

  1. How We Use Your Information

We use the information we collect to:

  • Authenticate you and provide access to Keyboard

  • Send essential account-related emails (e.g., password resets, account updates)

  • Respond to support requests

  • Process payments (via Stripe)

  • Improve Keyboard's security and reliability

  • Analyze anonymized usage data to improve the service (you can opt out)

We do not:

  • Sell or rent your data

  • Share your data with advertisers

  • Use your data for marketing purposes (unless you explicitly opt in)

  • Track your behavior across websites

  1. Your Data and Rights

Account Data: You own your account information. You can update your email or name at any time through your account settings.

Configurations and Usage Data: For our enterprise product, we may store configurations and anonymized usage data to improve the service. You can opt out of usage data collection at any time. Enterprise customers always have the option to run Keyboard on their own infrastructure for complete data control.

Local Data: Credentials stored on your device are entirely yours. We have no access to them.

Third-Party Application Data: We do not store any of your third-party application data that flows through Keyboard.

Your rights: You can access, correct, or delete your account information by emailing privacy@keyboard.dev. You can also request an export of your account data or opt out of anonymized usage data collection.

If you're in the EU or California, you have additional rights under GDPR and CCPA, including data portability and the right to opt-out of data sales (though we never sell data).

  1. Third-Party Services

When you connect services through Keyboard, you grant permissions directly to them through their OAuth flows. Keyboard facilitates the connection locally but does not proxy, intercept, or store your authentication tokens or data, unless necessary for the service to function, in which case we store only the minimum credentials needed.

Your interactions with those services are governed by their privacy policies.

  1. Legal Requests and Compliance

We may disclose your information if required by law, in response to valid legal requests (subpoenas, court orders), or to protect our rights or the safety of others. Where permitted by law, we will notify you before disclosing your information.

  1. Security

We use industry-standard security measures, including:

  • Authentication managed securely through WorkOS

  • HTTPS/TLS for data transmission

  • Encryption for stored credentials and saved scripts

  • Regular security audits and updates

Since Keyboard runs locally, your data security also depends on your device and environment security.

  1. Children's Privacy

Keyboard is not intended for children under 13.

We do not knowingly collect data from minors.

If you believe a child has created an account or shared personal data with us, please contact privacy@keyboard.dev, and we will promptly delete the account.

  1. Updates to This Policy

We may occasionally update this Privacy Policy to reflect product or legal changes.

The most recent version will always be available at keyboard.dev/privacy.

If we make material changes, we will notify you via email at the address associated with your account.

  1. Contact Us

Dev-Docs Inc. (d/b/a Keyboard)
c/o Northwest Registered Agent, Inc.
2108 N St, Ste N
Sacramento, CA 95816
United States

For privacy or data protection inquiries: privacy@keyboard.dev

Summary

Keyboard is open source, local-first, and private by design.

We require an account for authentication and may collect anonymized usage metrics (which you can opt out of). We never store your third-party application data, never sell your information, and provide enterprise customers the option to run Keyboard on their own infrastructure for complete data control.

Contact

Support

Work inquiries

Company

Terms of Service

Privacy policy

Social

GitHub

LinkedIn

X

Blog

© 2025 Keyboard.dev. All rights reserved.