Keybase – Privacy Policy

Last updated: 4/4/15

This Privacy Policy explains the information that Keybase, Inc. (“Keybase,” “we,” or “us”) collects about users of the Keybase software, website and related services (“Service”), how we use that information, and with whom we share it, as well as your choices about such uses and disclosures.

PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE USING THE SERVICE. It describes how your personal information will be treated as you use the Service. This Privacy Policy is not a contract with you, and does not create any legal rights or obligations between us.

We reserve the right, at our sole discretion, to modify or replace this Privacy Policy at any time in accordance with Section 9 (“Changes to this Privacy Policy”). Access to the Service is offered to you conditioned on your acceptance without modification of this Privacy Policy.

By using the Service, you consent to the collection, use and disclosure of information in accordance with this Privacy Policy. IF YOU DO NOT ACCEPT THIS PRIVACY POLICY, DO NOT USE THE SERVICE. If you have any questions, please contact us by sending an email to privacy@keybase.io or writing to Keybase, Inc., 85 Broad St., 18th Floor - NY, NY 10004.

  1. Collection of Information
  2. How We Use and Share Your Information
  3. Your Choices
  4. Cookies
  5. Children
  6. Users From Outside of the United States
  7. Your California Privacy Rights
  8. Security
  9. Changes to This Privacy Policy
  10. Contact Us

1. COLLECTION OF INFORMATION

Information you choose to provide:

Personal Information. We collect and store information that can identify you personally (“Personal Information”), such as your name, email address and usernames for your social media accounts when you use our public directory (the “Directory”).

Actions. We also collect information about certain actions that you may take while using the service (“Actions”), such as your proving you control a certain Twitter username, announcing your public key, editing your biographical information or editing any of your social media usernames.

Password Hash. We collect and store information about your Keybase password (your “password hash”) that allows you to prove you know your password; that hash is sent to Keybase’s servers.

Files and Data. We collect and store files and information that you transmit to other parties using the Service or that you elect to store on the Service.

Do Not Track. Keybase does not collect personally identifiable information from you to track you across third party websites. As a result, Keybase does not specifically respond to web browser Do Not Track signals.

Information collected automatically:

Usage Information. When you access or use the Service, we automatically collect and store information about your browsing habits and your use of the Service (“Usage Information”), including:

  • a. Your computer’s IP address
  • b. Your preferences and settings (time zone, language, privacy preferences, application preferences, etc.)
  • c. The URL of the site that referred you to the Service
  • d. The buttons and controls you clicked on (if any) within the Service
  • e. How long you used the Service and which parts and features you used
  • f. Session times and lengths

Logs of this information may persist for an indefinite period.

2. HOW WE USE AND SHARE YOUR INFORMATION

Use of Your Information

We use the information we collect to: provide and improve the Service and our other products and services; customize the Service for you; better understand our users; communicate with you about the Service and our other products and services that we think may interest you; verify the identity of Keybase’s users; and diagnose and fix problems with the Service.

Disclosure of Your Information

Except for Private Information (as defined below), all of the Personal Information you provide to Keybase and the Actions you take while using the Service will be published in the Directory and available for anyone in the public to view. The fingerprint of the Directory (i.e. the “hash” of the directory’s “Merkle tree root”) is published into the Bitcoin block chain periodically where it is permanently verifiable by anyone.

The Bitcoin block chain can be described most simply as a permanent ledger that exists outside of the Service, which can only be appended to. While your Personal Information is not published to the Bitcoin block chain directly, the Bitcoin block chain can help prove that Keybase is providing the same directory to everyone in the world.

For your protection from, and detection of, hackers and other undesirable intrusions into the Service, it is impossible to delete data from the Directory. If you want to alter information that you have provided, the previously provided information cannot be deleted and can only be revoked. When you update your identity, those changes are announced in the form of a statement by you, which is appended to the Directory. For example, if you change your Twitter username, your old Twitter username will not be deleted from the Directory. Instead, you will append a new statement, revoking the old Twitter username.

For a technical explanation of how Keybase supports “revocations” instead of “deletions”, how they are chained together, and how they are pinned to the Bitcoin block chain, please read our paper documentation https://keybase.io/docs/server_security.

Here are some of the other ways in which we share your information:

  • (a) We may disclose aggregated or anonymized information about our users for any purpose.
  • (b) We may disclose any information, including your Personal Information and any other information or data collected, stored or processed on our servers, if required to do so by law or in the good-faith belief that such action is necessary to (i) comply with any law, regulation, legal process or lawful governmental requests, (ii) protect the rights or property of Keybase or our customers, including the enforcement of our agreements or policies governing your use of the Service, and (iii) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Keybase employees, customers, or the public.
  • (c) In the event of a proposed or actual business transaction, corporate restructuring, sale or merger of Keybase, or involving some or all of our business, assets or equity, we may disclose and/or transfer information we have collected to those involved in assessing, planning and completing the sale (including the buyer and its employees, agents and representatives).
  • (d) With your consent or at your direction, including if we notify you through our Service that the information you provide will be shared in a particular manner and you provide such information in response to such notice.

What we don't share (collectively, “Private Information”):

  • (a) We do not share with anyone or publish in the Directory your Keybase password (also referred to as “passphrase”) or password hash.
  • (b) We do not share session cookies, login and reset-password links and site invitation codes and history.
  • (c) Keybase offers an encrypted private key store. In the Service, you may be offered to encrypt your private key with your passphrase and store that on Keybase’s servers. Your encrypted private key is not shared with anyone, and you may only decrypt it with your passphrase. If you lose your passphrase, Keybase cannot recover your private key, even if it has an encrypted copy.

We also do not sell or provide Personal Information about our users to any third party for its marketing purposes.

If you choose to share any other information with a third party, such as Facebook, Twitter, or an email provider, the collection and sharing of that information will be governed by that third party’s privacy policy. We can’t control what Facebook, Twitter, or anyone else does with information you choose to share with them.

3. YOUR CHOICES

Deleting Your Information. The record of your published information and Actions from the Directory and the Bitcoin Blockchain cannot be deleted. If you wish to change the Directory, you must revoke the prior information provided using the process described above under “Disclosure of Your Information”.

Other Issues. To contact us about any other issue with the Service, please email us at privacy@keybase.io.

4. COOKIES

We track the information that is collected automatically from you using cookies, or small text files which include an anonymous unique identifier. Cookies are sent to a user’s browser from our servers and are stored on the user’s computer hard drive. Sending a cookie to a user’s browser enables us to collect non-personal information about that user and keep a record of the user’s preferences when utilizing our Site, both on an individual and aggregate basis.

Keybase may use both persistent and session cookies; persistent cookies remain on your computer after you close your session and until you delete them, while session cookies expire when you close your browser. For example, we may store a persistent cookie to enable us to pre-populate form fields that you have previously completed on the website. Although you can disable cookies on your device by indicating this in the preferences or options menu in your browser, doing so may limit your ability to view or use the website and/or Service.

5. CHILDREN

We do not allow persons under 13 to register for the Service, and we do not knowingly collect any Personal Information from persons under the age of 13. We do not direct any of our business practices or system outputs towards children under the age of thirteen. If we are notified or have any other reason to believe that we have collected Personal Information from or about a child under the age of thirteen, we will purge all of the data and information collected from that user. Keybase cannot remove partial data or information regarding a specific user. As such, if a user’s data or information must be removed pursuant to this section, the entire record of such user’s data or information will be purged from the Service. If you believe Keybase has information from or about a child less than thirteen years of age, please contact us at privacy@keybase.io. If you are between 13 and 18 years of age, you must have your parent or legal guardian’s permission to use the Services. You must not access our website, use the Service or accept our Terms of Service if you are a person who is either barred or otherwise legally prohibited from receiving or using the Service.

6. USERS FROM OUTSIDE OF THE UNITED STATES

If you’re outside the United States, your information will be sent to and stored in the United States, where our servers are located. By accessing or using the Service, you agree to the information collection, use, and sharing practices described in this Privacy Policy.

7. YOUR CALIFORNIA PRIVACY RIGHTS

California Civil Code Section 1798.83 permits users who are California residents to request certain information regarding its disclosure of their personal information to third parties for their direct marketing purposes. If you are a California resident, you will be pleased to hear we’d sooner light our servers on fire than sell your data for direct marketing purposes. To make such a request, please contact us at legal@keybase.io.

8. SECURITY

Keybase takes reasonable security measures such as password protection and client-side encryption as we deem appropriate to protect the information we collect from misuse, unauthorized access, disclosure, alteration and destruction. Some hosting details for the technically-minded:

  • (a) The Service is currently hosted on Amazon’s AWS;
  • (b) All data is transferred with industry standard TLS during transmission; and
  • (c) Keybase’s website does not serve any 3rd party hosted JavaScript.

While we do use care to protect your information, no data transmission over the Internet or other network can be guaranteed to be 100% secure. As a result, we cannot and do not guarantee the security of any information you transmit on or through the Service, and you do so at your own risk.

9. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. If we make any material changes, we will use commercially reasonable efforts to notify you, by means of a notice on the Service. Those changes will go into effect on the “Last updated” date shown at the top of the updated Privacy Policy. Your continued use of the Service constitutes your consent to be bound by the revised Privacy Policy.

10. CONTACT US

If you have any questions about this privacy policy, please email us at privacy@keybase.io.

Please send us feedback & bug reports.
Keybase, 2017 | read our blog | terms & privacy

HEY GET A JOB! /HEY