Privacy Policy
1. Who we are
EverKeeping is developed and operated by Nuno Fortes, an independent software developer based in Portugal, European Union, trading as EverKeeping. As the party that determines the purposes and means of any personal data processing, Nuno Fortes acts as the Data Controller under the EU General Data Protection Regulation (GDPR - Regulation 2016/679).
Contact for data protection matters: privacy@everkeeping.com
2. Data we do not collect
EverKeeping does not collect, transmit, or store:
- Your source files, backup data, or destination files - these stay on your devices.
- Usage statistics, telemetry, or crash reports.
- Information about your hardware, operating system, or installed software.
- Your IP address or location.
There is no analytics SDK, no tracking pixel, and no connection to EverKeeping or any third-party servers during normal backup operation. EverKeeping is offline by default; the only outbound connections are those you explicitly enable: email notifications (§4) and licence validation (§5).
3. Data stored on your device
EverKeeping stores the following data locally on your computer, at
%AppData%\EverKeeping\:
- Workspace configuration - your source folders, destination paths, schedules, and exclusion rules. This is your configuration data; it never leaves your machine.
- Backup history - a log of past backup runs, file counts, and any errors. Stored in a local SQLite database.
- File state cache - a record of file sizes and modification times used to detect changes and avoid copying unchanged files. Contains no file content.
You can delete all of this data by uninstalling EverKeeping and removing the
%AppData%\EverKeeping\ folder.
4. Email notifications (optional)
If you choose to enable email notifications, you provide an email address. We use this address only to send you backup status reports and failure alerts - nothing else.
Your email address is stored locally in your EverKeeping configuration. To deliver notifications, it is transmitted to Resend (resend.com), a transactional email service operating under a data processing agreement - the data transmitted consists of your email address, the message content (backup status or alert), and delivery metadata; the provider processes this data solely to deliver the email. Your email address is not used for marketing, is not sold, and is not shared with any third party for any other purpose.
Legal basis: Your consent (GDPR Art. 6(1)(a)), given when you enable this feature. You can withdraw consent at any time by disabling email notifications in Settings.
5. Licence activation
If you purchase a Personal or PRO licence, your payment is processed by Paddle (our payment processor). Paddle operates as an independent data controller for payment data - their privacy policy (paddle.com/legal/privacy) governs that data. EverKeeping receives confirmation of your licence status only; we do not receive or store payment card details.
To validate your licence, EverKeeping contacts Paddle's licence validation endpoint, transmitting your licence key only. No device identifier or fingerprint is transmitted by EverKeeping. Device limit enforcement is managed by Paddle under their own privacy policy.
Legal basis: Performance of a contract (GDPR Art. 6(1)(b)).
6. International data transfers
EverKeeping is based in Portugal (EU). The two external services that may receive your personal data are based outside the EEA:
- Resend (email notifications) - Resend may process your email address on servers outside the EEA. This transfer is governed by Standard Contractual Clauses (SCCs) adopted under GDPR Art. 46(2)(c), ensuring an equivalent level of protection.
- Paddle (licence and payment processing) - Paddle operates as an independent data controller and may process data outside the EEA under their own transfer safeguards. See Paddle's privacy policy at paddle.com/legal/privacy for details.
7. Your rights under GDPR
As a data subject in the EU, you have the right to:
- Access - request a copy of the personal data we hold about you.
- Rectification - ask us to correct inaccurate data.
- Erasure - ask us to delete your data ("right to be forgotten").
- Restriction - ask us to limit how we process your data.
- Portability - receive your data in a structured, machine-readable format.
- Withdraw consent - where processing is based on consent, withdraw it at any time.
Given that EverKeeping holds almost no personal data by design, most of these rights can be exercised directly: disable email notifications to remove your email address from our systems; uninstall the application to delete all local data. The only data held externally is your email address (if notifications are enabled) and licence status held by Paddle as an independent controller under their own privacy policy. For anything else, contact privacy@everkeeping.com.
You also have the right to lodge a complaint with the Portuguese data protection authority (CNPD - cnpd.pt) or the supervisory authority in your EU country of residence.
8. Data retention
We retain your email address for as long as email notifications are enabled. If you disable them, your email address is removed from the configuration. Licence and payment records are retained by Paddle as an independent data controller - their privacy policy governs those records. EverKeeping stores only your validated licence status locally on your device; this is removed when you uninstall the application.
9. Children
EverKeeping is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, contact us at privacy@everkeeping.com and we will delete it promptly.
10. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes through the application or by email. The current version is always available at everkeeping.com/privacy and within the application at About → Privacy Policy.
11. Contact
For any privacy-related questions or to exercise your rights:
- Email: privacy@everkeeping.com
- Address: EverKeeping, Portugal
We aim to respond to all data subject requests within 30 days.