Security Incident Response

Effective date: April 25, 2026

This document describes how Keeply responds to security incidents that may involve merchant or customer data.

Scope

This policy applies to any event that may compromise the confidentiality, integrity, or availability of Protected Customer Data — customer names, emails, order history, and merchant account data.

Detection

• Sentry: automated error tracking and anomaly detection in real time
• Access logs: every read/write of customer data is logged
• Infrastructure alerts: Fly.io alerts for unusual access patterns
• Merchant reports: direct notification via email

Containment

• Immediately revoke compromised API keys, tokens, or credentials
• Take affected service offline if necessary
• Preserve logs — do not delete

Notification

• Affected merchants notified within 72 hours of a confirmed breach
• Notification includes: what happened, what data, what actions to take
• Shopify notified via Partner Dashboard

Post-Mortem

Within 7 days: root cause documented, timeline recorded, preventive measures implemented.

Contact

support@usekeeply.app