Kept AI Chat Archive: Privacy Review for Solo Freelancers

If you spend half your week threading client work through ChatGPT, Claude, or Gemini, you are sitting on a private archive of contracts, code, debugging sessions, half-written emails, and prompts that took you hours to refine. That archive lives inside the vendor’s interface. You cannot grep it. You cannot back it up cleanly. And the moment your account is suspended, throttled, or repriced, that working memory is gone. Kept proposes a different deal: a Chromium extension plus a small desktop app that quietly mirrors every conversation to a folder of Markdown files on your own machine. The pitch is precise, and for solo freelancers the question is just as precise: is the privacy posture as clean as the marketing says, and where does it carry risk? Short answer up front, before the details: based on the project’s README and architecture as of late May 2026, Kept earns a USE WITH CAUTION verdict for paid client work. The local-first design is real, but the trade-offs are non-trivial.

We base this conclusion on the public source, the README’s Privacy and Security section, and the architectural diagram the maintainers ship with the repo. We do not have a hosted service to audit because there is no hosted service. That single fact reshapes the entire review. (For the full evaluation framework we apply to every AI tool review, see how we vet privacy claims.)

What Kept does with your data

Per the project’s README on GitHub (retrieved 2026-05-28), Kept ships as two pieces: a Chromium browser extension and a desktop application built on Tauri. The extension reads conversation data from provider API endpoints using the session you are already signed into in your browser, normalizes the messages and supported image assets, and forwards the payload over http://localhost:18241 to the desktop app. The desktop app writes plain Markdown files to ~/.kept/vault/, indexes them in a local SQLite full-text search database, and builds a knowledge graph using CozoDB. There is no server account, no remote vault, and no third-party storage layer. The README states this directly: Kept has no hosted account and no cloud sync.

The extension is sideloaded in developer mode for now (the Chrome Web Store listing is not live as of writing) and uses a per-install bearer token stored at ~/.kept/token to authenticate calls to the local Kept server. The supported providers are ChatGPT, Claude, Gemini, Grok, and Kimi. The architecture deliberately does not scrape rendered HTML pages; it talks to the provider’s own API endpoints with your authenticated session, which is more reliable but also means the extension can read everything those endpoints expose for your account.

Outbound network calls from the desktop app are limited to two known channels per the README: the update checker hits a configured release endpoint to look for new desktop builds, and optional chat, topic discovery, and graph features only call the model provider you explicitly configure, or a local Ollama instance if you point it there. There is no telemetry section, no analytics SDK mentioned, and no error-reporting service named in the documented architecture. The project is MIT licensed, so any of those claims can be independently verified by reading the source.

What this means for solo freelancers

The good news first. If you are a freelance developer, writer, designer, or consultant whose client work routinely passes through AI chat interfaces, the data-control posture Kept offers is genuinely rare. Three scenarios make the value tangible.

Scenario one. A developer pastes a sanitized client database schema and four hours of debugging conversation into Claude. Six months later, the client asks for a postmortem of that exact incident. With Kept, the conversation is a grep-able Markdown file on the laptop. Without Kept, the conversation either still lives in the vendor’s UI (where it can be deleted by retention policies, account suspension, or product changes) or has to be screenshotted in pieces. The local archive answers a real working need.

Scenario two. A consultant working under an NDA with a US enterprise client uses ChatGPT to draft an architecture review. The NDA prohibits client data leaving systems the consultant directly controls. Kept moves the conversation history from OpenAI’s servers to the consultant’s machine the moment the chat happens, which is closer to NDA compliance than the default vendor configuration. Based on the policy as written, this approach reduces the surface area of where client content is stored, but it does not change the fact that OpenAI still retains its own copy under its own retention policy. The Kept archive complements the vendor’s storage; it does not replace it.

Scenario three is where the risk lives. A Chromium extension that reads provider API endpoints using your signed-in session has, by design, the same reach as those endpoints do. The README is upfront that this is not HTML scraping but direct API consumption. For freelancers whose browser profile mixes personal and client accounts, the extension reads whatever your account can read. If you are signed into ChatGPT Enterprise for a client and into your personal ChatGPT in the same browser profile, the extension does not magically know which conversations belong to which contract. You decide that by managing browser profiles, not by trusting the tool. Treat the extension’s reach as equal to your session’s reach, and architect your browser profiles accordingly.

One more risk vector worth naming. Because the extension lives in developer mode (until the Web Store listing goes live), it does not benefit from the Chrome Web Store’s automated malware scanning or update channel. You install it by loading an unpacked folder. That is acceptable for individual technical users but is not appropriate for client-managed devices or for solo workers under managed-IT contracts where loading developer-mode extensions may itself be a policy violation.

How to use it safely

Treat Kept like any other tool that can read your AI conversations: keep its scope tight, audit it where you can, and segregate by client. Concrete steps.

• Use a dedicated Chromium profile for client work. Install the extension only in that profile. Personal AI conversations stay in a separate profile where Kept is not running. This contains the extension’s reach to the accounts you actually want it to mirror.
• Audit the source before you trust the binary. The MIT license and the public repository (github.com/egroup-labs/kept) mean you can read the platform adapters in extension/platforms/ and verify what each one fetches. For paid client work, build from source rather than running a downloaded installer where you cannot diff the binary.
• Encrypt the vault folder at rest. The Markdown files at ~/.kept/vault/ are plain text. On macOS use FileVault on the volume that hosts your home directory; on Linux use full-disk encryption or at minimum an encrypted home with eCryptfs or fscrypt; on Windows enable BitLocker on the OS drive. If a laptop is lost, the entire conversation history is readable without this layer.
• Disable the optional chat-over-your-vault feature unless you understand the egress. The README is explicit that this feature calls the model provider you configure. If you point it at a hosted OpenAI key, your archive content goes back to OpenAI’s servers in the queries that feature generates. Use a local Ollama instance for this feature if you want to keep the privacy story intact.
• Set a separate vault path per client where it matters. The KEPT_VAULT_PATH environment variable lets you point Kept at a different folder per launch. For projects under strict NDAs, a per-client vault folder on an encrypted external volume is a cleaner audit trail than a single mixed vault.
• Treat the bearer token at ~/.kept/token as a secret. Do not check it into dotfiles repositories, do not back it up to cloud sync, and rotate it (delete the file, reconnect via http://localhost:18241/connect) if you suspect the machine was compromised.

Privacy-friendlier alternatives

Kept solves one specific problem: archiving conversations from hosted AI providers to your local machine. If you want to push privacy further, three adjacent tools cover the surrounding workflow and pair well with Kept rather than replacing it.

• Proton Drive (free tier, paid from roughly four to ten US dollars per month depending on storage). If you decide your encrypted laptop is not enough and you want a synced backup of the vault, Proton Drive is the cleanest option for solo freelancers who do not want to host their own server. End-to-end encrypted, Swiss jurisdiction, and a CLI for syncing folders. What this gives you that Kept alone does not: a backup of the vault that survives laptop loss, without breaking the local-first principle.
• Bitwarden (free tier covers all the essentials for solo workers; paid Premium at around ten US dollars per year). The bearer token Kept stores at ~/.kept/token is the kind of secret that should not live as a plain file in a home directory you back up to cloud sync. Bitwarden’s Secrets Manager handles this category of token cleanly. What this gives you that the default Kept install does not: rotation hygiene and audit log for the local API token.
• Tailscale (free tier covers up to 100 devices for personal use). If you want to access your Kept vault from a second machine (a desktop while traveling, a tablet for review) without putting the files on a third-party server, Tailscale gives you a WireGuard mesh between your own machines. Combined with tailscale serve or a small file server, you can read your vault remotely without ever exposing it to the public internet. What this gives you that cloud sync does not: zero third-party storage exposure.

For the hardware side of solo-worker security, a YubiKey 5C NFC is the practical way to harden the underlying provider accounts (your ChatGPT, Claude, and Google logins) whose sessions Kept actually consumes. Kept reads what your session can read; tightening the session with a hardware key tightens what Kept can mirror in the first place.

The verdict

Frequently asked questions

Does Kept send my AI chats to its own servers?

Based on the project README and architecture diagram as written, no. The desktop app stores all conversations locally under ~/.kept/vault/ with no remote backend. The only outbound calls documented are the update checker hitting the Kept release endpoint, and any optional chat or graph feature that calls a model provider you explicitly configure. There is no telemetry SDK or analytics service named in the documented network surface.

Is Kept safe to use under a client NDA?

It depends on what your NDA actually prohibits, and we are not giving legal advice here. Based on the policy as written, Kept does not add a new third-party processor to the chain because there is no Kept-operated server. It does however not remove the vendor (OpenAI, Anthropic, Google) from the chain either, because those companies still hold their own copy under their own retention rules. Kept mirrors, it does not relocate. Review your NDA’s specific data-handling language with that distinction in mind.

Does Kept train on my conversations?

No model training happens inside Kept. The desktop app indexes your conversations locally for search and builds a knowledge graph, but there is no documented training loop and no outbound data path that would feed a model. The README is explicit that optional chat features call only the model provider you configure, which is opt-in and routes through that provider’s own training-opt-out settings.

Can the Chromium extension read more than just my AI chats?

The extension’s documented behaviour is limited to the supported providers (ChatGPT, Claude, Gemini, Grok, Kimi) and uses their API endpoints with your authenticated session. The README does not list the full Chrome permissions manifest in narrative form, so for paid client work the recommended path is to read extension/manifest.json in the repository before installation, and to install the extension only in a dedicated browser profile that is not signed into your personal Google or personal AI accounts.

Is Kept a good fit for solo freelancers handling EU client data?

Based on the architecture as written, Kept reduces the count of third-party processors involved in storing a copy of the conversation, which is generally helpful for EU freelancers acting as data controllers. It does not change the underlying vendor relationship (OpenAI, Anthropic, Google still retain their own copies), and it does not produce any data processing agreement of its own because it is not a service. EU solo workers should treat Kept as a local archival layer and continue to manage the vendor-side data processing agreements separately.

Should I use Kept on a client-managed laptop?

Probably not without explicit written approval. The extension currently installs in developer mode, which is often blocked or flagged by managed-device policies. Even on machines where it is technically allowed, the bearer token at ~/.kept/token and the plain-Markdown vault are the kind of new local artifacts that an enterprise IT review may flag. Use Kept on your own work machine, keep the vault on an encrypted volume you control, and clear any client-side approval in writing before installing it on equipment you do not own.

Sources

• Kept GitHub repository and README, including the Privacy and Security section and the How It Works architecture diagram — github.com/egroup-labs/kept (retrieved 2026-05-28).
• Kept product launch on Product Hunt, May 2026 — producthunt.com/products/kept-ai-on-your-local-conversations.
• Kept installation scripts and release artifacts at the kept.work domain — referenced in the README quick install section (retrieved 2026-05-28).
• Project license file (MIT) — included in the linked GitHub repository (retrieved 2026-05-28).

Reviewed by Jérémy, founder of AidTaskPro and GreenBudgetHub. Based in central France. Privacy posture sourced from public project documentation and the GitHub repository as of 2026-05-28.

[INTERNAL_LINK_TO_CLUSTER_ai-privacy-reviews] [INTERNAL_LINK_TO_CLUSTER_ai-privacy-reviews]