Policies marked Draft are published in draft form and subject to change pending legal counsel review.
Keel

Policies

Keel maintains the following policies governing data, security, and access. Publicly available policies are linked below. Internal policies are listed by title and made available to limited partners, regulators, and audit counterparties on request.

Public Policies

  • Privacy PolicyDraft

    Describes what personal information we collect from limited partners and prospects, how we use and share it (including bank data via Plaid), retention periods, and your rights. Published in draft and subject to change pending legal counsel review.

  • Terms of ServiceDraft

    The terms governing access to and use of the firm's websites, portals, and fund-administration software. Published in draft pending legal counsel review.

  • Cookie NoticeDraft

    How we use cookies and similar technologies — primarily strictly-necessary authentication and security cookies, with no cross-site advertising tracking.

  • Plaid Data-Use DisclosureDraft

    How we use Plaid to connect financial accounts, what data is accessed for reconciliation, how it is protected, and how to revoke access.

Internal Policies

The following policies govern firm operations and are not published in full to preserve operational security. A redacted copy is available to limited partners, regulators, and audit counterparties on written request.

  • Information Security Policy

    Master security policy governing data classification, secure development, incident response, vendor management, cryptography, and business continuity.

    Draft
  • Patch SLA Policy

    Time-to-patch service levels by vulnerability severity (Critical 7 days / High 30 / Medium 90 / Low 180), supported by automated dependency scanning.

    Draft
  • EOL Software Management Policy

    Six-month dependency inventory, vendor end-of-life monitoring, upgrade-vs-replace decision criteria, and documented exception handling.

    Draft
  • Access Control Policy

    Role-based access tiers, written request workflow, off-boarding checklist, quarterly access reviews, and audit-event capture for all administrative actions.

    Draft
  • Data Retention and Deletion Policy

    Retention periods by record category, deletion procedures, limited-partner-initiated deletion request handling, and vendor data deletion propagation.

    Draft

Compliance & Attestations

The firm maintains compliance with applicable financial-services regulations governing private fund advisers. We are in active progress toward formal attestations with our data partners, including Plaid. Detailed compliance information is available on request.

Requests & questions. For a redacted copy of any internal policy, or to exercise rights described in the Privacy Policy, contact us through the address published on keelpro.xyz.