Privacy Policy
Last updated : Sept 2025
This Privacy Policy describes how remio ("we," "us," or "our") collects, uses, and shares personal information of users ("you") of our AI-powered personal knowledge hub.
TL;DR – remio Privacy Policy
Local-First, Privacy-First
remio prioritizes simplicity and privacy: your notes, highlights, and collections stay on your device. AI features leverage third-party models, with encrypted, short-lived logs that respect your boundaries.
What We Collect: Only your username and email via Google SSO for account authentication. No additional personal information is gathered.
How It Works: We don’t store or process your content (notes, highlights, collections). Instead, we securely relay requests to established third-party large language model providers for AI functionality.
Temporary Logs: Algorithm usage logs are temporarily cached for operational and troubleshooting purposes, retained for a maximum of 30 days, then automatically deleted.
No Over-Collection: We minimize data collection—your ideas and content remain under your control, processed locally on your device unless you choose to sync.
Data Protection: AI interactions are encrypted and anonymized. No personal data is used to train models.
Storage & Retention: We don’t retain user content; cached logs are purged after 30 days.
Security Measures: Robust encryption and strict access controls safeguard your privacy. Third-party providers adhere to their own compliance standards.
User Control: You can access, edit, or delete your Google SSO-linked username and email anytime through settings.
Third-Party Sharing: Minimal data (username, email) is shared only with trusted security services or legal authorities when legally required.
🔒 Your knowledge, your control.
Data Collection and Use
We collect the following types of data:
User Information: Usernames, registration methods (Google, email, Apple ID), user type (free/paid).
Device Information: Type of device, window size.
Content: Browsed local files/webpages, highlights, comments, notes, and collections. We strive to capture valuable knowledge while filtering out irrelevant content.
Usage Data: Frequency of use, features used, search queries.
Ask remio Interactions:
When you use the "Ask remio" feature, your questions and the AI-generated responses are temporarily stored to provide contextual information and improve the quality of the service.
These interactions are encrypted and stored separately from your personal notes and collections.
We do not use these interactions to train the AI model on personal data or reveal sensitive information.
We use this data for the following purposes:
Personalization: Tailoring the user experience to individual preferences.
Knowledge Management: organizing and summarizing information to enhance user insights.
AI Functionality: Powering AI features such as smart collections, smart writing, and content blending.
Improvement of Services: Analyzing user activity to improve remio’s functionality and user experience.
We assure users that their ideas remain their own, and remio does not access personal data. We implement encryption and other security practices to protect user data.
Information Security for AI Interactions
Data Encryption: All interactions with the "Ask remio" feature are encrypted to protect confidentiality.
Access Controls: Access to these interactions is strictly limited to authorized personnel for monitoring and service improvement purposes.
Anonymization: Before using any interaction data for analysis, we remove personally identifiable information to ensure anonymity.
Monitoring: We monitor AI interactions for security threats, policy violations, and abusive behavior. Any violations may result in immediate termination of access.
Data Retention: Interaction data is retained for a limited period to maintain context and improve service quality. Once it has fulfilled its intended purpose, it is securely deleted.
Data Storage and Retention
All data processing is handled securely through third-party large language model providers, and we do not store user content (such as notes, highlights, or collections) on our servers. Minimal data is stored as follows:
User Information: We only collect your username and email via Google SSO for account authentication. This information is retained as long as your account remains active.
Content: We do not store your content; all notes, highlights, and collections are processed locally on your device or through third-party services as needed.
Usage Data: Algorithm usage logs are temporarily cached for operational and troubleshooting purposes. These logs are retained for a maximum of 30 days and then automatically deleted.
Information Security for AI Interactions
To purchase remio products and services, you need to provide an email address.
We don't share your email with third parties, except payment processors (Stripe).
We only send payment receipts and important product updates to your email.
You may choose to delete your remio account at any time using the account dashboard, which will permanently delete your account, licenses, and subscriptions.
Data Sharing and Disclosure
We may share data with the following third parties:
Content Moderation APIs: We use services such as Google SSO, apple SSO, OpenAI Content Moderation API, Gemini Content Moderation api to ensure content safety.
Legal Requirements: We reserve the right to disclose data if required by law.
We will seek user consent before sharing data with third parties for purposes outside the scope of this privacy policy.
User Rights and Control
Users have the following rights:
Access and Correction: Users can access and correct their personal information by logging into their account settings. In the account settings, they can review and edit their profile information, such as name, email address, and other contact details. For other information, they can request access by contacting remio directly.
Data Portability: Users can export their data by contacting our support team. We will provide the user with a copy of their data in a commonly used format, such as JSON or CSV. This allows users to transfer their data to other services or keep it for their records.
Opt-Out: Users can opt-out of certain data collection practices, such as personalized recommendations, by adjusting their privacy settings in their account. Users can disable specific features that rely on personalized data collection, such as smart collections or tailored suggestions. Additionally, users can disable cookies and tracking technologies in their browser settings.
Cookies and Tracking Technologies
We use cookies to track user behavior and preferences to improve user experience. We also use third-party analytics tools that collect data as described in their respective policies. We honor "Do Not Track" signals from browsers.
Compliance with Privacy Regulations
We comply with the following privacy regulations:
GDPR: For users in the EU, we comply with the General Data Protection Regulation.
CCPA/CPRA: For users in California, we comply with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).
PIPEDA: For users in Canada, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA).
Other Regulations: We adhere to other relevant federal, state, and local privacy laws.
Google API Services Data Processing Addendum
Access and Use of Google User Data
Data Access Scope When you authorize remio to connect with your Gmail account, we request the following permissions:
Read access to your Gmail email content and metadata
Access to your email labels and folder structure
Read access to your contact information (solely for email sender identification) Purpose of Data Use We use your Google user data exclusively for the following clearly defined purposes:
Providing AI-powered email search and analysis functionality
Generating email summaries and intelligent reply suggestions
Creating personalized email management experiences
Extracting and organizing tasks and action items from emails Data Processing Methods
Local-First Processing : Your email data is primarily processed and stored on your device
Encrypted Transmission : All data exchanges with Google APIs occur through encrypted connections
Temporary Processing : AI functionality requires data processing through third-party large language model providers, with data encrypted and anonymized during processing
No Training Use : Your email content is never used for AI model training or other machine learning purposes
Data Storage and Retention
Google User Data Storage
We do not permanently store your Gmail email content on our servers
Email data is stored locally on your device only, or processed according to your sync settings
Temporary logs generated from AI interactions are automatically deleted after a maximum of 30 days Access Controls
Only you can access Gmail data processed through remio
Our technical personnel cannot access your email content
All data access is subject to strict permission controls and auditing
Data Sharing Restrictions
Strict Data Protection Commitments
We will never sell your Gmail data to third parties
We do not use your email content for advertising purposes
We do not share your personal email data with other users or organizations
We do not disclose your email content to law enforcement or government agencies unless legally required Third-Party Service Providers When using AI features, we may send encrypted, anonymized data fragments to trusted third-party AI service providers, but these providers:
Cannot identify the data source or user identity
Do not retain or use this data for model training
Are bound by strict data processing agreements
User Control Rights
Data Access and Management
You can view the scope of Google data we access at any time in settings
You can revoke remio's access to your Gmail account at any time
You can request deletion of all data processed through remio
You can export all content you've created in remio Permission Update Notifications If we need to access additional types of Google user data, we will:
Notify you in advance and explain the reason
Update this privacy policy
Obtain your explicit consent before accessing new data
Security Measures
Technical Security Safeguards
All Google API calls use OAuth 2.0 secure authentication
Data transmission employs TLS encryption
Regular security audits and vulnerability scanning
Adherence to Google API services security best practices Compliance Commitment We strictly comply with all requirements of the Google API Services User Data Policy, including but not limited to data minimization principles, transparency requirements, and security standards.
Specific Google API Usage Disclosures
Gmail API Usage
What we access : Email content, headers, labels, and thread information
How we use it : For search indexing, AI analysis, and intelligent organization
Storage : Processed locally with temporary encrypted logs only
Sharing : Never shared with third parties except anonymized AI processing Google OAuth Integration
Authentication data : We collect your Google account email and basic profile information through Google Sign-In
Purpose : Account creation and authentication only
Retention : Stored as long as your account remains active
Data Subject Rights for Google Data
In accordance with Google API Services User Data Policy requirements:
Right to Access : View what Google data we've processed
Right to Rectification : Correct inaccurate data
Right to Erasure : Request deletion of your Google data from our systems
Right to Portability : Export your data in a machine-readable format
Right to Withdraw Consent : Revoke API access permissions at any time
Policy Updates
We are committed to providing you with understandable and easily available information about our policy and practices related to management of your personal information. This policy and any related information is available at all times on our website, https://www.remio.ai under Privacy or on request.
How to contact us
by email at info@remio.ai.
Our business changes constantly, and this privacy notice will change also. We may e-mail periodic reminders of our notices and conditions, unless you have instructed us not to, but you should check our website frequently to see recent changes. We are, however, committed to protecting your information and will never materially change our policies and practices to make them less protective of customer information collected in the past without the consent of affected customers.