Privacy Policy
Effective date: July 11, 2026
1. Who we are
Remly is a semantic, cross-source search and knowledge layer, operated by REMLY LLC. Remly runs as a web platform at app.remly.it, with a companion Mac app that indexes files on your device. Company: REMLY LLC. Contact: team@remly.it. Website: remly.it.
2. What we collect
Account data: when you sign in, we receive your name and email. We use your name to personalize Remly and your email to identify your account and send essential service communications.
Usage data: we store your subscription status to determine feature access, and a token usage counter for AI use in the current billing cycle (it resets each cycle and records counts, not the content of your queries).
Content you connect: when you connect a cloud source (Google Drive, Gmail, Slack, Notion), Remly indexes the content and metadata you authorize so you can search and ask across it. Indexed content is stored in our database (see section 5).
Local Mac files: the companion Mac app indexes files you choose. The original files stay on your Mac and are never uploaded. The derived index (chunks, embeddings, metadata) is, per folder, either kept local-only on your device or synced to our cloud – your choice.
Activity: your searches and conversations are stored per account to provide the service. They are not visible to other accounts and are not browsed by staff as a matter of course.
3. How we use your data
We use your data to provide and operate Remly: to authenticate you, run semantic search and Ask across your connected sources and local index, manage your subscription, enforce plan limits, and send essential service communications. We do not sell your data.
4. Who we share data with (subprocessors)
We share data only with the providers needed to operate Remly: Google (sign-in, and Google Drive/Gmail if you connect them); Clerk (authentication); Supabase (database and storage – Postgres with pgvector); OpenAI (semantic search, embeddings, and the Ask feature – OpenAI does not train on data sent through its API); Stripe (payments – we do not store card details); Resend (essential and, if you opt in, product-update emails); PostHog (product analytics – usage events, processed in the US region; cookie-based and only active if you accept analytics cookies); Slack and Notion (if you connect them). Your use of connected sources remains subject to their own terms.
5. Where your data lives, and encryption
Cloud-indexed content is stored in Supabase (Postgres with pgvector), encrypted at rest. OAuth tokens receive an additional application-level encryption layer before storage. All connections are encrypted in transit over HTTPS/TLS – browser to our API, our API to provider APIs, the Mac app to our API, and our API to the database. The Mac app talks only to our web API, never directly to the database. The derived index that stays on your Mac is protected by your Mac’s own disk security (FileVault); we don’t yet add a separate application-level encryption layer to it there.
6. Cookies, tracking, and analytics
Remly uses a small number of essential cookies to keep you signed in and to process payments; these are set by our authentication provider (Clerk) and payment provider (Stripe). We do not use cookies for advertising and we do not sell information collected through cookies. In regions that require it (such as the EU and UK), we request your consent before setting any non-essential cookies.
Analytics: we use PostHog to understand how the site and product are used – which pages are viewed and which features are clicked. It is cookie-based and runs only if you accept analytics cookies in our consent banner; if you decline, no analytics cookies are set and nothing analytics-related is sent. We collect usage and interaction events, never the contents of your files, searches, or documents. These events are processed in PostHog’s US region. You can decline at any time, and declining stores no analytics cookies.
7. AI training
Remly does not train AI models on your data without your explicit opt-in. The “Use my data to train AI models” setting is off by default. Personalized search ranking is a separate, per-account setting and is never shared or used in aggregate.
8. Internal access
Production data access is tightly restricted; engineering staff may access the production database only for incident debugging, and we are putting access logging in place to record such access. We do not bulk-export your content.
9. Permission-aware search
Remly enforces source permissions per query. At index time it snapshots each document’s access list from the source; at query time, results are filtered to what you can currently see. If sharing changes in the source, the next sync refreshes the snapshot. The same filter applies to Search, Ask, and the MCP server.
10. How long we keep your data
Account data is retained until you delete your account. The token usage counter resets each billing cycle. If you cancel your subscription, your indexed data is kept for 30 days, then permanently and automatically deleted. Your local index lives on your device until you remove it or uninstall the Mac app.
11. Account deletion
You can delete your account anytime from Settings → Advanced → Delete account. Deletion is immediate and irreversible – your account is deactivated and your indexed content is permanently removed right away, with no recovery window. Because it cannot be undone, confirm carefully before you proceed.
12. Data export
A data export feature (indexed documents, conversations, and settings) is planned. Once available it will appear under Settings → Advanced → Data export.
13. Your rights
You can request access to, correction of, or deletion of your personal data, and a copy in a machine-readable format. Contact team@remly.it; we aim to respond within 30 days.
EU/EEA residents (GDPR): you also have the right to restrict or object to processing and to lodge a complaint with your local data protection authority. Our legal bases: contract (account, subscription, service communications), consent (sending content to AI providers when you use Ask; training on your data if you opt in), and legitimate interests (enforcing fair-use limits).
14. California privacy rights (CCPA/CPRA)
If you are a California resident, you have specific rights under the CCPA/CPRA.
Categories we collect: identifiers (name, email); commercial information (subscription status); internet or other activity (token usage counts); and the content you choose to connect or index. We collect these to provide and operate Remly, as described above.
We do not sell or share your personal information, and we do not use it for cross-context behavioral advertising.
Your rights: to know what we collect, to delete it, to correct it, and to opt out of sale or sharing (not applicable, as we do neither). We will not discriminate against you for exercising these rights.
To exercise any of these, contact team@remly.it.
15. Children
Remly is not intended for anyone under 16, and we do not knowingly collect data from children under 16. Contact team@remly.it if you believe a child has provided us data and we will delete it.
16. International transfers
REMLY LLC is based in the United States. If you are in the EU/EEA, your data is transferred to and stored in the United States; these transfers rely on Standard Contractual Clauses. Where required, we appoint a representative in the EU for data-protection matters.
17. Security and compliance
Remly is built with read-only connector access, encryption in transit and at rest, and application-level encryption for sensitive tokens. We support GDPR-style deletion now and data export soon. If a data breach affects your personal data, we will notify you and the relevant supervisory authorities as required by applicable law. We do not currently hold formal certifications such as SOC 2 or ISO 27001 (SOC 2 is on our roadmap). Remly is not HIPAA compliant and should not be used for protected health information.
18. Changes to this policy
We may update this policy. For material changes we will update the effective date and notify you by email or in-app. Continued use after changes take effect constitutes acceptance.
19. Contact
Questions or requests: team@remly.it. REMLY LLC · remly.it · team@remly.it