Privacy Policy & Data Handling

Last updated: April 17, 2026 · Effective immediately

The one rule that matters most

We do not use customer memory data to train any models — ours or third parties.

No aggregation, no anonymization-then-training, no “improving our service” loophole. Contractually enforced in our DPA.

✗We never sell your data. Your memories, emails, goals, and notes are yours. We have no advertising business. Full stop.
✗We never train AI on your content. Your actual data is never fed into AI models — ours or anyone else's. Only fully stripped, unidentifiable pattern counts (e.g. "user had 40+ items") may be used, never your words.
✗We never write to your apps without permission. REM reads your apps to learn from them. It never sends emails, edits files, creates events, or modifies anything in a connected app unless you explicitly enable Write Mode and confirm the specific action.
✗We never share your data with third parties. Integration data never leaves our infrastructure except to generate your brief and automations. Your information is not visible to other users.
✗We never keep your data after you leave. Delete your account and everything is gone — memories, integration tokens, briefs, automations. No waiting period. No backups retained.

TL;DR — The promises that matter

✓ We never train AI models on your data

✓ We never sell your data to anyone

✓ Export all your data in one click

✓ Delete everything instantly, anytime

✗ No third-party analytics trackers

✗ No data shared with advertisers

What we store

Facts extracted from your memories — not raw chat logs, unless you choose to store them
Usage data — query counts for billing purposes
Account information — your email address and API key hash

Data processing

Your data is stored on Railway (US-East)
All data is encrypted at rest
We never train AI models on your personal data
We never sell your data to third parties

What data we access from your connected apps

When you connect an integration, REM requests read-only OAuth access to the specific data listed below. We request the minimum scope needed to do the job. We do not request permissions we don't use.

Google (Gmail + Calendar)

Scope: gmail.readonly · calendar.readonly

We read: Email subjects, senders, dates, and body text from your inbox (last 90 days by default). Calendar event titles, times, attendees, and descriptions.
We never: Send emails, reply to emails, create or modify calendar events, access Google Drive, or read emails in Spam/Trash.
Why we need it: To surface unanswered emails that relate to your goals, identify deadline patterns, and include your schedule context in your morning brief.

Notion

Scope: read_content

We read: Pages and databases you explicitly share with the REM integration during OAuth authorization.
We never: Read pages you haven't shared, create pages, edit content, or access your entire Notion workspace.
Why we need it: To connect your notes and project pages to your goals and find relevant cross-source patterns.

GitHub

Scope: repo:read · issues:read

We read: Commit messages, issue titles/descriptions, and PR summaries from repositories you authorize.
We never: Read source code files, push commits, create issues, or access private repositories you haven't authorized.
Why we need it: To track shipping momentum, surface stalled issues, and connect code work to your goals.

Slack

Scope: channels:history:read · im:history:read

We read: Messages in channels and DMs you authorize. Message text, sender, and timestamp only.
We never: Post messages, join channels without permission, read private channels you haven't authorized, or access file attachments.
Why we need it: To catch action items and deadlines buried in messages that relate to your goals.

Microsoft 365 (Outlook + Teams)

Scope: Mail.Read · Calendars.Read

We read: Email subjects, senders, and body. Calendar events. Teams message text in authorized channels.
We never: Send mail, create meetings, or access files in OneDrive/SharePoint.

Readwise

Scope: highlights:read

We read: Your saved highlights and notes — text, source title, and date.
We never: Modify your library, create highlights, or access your full articles.

Health & Fitness (Oura, Strava, Apple Health)

Scope: Read-only via each provider's health API

We read: Sleep score, HRV, activity summaries, and workout logs. Aggregated metrics only — no raw biometric streams.
We never: Write health data, access location data, or share health metrics with third parties.
Why we need it: To correlate sleep and energy patterns with productivity and goal progress in your brief.

Other integrations (Todoist, Linear, Spotify, Reddit, etc.)

We read: Tasks and completion status (Todoist, Linear), recently played tracks for context (Spotify), saved posts and upvotes (Reddit).
We never: Create or modify tasks, control playback, post or vote on content.

How integration tokens are stored

OAuth access tokens are stored encrypted in our database using AES-256 encryption. Refresh tokens are rotated on each use. Tokens are never logged, never included in error reports, and are only decrypted at the moment of a sync operation.

You can revoke any integration at any time from your Account Settings. When you disconnect an integration, the token is immediately deleted from our database and we make a best-effort call to the provider's revocation endpoint.

Write Mode

By default, REM is read-only across all connected apps. REM will never send a message, create a file, modify a calendar event, or take any action in a connected app without your explicit authorization.

If you enable Write Mode in Account Settings, REM may suggest automations that involve writing — for example, drafting an email reply or creating a task. Every write action requires your explicit confirmation before it executes. Write Mode can be disabled at any time and takes effect immediately.

The Dream Engine and your data

The Dream Engine is REM's synthesis system. When it runs, it reads your connected app data and your saved memories, sends them to a large language model for analysis, and returns structured output. This data is sent over an encrypted connection and is not retained by the model provider beyond the immediate request.

We use OpenAI and Anthropic under their API terms, which prohibit using API inputs for model training. Your data sent during Dream Engine runs is not used to train their models.

Data minimization

We fetch only what is needed for each sync cycle. For email, we fetch subjects, senders, and body previews — not full attachment data. For calendar, we fetch event metadata — not video call links or meeting notes unless you have a note-taking integration connected. We apply recency filters (typically 90 days) to avoid processing stale data.

Data storage and security

Your data is stored on Railway's infrastructure (US region). All data in transit uses TLS 1.2+. Database data is encrypted at rest. We implement rate limiting, API key authentication, and access controls. We conduct regular reviews of our security posture.

In the event of a data breach that affects your personal data, we will notify you by email within 72 hours of discovery.

Cookies and sessions

We use HTTP-only session cookies to keep you logged in. These cookies cannot be accessed by JavaScript. We do not use tracking cookies, advertising pixels, or analytics that follow you across other websites. Our only analytics are aggregate, cookieless page view counts.

Data retention

We retain your account data for as long as your account is active. Integration tokens are refreshed automatically and deleted when you disconnect. Dream Engine results are stored for 90 days by default and can be cleared from your account settings. To delete your account and all associated data, contact privacy@remlabs.ai or use the delete option in Account Settings.

Your rights (GDPR / CCPA)

Regardless of where you live, you have the right to:

Export — download all your data anytime via /v1/export/full
Delete — remove all your data instantly via Settings or email privacy@remlabs.ai
Portability — export in standard formats (JSON, CSV)
Access — request a full export of your data
Correction — correct inaccurate personal data
Objection — opt out of any processing you disagree with
Restriction — limit processing while a dispute is resolved

We respond to all GDPR/CCPA requests within 30 days. To exercise any of these rights, email privacy@remlabs.ai.

Children

REM Labs is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us immediately at privacy@remlabs.ai.

Usage-based billing

We track query counts for billing purposes only
No query content is used for billing — only the count
You can view your usage in real-time at /usage

Data collected and how long we keep it

Data type	Purpose	Retention
Account identifiers (email, OAuth id, API key hash)	Authentication, billing, contact	While account active; deleted within 30 days of account deletion
Memory content (what you store via the API)	Provide the memory service itself	Until you delete it (soft 30 days + hard wipe)
Usage metrics (request counts, tier billing)	Billing, capacity planning	Aggregated after 13 months
Audit logs (actor, timestamp, endpoint, IP)	Security, debugging, compliance	30 days (Pro/Team), 365 days (Enterprise)
Integration OAuth tokens	Connect Gmail, Notion, GitHub, etc.	Until you revoke; deleted immediately on disconnect
Dream Engine outputs (briefs, consolidations)	Deliver your continuity layer	90 days default, customer-configurable

GDPR Article 6 — lawful basis for each processing activity

Processing activity	Article 6 basis
Storing and serving memories you submit	6(1)(b) — contract performance
Account creation, billing, customer support	6(1)(b) — contract performance
Integration OAuth reads (Gmail / Notion / etc.)	6(1)(a) — explicit consent (per-integration)
Security monitoring, audit logs, abuse prevention	6(1)(f) — legitimate interest (security)
Statutory retention of billing records	6(1)(c) — legal obligation
Product marketing email (opt-in only)	6(1)(a) — consent (revocable)

Data Protection Officer (DPO) & EU Representative

For privacy inquiries, GDPR access / erasure / portability / correction requests, or any Data Subject Request (DSR), contact our DPO at privacy@remlabs.ai. We respond to DSRs within 30 days as required by GDPR. For formal legal notices use legal@remlabs.ai.

Cookies and tracking policy

We use only essential cookies required for authentication and session integrity (HTTP-only, same-site). We do not use advertising cookies, cross-site trackers, or third-party analytics pixels. Our usage metrics are cookieless, aggregated, and not linkable to individual users.

Changes to this policy

We may update this Privacy Policy from time to time. For significant changes, we will notify you by email and post a notice in the app at least 14 days before the change takes effect. Your continued use after that date constitutes acceptance of the updated policy.

Privacy questions

Have a question about how we handle your data? Want to export or delete your account? We're a small team and we respond personally — not with a ticket system.

privacy@remlabs.ai dev@remlabs.ai

We respond within 48 hours. For account deletion requests, include the email address on your account.