Remly
Book a call

Security

How Remly protects your work

Remly is built so your files stay yours. Here’s how we protect them, what we access, and what we never do.

Principles

Encryption everywhere

Encrypted in transit over TLS. Everything stored in our cloud is encrypted at rest, and sensitive tokens get an extra layer of application-level encryption. The index on your Mac is protected by your Mac’s own disk security (FileVault); we don’t yet add a separate encryption layer on top of it there.

Permission-aware search

Results are filtered to what you can already access. Remly never surfaces something you couldn’t see in the source.

AI training is opt-in

We don’t train AI models on your data unless you turn it on. It’s off to start.

You control your local files

Files on your device stay there. Only the index syncs, and only if you choose.

Read-only connectors

Remly reads the sources you connect to index them. It never writes, sends, or changes anything.

Restricted internal access

Production access is limited to incident debugging and is logged. We don’t browse your files.

What we don’t do

  • We don’t sell your data.
  • We don’t train AI on your data without your opt-in.
  • We don’t browse your files or conversations.
  • We don’t run ads or behavioral tracking.

The details

Storage
Cloud-indexed content (Google Drive, Gmail, Slack, Notion) is stored encrypted in our database. Files on your device stay on your device.
Retention
If you cancel, your indexed data is kept for 30 days, then permanently deleted.
Deletion & export
We support GDPR-style account deletion now, with data export coming soon.
Certifications
We don’t yet hold SOC 2 or ISO 27001 – SOC 2 is on our roadmap.
Health data
Remly is not HIPAA compliant and shouldn’t be used for protected health information.

Want the full detail?

Read the complete security and privacy documentation, or reach us directly.