Security
How Remly protects your work
Remly is built so your files stay yours. Here’s how we protect them, what we access, and what we never do.
Principles
Encryption everywhere
Encrypted in transit over TLS. Everything stored in our cloud is encrypted at rest, and sensitive tokens get an extra layer of application-level encryption. The index on your Mac is protected by your Mac’s own disk security (FileVault); we don’t yet add a separate encryption layer on top of it there.
Permission-aware search
Results are filtered to what you can already access. Remly never surfaces something you couldn’t see in the source.
AI training is opt-in
We don’t train AI models on your data unless you turn it on. It’s off to start.
You control your local files
Files on your device stay there. Only the index syncs, and only if you choose.
Read-only connectors
Remly reads the sources you connect to index them. It never writes, sends, or changes anything.
Restricted internal access
Production access is limited to incident debugging and is logged. We don’t browse your files.
What we don’t do
- We don’t sell your data.
- We don’t train AI on your data without your opt-in.
- We don’t browse your files or conversations.
- We don’t run ads or behavioral tracking.
The details
- Storage
- Cloud-indexed content (Google Drive, Gmail, Slack, Notion) is stored encrypted in our database. Files on your device stay on your device.
- Retention
- If you cancel, your indexed data is kept for 30 days, then permanently deleted.
- Deletion & export
- We support GDPR-style account deletion now, with data export coming soon.
- Certifications
- We don’t yet hold SOC 2 or ISO 27001 – SOC 2 is on our roadmap.
- Health data
- Remly is not HIPAA compliant and shouldn’t be used for protected health information.
Want the full detail?
Read the complete security and privacy documentation, or reach us directly.