Remi
Trust & Security
Remi handles sensitive data — your inbox. Here's exactly how we protect it.
What we store (and what we don't)
We store
- ✓Retailer name
- ✓Order number
- ✓Delivery date
- ✓Return deadline
- ✓Encrypted OAuth tokens
- ✓Notification preferences
We never store
- ✗Email body content
- ✗Email attachments
- ✗Contacts or address books
- ✗Calendar events
- ✗Drafts or sent messages
- ✗Passwords or payment card numbers
Encryption & access controls
AES-256-GCM encryption at rest
OAuth refresh tokens are encrypted with AES-256-GCM before storage. Even if the database were compromised, tokens are unreadable without the encryption key.
TLS 1.2+ encryption in transit
All data between your browser, our servers, and third-party APIs travels over TLS. No plaintext connections.
Row-level security (RLS)
Every database query is scoped to your user ID at the Postgres level. There is no API endpoint or query path that can access another user’s data.
Content Security Policy
Strict CSP headers prevent cross-site scripting and injection attacks. Scripts are nonce-gated.
Audit logging
Security-relevant actions (logins, data exports, cron runs, admin actions) are logged with metadata for accountability.
OAuth permissions
Remi requests the minimum permissions needed. Both Gmail and Outlook connections are read-only.
Google (Gmail)
gmail.readonly
Read-only access to email messages. Cannot send, delete, or modify anything in your inbox.
Microsoft (Outlook)
Mail.Read
Read-only access to email messages. Cannot send, delete, or modify anything in your inbox.
How emails are processed
Email content passes through a four-step pipeline and is never persisted.
- 1
Pre-filter (95% rejected)
Subject line and sender are checked against delivery keywords. Grocery and food delivery emails are excluded automatically. The email body is never opened at this stage.
- 2
AI classification
Only emails that pass the filter get a truncated 3,000-character snippet sent to AI. The model returns structured data: retailer, order number, dates, and a confidence score.
- 3
Store metadata, discard email
Only the AI output is saved. The email content is permanently discarded and never written to our database.
- 4
Encrypt at rest
Stored metadata and OAuth tokens are AES-256-GCM encrypted. Row-level security prevents cross-user access.
Compliance
GDPR
Lawful basis for processing (consent + contract). Data subject rights honored: access, rectification, erasure, portability. Breach notification within 72 hours.
CCPA
California consumers can request disclosure and deletion of personal information. We do not sell personal data.
Data retention
Data is retained while your account is active. Full deletion within 30 days of account deletion, including all orders, tokens, and preferences.
Sub-processors
All data processing happens in the US via vetted sub-processors. Full list in our Data Processing Agreement.
Sub-processors
| Provider | Purpose | Location |
|---|---|---|
| Neon | PostgreSQL database | US |
| OpenRouter | AI email classification | US |
| Vercel | Application hosting | US |
| Cloudflare | CDN and DNS | Global |
| Resend | Email notifications | US |
| Telnyx | SMS notifications | US |
| Stripe | Payment processing | US |
| Gmail OAuth & push | US | |
| Microsoft | Outlook OAuth & Graph API | Global |
Responsible disclosure
We appreciate security researchers who report vulnerabilities responsibly.
- ✓Report to [email protected]
- ✓We acknowledge receipt within 48 hours
- ✓We aim to resolve confirmed vulnerabilities within 90 days
- ✓We will not take legal action against good-faith researchers