Privacy Policy

Remote ("we," "our," or "us") operates the Remote mobile application and related services (collectively, the "Service"). Remote is available at getremote.app.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Remote is designed with privacy as a core principle. We use end-to-end encryption and a zero-knowledge architecture to ensure your code and AI interactions remain private.

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

Remote is built on a zero-knowledge architecture. Understanding this is key to understanding our privacy practices:

• End-to-end encryption. All communication between your phone and your laptop is encrypted using NaCl/libsodium. Encryption keys are generated on your devices and never leave them.
• Zero-knowledge relay. Our relay server forwards only opaque, encrypted blobs between your devices. We cannot read, decrypt, or analyze the content of your coding sessions.
• Local AI execution. All AI agent execution (Claude Code, Codex, Gemini CLI) happens entirely on your own laptop. Your code, prompts, and AI responses never pass through our servers in readable form.
• No code storage. We do not store your source code, AI prompts, AI responses, or any content from your coding sessions on our servers.

Information You Provide

• Account information. When you create an account, we collect your email address and basic profile information necessary to operate the Service.
• Payment information. Payment processing is handled by RevenueCat, which uses Stripe, Apple, and Google as payment processors. We do not directly store your credit card numbers or payment credentials. Please refer to RevenueCat's Privacy Policy for details on how they handle payment data.

Information Collected Automatically

• Device identifiers. We collect device identifiers to deliver push notifications (e.g., when a task completes or requires your approval) and to manage your registered machines.
• Machine registrations. We store metadata about machines you register with the Service (e.g., machine name, connection status) to facilitate device-to-device communication.
• Encrypted session metadata. We store minimal encrypted metadata about sessions to enable the relay functionality. This metadata is opaque to us and cannot be read by our servers.
• Analytics and crash reports. We collect basic usage metrics and crash reports to improve the reliability and performance of the Service. This includes information such as app version, device type, operating system, and general usage patterns. This data does not include any content from your coding sessions.

We use the information we collect to:

• Provide, operate, and maintain the Service
• Facilitate encrypted communication between your phone and laptop
• Send push notifications about session status and events
• Process subscriptions and manage your account
• Diagnose technical issues, fix bugs, and improve the Service
• Communicate with you about updates, security alerts, and support
• Comply with legal obligations

To be explicit, the following data is never collected, stored, or accessible by our servers:

• Your source code or project files
• Your AI prompts or instructions
• AI-generated responses or code suggestions
• File contents from your repositories
• Your API keys for AI services
• The decrypted content of any communication between your devices

Data stored on our servers is limited to what is necessary to operate the Service:

• Your user account and profile information
• Machine registrations and device metadata
• Encrypted session metadata (opaque to us)
• Subscription and billing status

We implement commercially reasonable security measures to protect your information. The core security of your coding sessions is provided by NaCl/libsodium end-to-end encryption, which ensures that even in the unlikely event of a server breach, your session content would remain encrypted and unreadable.

We use the following third-party services in the operation of Remote:

• RevenueCat - subscription management and payment processing (which uses Stripe, Apple Pay, and Google Pay)
• Apple Push Notification Service / Firebase Cloud Messaging - delivering push notifications to your device
• Analytics providers - basic crash reporting and anonymized usage metrics

These third-party services have their own privacy policies governing their use of your information. None of these services have access to decrypted session content.

We do not sell, rent, or trade your personal information. We may share information only in the following circumstances:

• Service providers. With third-party vendors who assist in operating the Service, subject to confidentiality obligations.
• Legal requirements. If required by law, regulation, legal process, or governmental request. Note that due to our end-to-end encryption, even in response to lawful requests, we cannot provide decrypted session content because we do not possess the decryption keys.
• Safety and rights. To protect the rights, property, or safety of Remote, our users, or the public.
• Business transfers. In connection with a merger, acquisition, or sale of assets, in which case you would be notified of any change in ownership or control of your information.

You have the following rights regarding your data:

• Access and portability. You may request a copy of the personal data we hold about you.
• Correction. You may update or correct your account information at any time.
• Deletion. You may delete your account and all associated data at any time. Upon account deletion, we will remove your account information, machine registrations, and all associated metadata from our servers.
• Push notifications. You may opt out of push notifications through your device settings at any time.

To exercise any of these rights, contact us at privacy@getremote.app.

We retain your account information for as long as your account is active or as needed to provide the Service. Encrypted session metadata is retained only for the duration needed to facilitate active sessions and is purged thereafter.

If you delete your account, we will delete all your personal information from our servers within 30 days, except where retention is required by law (e.g., billing records).

The Service is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using the Service, you consent to the transfer of your information to such countries. We take appropriate measures to ensure your information remains protected in accordance with this Privacy Policy.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may also send you a notification through the app or via email.

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the revised policy.

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us: