Remi

Last updated: February 2026

Privacy Policy

Remi AI Ltd

Stored in Europe

All infrastructure hosted on Hetzner in Germany.

No model training

Your data never enters a training pipeline.

Your rights protected

Access, correct, delete, or export your data.

Essential cookies only

No tracking, analytics, or advertising cookies.

1. Who We Are

Remi AI Ltd is the data controller for personal data processed through the Remi platform. We are registered in England and Wales. Contact: privacy@remiai.co.uk

2. What Data We Collect

Account Data

Email address (for authentication via magic link login), name (if provided), account and workspace membership.

Usage Data

Chat messages and AI responses, uploaded documents and their extracted text, facts and knowledge items, integration connection status, credit usage and cost records, login times, session data, IP addresses, browser and device information.

Technical Data

Vector embeddings of your documents (mathematical representations, not human-readable). Event logs recording all actions for audit trail purposes.

3. How We Use Your Data

PurposeLegal Basis
Provide the platform and AI servicesPerformance of contract (Art. 6(1)(b))
Process your documents for AI retrievalPerformance of contract (Art. 6(1)(b))
Route prompts to AI providersPerformance of contract (Art. 6(1)(b))
Maintain audit trails and event logsLegitimate interest (Art. 6(1)(f))
Send service notificationsLegitimate interest (Art. 6(1)(f))
Billing and credit trackingPerformance of contract (Art. 6(1)(b))
Prevent fraud and abuseLegitimate interest (Art. 6(1)(f))

We do not use your data to train AI models.

We do not sell your data.

We do not profile you for advertising.

4. How AI Processing Works

When you send a message, your prompt and relevant document context is sent to an AI provider to generate a response.

  1. Your message is received by Remi's API
  2. Pathfinder analyses your message and plans what tools to use
  3. If relevant, documents are searched via vector similarity and matching excerpts are included as context
  4. The prompt and context is sent to an AI provider
  5. The provider generates a response and returns it
  6. The response is streamed back to you

EU-based providers (data stays in the EU):

ProviderData LocationPurpose
MistralEUResponse generation
Remi-hosted modelsEUResponse generation

US-based providers (data processed in the US):

ProviderData LocationPurpose
OpenRouterUS/EU (varies)Routes to third-party providers
Anthropic (Claude)USResponse generation
OpenAI (GPT)USResponse generation
Google (Gemini)USResponse generation and embeddings

You control which providers your workspace uses. Remi's default automatic routing prioritises EU providers. If you manually select a US-based model, your prompt data will be processed in the US. US-based providers do not retain your data for model training under their API terms.

5. Where Your Data is Stored

All Remi-managed infrastructure is hosted in the EU.

Data TypeProviderRegion
Account data, messages, events, usageNeon PostgreSQLEU only
Document filesHetzner S3-compatible storageEU only
Document vector embeddingsChromaDB (self-hosted on Hetzner)EU only
Real-time session tokensAblyEU/UK

The only circumstance in which your data leaves the EU is when prompts are sent to a US-based AI provider for response generation, and this only happens if your workspace is configured to use one. These transfers are covered by Standard Contractual Clauses (SCCs).

6. Who We Share Data With

We share data only with service providers necessary to run Remi:

  • AI providers (Mistral, Remi-hosted, and optionally OpenRouter/Anthropic/OpenAI/Google) for response generation
  • Neon for database hosting
  • Hetzner for server and object storage
  • Ably for real-time messaging
  • Brave Search for web results (only the search query, not your identity)
  • Resend for email delivery (login emails)

We do not share your data with advertisers, data brokers, or any other third parties.

7. Data Retention

  • Account data: retained while active, deleted within 30 days of closure.
  • Chat messages and AI responses: retained while active, deleted within 30 days of closure.
  • Documents and embeddings: retained while active, deleted within 30 days of closure or when you delete the document.
  • Event logs: retained for 12 months after closure for audit, then deleted.
  • Billing records: retained for 6 years as required by UK tax law (HMRC).

8. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data (subject to legal retention requirements)
  • Port your data in a machine-readable format
  • Restrict how we process your data
  • Object to processing based on legitimate interest
  • Withdraw consent where processing is based on consent

Email privacy@remiai.co.uk. We respond within 30 days.

9. Security

  • All data in transit is encrypted (TLS/HTTPS)
  • Credentials and API keys are encrypted at rest using AES via our keyring system
  • Access is authenticated via JWT tokens with session management
  • All actions are logged in our event store
  • Database access is restricted and monitored

10. Cookies

Remi uses only essential cookies for authentication and session management. No tracking, analytics, or advertising cookies.

11. Children

Remi is a business platform. Not intended for anyone under 18.

12. Changes

We notify you of material changes via email at least 30 days before they take effect.

13. Complaints

Contact us at privacy@remiai.co.uk. You can also lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or 0303 123 1113.

14. Contact

Remi AI Ltd — Email: privacy@remiai.co.uk