Privacy Policy

Last updated: February 2026

1. Introduction

Rekall ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI coding assistant software and services (collectively, the "Service").

Please read this Privacy Policy carefully. By using the Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us:

  • Account Information: Email address, name (when you subscribe)
  • Payment Information: Billing details processed securely via Paddle (we do not store credit card numbers)
  • Communications: Messages you send to our support team

2.2 Information Collected Automatically

When you use our Service, we may automatically collect:

  • Usage Data: Features used, session duration, error logs
  • Device Information: Operating system, application version
  • License Information: License key validation status

2.3 Information NOT Collected

Important: Rekall operates primarily using local AI models (Ollama). Your code, prompts, and generated content are processed locally on your device and are NOT sent to our servers. We cannot access or view your code or conversations with the AI.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process payments and manage subscriptions
  • Send license keys and account-related communications
  • Respond to support requests
  • Detect, prevent, and address technical issues
  • Enforce our Terms of Service
  • Comply with legal obligations

4. Data Storage and Security

4.1 Local Processing

Most data processing in Rekall happens locally on your device. Your code, project files, and AI conversations remain on your computer and are not transmitted to our servers.

4.2 Cloud Data

Limited data (email, license key, subscription status) is stored securely using:

  • Cloudflare KV for transaction storage
  • Paddle for payment processing (PCI DSS compliant)
  • SendGrid for email delivery

4.3 Security Measures

We implement appropriate technical measures to protect your data:

  • Encryption in transit (TLS/SSL)
  • Secure API key storage
  • Regular security reviews

5. Data Sharing

We do not sell your personal information. We may share data with:

5.1 Service Providers

  • Paddle: Payment processing (they act as our Merchant of Record)
  • SendGrid: Email delivery for license keys
  • Cloudflare: Website hosting and security

5.2 Legal Requirements

We may disclose information if required by law or in response to valid legal requests.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6. Your Rights

Depending on your location, you may have the following rights:

6.1 General Rights

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Object to processing
  • Data portability

6.2 For EU/EEA Residents (GDPR)

If you are in the European Union, you have additional rights under GDPR. Paddle acts as the Merchant of Record for EU customers and handles VAT compliance.

6.3 For South African Residents (POPIA)

We comply with the Protection of Personal Information Act (POPIA). You have the right to request access to and correction of your personal information.

7. Data Retention

We retain personal information only for as long as necessary:

  • Account Data: Retained while subscription is active + 2 years for tax compliance
  • Transaction Data: 2 years (legal requirement for financial records)
  • Support Communications: 1 year after resolution

8. Cookies

Our website uses essential cookies for:

  • Remembering your preferences
  • Analytics (anonymized)
  • Security

The desktop application does not use cookies.

9. Children's Privacy

Our Service is not intended for children under 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

  • Paddle provides GDPR-compliant processing
  • Cloudflare provides adequate security measures
  • Appropriate contractual clauses where required

11. Third-Party Services

Rekall can integrate with third-party services (like Ollama). Your use of these services is subject to their respective privacy policies:

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new policy on this page
  • Updating the "Last updated" date
  • Sending email notification for significant changes

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Terms of Service Refund Policy