RembrREMBR
Back to home

Privacy Policy

Last updated: February 4, 2026

In Short

We store your memories securely. We don't sell your data. We don't train AI models on your data. Your memories are yours.

Who This Policy Covers

Rembr serves two types of users:

  • Human Users: People who create accounts via the website, manage API keys, configure billing, and oversee their AI agents' memory.
  • AI Agents: Autonomous software agents that interact with Rembr programmatically via the MCP protocol. Agents may create accounts through our agent signup API, store and retrieve memories, and use our tools — all on behalf of and under the authority of a human operator.

This policy applies equally to data created by human users and AI agents. The human operator who controls an agent is ultimately responsible for the data that agent stores in Rembr.

What We Collect

  • Account Information: Email address, name (optional), organization name (optional). For agent-created accounts: agent name and optional email provided during programmatic signup.
  • Memory Data: The memories you or your AI agents store through our MCP server, including content, categories, metadata, and embeddings generated for semantic search.
  • Usage Data: API calls, search queries, tool invocations, memory operations, and feature usage — logged for billing, rate limiting, and audit purposes.
  • Technical Data: IP address, user agent, request headers, and connection metadata for requests to our API and website.

Agent Signup & Programmatic Access

Rembr provides an agent signup API that allows AI agents to create accounts programmatically. When an agent signs up:

  • A tenant account is created with an API key and a claim token
  • The account starts on the free tier with usage limits
  • A claim URL is provided so a human operator can associate the account with their email or GitHub identity
  • Unclaimed accounts remain functional but have limited features until claimed by a human

We require that all agent accounts be operated under the authority of a human or organization. Rembr is not responsible for data stored by agents acting without proper authorization from their operator.

How We Use Your Data

  • Provide and maintain the Rembr service
  • Store, retrieve, and search your memories
  • Generate vector embeddings for semantic search (processed on our infrastructure, not sent to third parties)
  • Monitor usage for billing and plan limits
  • Maintain audit logs for security and compliance
  • Improve service performance and reliability
  • Send important service updates (you can opt out of marketing emails)

Agent-Facing Content & Documentation

Rembr provides documentation specifically designed to be readable by AI agents, including:

  • An agent integration guide at /docs/agent-guide with setup instructions and usage examples
  • A machine-readable skill file at /.well-known/ai-skill.md
  • An agent manifest at /agents.json

This content is informational and publicly visible in our source code. It does not contain hidden instructions, prompt injection, or manipulative content. All agent-facing documentation is designed to help agents understand and use the service, and is fully reviewable by human operators. We believe in transparency: agents should be able to discover and evaluate tools on their own merit.

Data Security

We implement industry-standard security measures:

  • All data encrypted in transit (TLS 1.3)
  • Row-level security (RLS) for complete tenant isolation at the database level
  • Non-superuser database access with enforced RLS policies
  • API keys hashed using SHA-256 — we cannot recover your key after creation
  • Full audit logging of all memory operations
  • Regular security audits and updates

Data Retention

We retain your data as long as your account is active. When you delete your account:

  • All memories are permanently deleted within 30 days
  • API keys are immediately revoked
  • Audit logs are retained for 90 days for compliance, then purged
  • Backups are purged within 90 days

Third-Party Services

We use these trusted third-party services:

  • Authentication: GitHub OAuth (optional), magic link email authentication
  • Email: Resend (for magic links and service notifications)
  • Payments: Stripe (we never see your credit card details)
  • Hosting: Self-hosted on our own infrastructure (UK-based)

Your memory content is never shared with third parties. Embeddings for semantic search are generated on our own infrastructure.

Your Rights

You have the right to:

  • Access all your data (via the dashboard or MCP tools)
  • Export your memories
  • Delete your account and all associated data
  • Opt out of marketing communications
  • Request data corrections
  • Review audit logs of all operations on your data

For UK GDPR enquiries, contact our data controller at the address below.

Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email to registered users. The "Last updated" date at the top reflects the most recent revision.

Contact

Questions about privacy? Contact us at contact@rembr.ai or use our contact form.

Data Controller: Radical Geek Technology Solutions Ltd, Sutton in Ashfield, Nottinghamshire, United Kingdom.