recall

Privacy Policy

Last updated: January 10, 2026

Overview

Recall ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our service at recall.team.

The short version: Your code never touches our servers. Session context is processed and immediately deleted. We store only metadata needed to run the service.

What We Collect

Account Information

  • GitHub username and ID (via OAuth)
  • Email address (from GitHub)
  • Profile avatar URL
  • Team name and company information you provide

Usage Metadata

  • Session timestamps (when sessions start/end)
  • Token counts (how much context was used)
  • Repository names you enable
  • Team membership information

What We Do NOT Collect

  • Your source code
  • Session transcripts or content
  • AI conversation history
  • Context or memory file contents

How Your Data Flows

Team Plan

When you save a session, the content is sent to our API, processed by our LLM to extract key decisions and learnings, then immediately written to your GitHub repository. After the GitHub commit succeeds, session content is deleted from our systems. We retain only the metadata (timestamp, token count, success/failure).

Enterprise Plan (BYOK)

With Bring Your Own Key, session content goes directly from your AI tool to YOUR LLM API. We never see the content. We only route the encrypted API key and write the results to your GitHub.

Data Storage

  • Our Database (Cloudflare D1): Account info, team data, membership, session metadata, encrypted LLM keys (Enterprise only)
  • Your GitHub Repository: All context files, history, and session records live in your .recall/ directory
  • Stripe: Payment information (we never see your full card number)

Third-Party Services

We use the following third-party services:

  • GitHub: Authentication and repository access
  • Stripe: Payment processing
  • Cloudflare: Infrastructure (Workers, D1, Pages)
  • Anthropic/OpenAI: LLM processing for Team plan (session content only, immediately deleted after processing)

Your Rights

You can:

  • Delete your account at any time (Settings → Delete Account)
  • Export your data (it's already in your GitHub repo)
  • Disconnect repositories from Recall
  • Delete the .recall/ directory from your repos

Security

We use industry-standard security measures including encrypted connections (HTTPS), encrypted API key storage (AES-256-GCM), and minimal data retention. Our infrastructure runs on Cloudflare's edge network with DDoS protection and WAF.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy, please contact us at [email protected]