1. Who we are
Remi is operated by Phil Morton, based in the United Kingdom. Phil Morton is the data controller for the purposes of UK GDPR (ICO registration reference: ZC106118). Remi is a product that reads your children's school emails, uses AI to summarise them, and pulls out the dates, events and actions you need to know about.
If you have any questions about how we handle your data, you can email us at hello@remi.computer.
2. What we collect
We only collect data that we need to run the service. Here is what we collect and when.
3. How we use your data
We use your data for four purposes: to run the service, to maintain and improve it, to provide support, and to process payments.
- Running the service — fetching your school emails, processing them with AI, showing you summaries, tasks and events, generating calendar feeds, and building school context memories to improve extraction accuracy.
- Maintaining and improving the service — our team may access your data where necessary to investigate technical issues, fix bugs, maintain service reliability, and improve how our AI processes school emails. We also use anonymous analytics to understand which features are useful and where people get stuck. Internal access to your data is limited to what is needed for the specific task, on a need-to-know basis.
- Providing support — if you contact us with a problem, we may need to look at your account and email data to investigate and resolve your issue.
- Processing payments — managing your subscription through Stripe. We do not store your card details.
4. AI processing
We use OpenAI to process your school emails. Here is exactly what happens.
When we process an email, we send the email content, the email subject line, and your child's year group and class to OpenAI. We also send any text extracted from email attachments, including PDFs, documents and presentations. For image attachments, we send the image itself to OpenAI to extract any visible text. For other attachment types, text is extracted locally before being sent. We do not send your name, email address or any other personal identifiers.
OpenAI processes this data and returns summaries, tasks and events. Under OpenAI's API data usage policy, data sent through the API is not used to train their models. We do not opt into OpenAI's data storage features, so your email content is not saved to OpenAI's systems beyond what is needed to process your request and monitor for abuse.
Remi also uses AI to build school context memories. This is a separate process that runs periodically on your school emails to extract key facts about each child's school. These facts are injected into future extraction prompts to improve accuracy. The same data handling rules apply — this data is sent to OpenAI under the same API terms and is not used to train their models.
Important: AI is not perfect. Summaries, tasks and events are generated automatically and may contain errors. Always check the original email if something seems wrong or if a decision depends on getting the details right.
5. Automated decisions
Remi does not make decisions that have legal or similarly significant effects on you. Our AI extracts information from your school emails — you decide what to act on. No automated process in Remi will ever take action on your behalf without your input.
Remi's school context memory uses AI to decide which facts to keep, merge or remove when the memory reaches capacity. This is an automated process, but it does not have legal or significant effects on you. It only affects which school facts are remembered to help with future extractions. You can view, edit, add and delete school context memories at any time, and you always have full control over what is stored.
7. International transfers
Your data is primarily stored in the UK and EU. Our database is hosted in London (UK) and our analytics are hosted in Frankfurt (EU).
Some of our service providers are based in the United States, including OpenAI, Vercel, Resend and Stripe. Where data is transferred outside the UK and EU, we rely on safeguards such as Standard Contractual Clauses to protect your data.
8. How long we keep your data
We keep your data for as long as your account is active. Here are the specific retention periods.
| Data | How long we keep it |
|---|---|
| Raw forwarded email data | Automatically deleted 30 days after processing |
| Failed processing records | Automatically deleted after 90 days |
| Emails, summaries, tasks and events | While your account is active |
| User-created events | While your account is active |
| School context memories | Until replaced by AI, edited or deleted by you, or your account is deleted |
| Calendar subscription tokens | While the feature is enabled; revocable at any time |
| Account and profile data | While your account is active |
When you delete your account, we permanently delete all of your data. This includes your emails, summaries, tasks, events, user-created events, school context memories, calendar subscription data, children's details and account information. There is no grace period — deletion is immediate and irreversible.
9. Your rights
Under UK GDPR, you have the following rights over your data. To exercise any of these rights, email us at hello@remi.computer. We may need to verify your identity before responding to protect your data.
10. Children's data
Remi processes data about children, not from children. Children do not use the app — only parents do.
The only information we hold about your children is what you tell us during setup: their first name, class, school email domain, country and year group. We use this to filter emails from their school and make the AI output relevant to their year group.
School emails and their attachments may mention children by name or contain information about them. We process this content to extract tasks and events, but we do not build profiles of individual children.
School context memories may include names of school staff mentioned in emails (such as teachers or administrative staff). These are stored to help Remi understand your school's communications better. You can review and edit these memories at any time.
11. Cookies and tracking
Remi does not use cookies, localStorage or sessionStorage. We do not store anything on your device.
Our analytics provider, PostHog, is configured to use memory-only storage. All analytics data disappears when you close your browser tab. PostHog is hosted in Frankfurt (EU) and we do not track anonymous visitors across sessions.
When you are signed in, we identify you by your internal user ID (not your email address) so we can understand how people use the product. We rely on legitimate interest under GDPR Article 6(1)(f) as our legal basis for this analytics processing. Because we do not store anything on your device, no cookie consent banner is required.
12. Security
We take the security of your data seriously. Here is what we do to protect it:
- All data is encrypted in transit (HTTPS) and at rest.
- Our database uses row-level security policies to ensure you can only access your own data.
- We do not store your card details. Stripe handles all payment processing directly.
- Calendar subscription URLs use unique, secret tokens. If you believe a URL has been compromised, you can revoke it and generate a new one at any time.
- Internal access to your data by our team is limited to specific purposes: investigating technical issues, resolving support requests, and maintaining service reliability. Access is on a need-to-know basis and limited to what is necessary for the task.
In the event of a data breach that poses a risk to your rights, we will notify the ICO within 72 hours and inform you without undue delay, as required by UK GDPR.
13. Changes to this policy
We may update this policy from time to time. How we tell you depends on the type of change.
Material changes include collecting new types of data, using your data for new purposes, adding new service providers, or reducing how long we keep your data. We will email you at least 30 days before these changes take effect.
Non-material changes include fixing typos, clarifying wording, or changing a service provider within the same category. We will update the policy without notice for these changes.
If you do not agree with a material change, you can delete your account before the change takes effect. Previous versions are available at the bottom of this page.
14. Contact us
If you have any questions about this privacy policy or how we handle your data, please email us at hello@remi.computer.