// Trust & Security Report

    Everdent (trading as Remio) logo

    Everdent (trading as Remio)

    remio: a local-first personal AI assistant / "second brain" that captures files, meetings, emails, and web pages into a personal knowledge base. Distributed as Windows/Mac desktop app, iOS/Android mobile app, and a browser extension, with a BYOK (bring-your-own-API-key) mode. No separate team or enterprise product tier was found.

    Certifications held

    2

    Maturity

    Startup

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR (posture)
    HELD

    "For users in the EU, we comply with the General Data Protection Regulation."

    Verify on remio.ai
    CCPA/CPRA (posture)
    HELD

    Privacy policy states compliance with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) for California users.

    Verify on remio.ai
    > Show 6 unconfirmed / not-held certifications
    SOC 2 (Type 1/2)
    NOT CONFIRMED

    No public evidence. No trust center exists (trust.remio.ai does not resolve); neither the Privacy Policy nor Terms & Conditions on remio.ai mention SOC 2.

    source: remio.ai
    ISO 27001
    NOT CONFIRMED

    No public evidence. Not referenced on remio.ai privacy policy, terms, about-us, or pricing pages.

    source: remio.ai
    HIPAA
    NOT CONFIRMED

    No public evidence of HIPAA compliance or a Business Associate Agreement offering. remio is marketed as a consumer/prosumer knowledge tool, not a healthcare product.

    source: remio.ai
    PCI DSS
    NOT CONFIRMED

    No public evidence. Not applicable/not mentioned; payment processing appears to be handled by a third-party billing provider, not disclosed on vendor pages reviewed.

    source: remio.ai
    ISO/IEC 42001 (AI management) / CSA STAR for AI
    NOT CONFIRMED

    No public evidence. No AI-governance certification referenced anywhere on remio.ai.

    source: remio.ai
    FedRAMP
    NOT CONFIRMED

    No public evidence; not applicable, remio is a consumer/prosumer product with no government-cloud offering mentioned.

    source: remio.ai

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not offered

    Data region

    Not explicitly specified. Product is marketed as "local-first": captured content (files, recordings, web pages) is stored on the user's device; cloud-side processing occurs only via LLM provider APIs (OpenAI, Google Gemini, xAI, Anthropic, OpenRouter) or the user's own BYOK key. No dedicated EU/US data-residency guarantee is published.

    Privacy policy states "No personal data is used to train models" and "Your email content is never used for AI model training or other machine learning purposes." No tiered exception was found (no enterprise opt-in-to-training tier exists). Note: a third-party "Data Processing Addendum & Subprocessors" page found during research at getremy.ai/dpa belongs to a different product ("Remy"), not remio, and was excluded to avoid identity conflation.

    // Security controls

    Encryption in transit

    Yes, stated on vendor's Terms & Conditions and Privacy Policy

    remio.ai

    Encryption at rest

    Yes, stated: "All data at rest is encrypted and all data in transit is encrypted."

    remio.ai

    Local-first storage

    Primary content (files, notes, recordings, saved pages) stored on-device rather than centrally in the vendor's cloud, per product marketing and privacy policy

    remio.ai

    Authentication

    Google SSO / OAuth 2.0 used for integrations; "All Google API calls use OAuth 2.0 secure authentication"

    remio.ai

    Log retention

    Algorithm/operational usage logs cached and auto-deleted after a maximum of 30 days

    remio.ai

    Independent security score (not a formal certification)

    Vendor and third-party listings reference a "TAC Security Verified" badge with an ESOF Cyber Score of 9.7/10.0; this is a commercial vulnerability-scoring badge, not an audited certification (no SOC 2/ISO equivalent), and could not be confirmed on a remio.ai-owned page during this review

    tacsecurity.com

    // Products & data scope

    remio Desktop (Windows/Mac)Personal AI knowledge assistant

    data: Local files, meeting recordings/transcripts, saved web pages, notes; stored primarily on-device

    Primary product; requires Windows 10+ (x64) or Apple Silicon Mac

    remio Mobile (iOS/Android)Companion app

    data: Notes, voice recordings, saved pages captured on mobile, synced to the same knowledge base

    Positioned as capture companion to the desktop app

    remio Browser ExtensionBrowser copilot / web capture

    data: Auto-saves browsed web pages into the user's knowledge base

    No separate privacy terms found beyond the main privacy policy

    BYOK (Bring Your Own Key) modeAdd-on / privacy tier

    data: AI requests routed through the user's own API key (OpenAI, Gemini, xAI, Anthropic, OpenRouter) rather than remio-managed keys

    Marketed as "strict key-based privacy"; no evidence of a distinct enterprise/team tier with SSO, audit logs, or admin controls

    // What to watch

    • No trust center found; certifications assessed entirely from Privacy Policy and Terms & Conditions pages, not an audited compliance portal.
    • GDPR/CCPA statements in the privacy policy are self-declared postures, not independently verified certifications.
    • A 'TAC Security Verified / ESOF Cyber Score 9.7' badge is referenced in third-party listings but is a commercial vulnerability-scan score, not an audit-based certification like SOC 2 or ISO 27001; do not present it as equivalent.
    • Legal entity name is not stated on the vendor's own privacy policy or terms pages; 'Everdent (trading as Remio)' is sourced from third-party company-research sites (Tracxn, aVenture), not a vendor-domain page - treat with medium confidence.
    • During research, a similarly-named but unrelated product 'Remy' (getremy.ai) publishes its own DPA page; this was explicitly excluded to avoid identity conflation and should not be attributed to remio.
    • No HIPAA, SOC 2, or ISO 27001 evidence exists; appropriate for a consumer/prosumer product but means remio is not suitable to list as enterprise/regulated-industry ready.

    // At a glance

    Pricing model

    Freemium, credits-based subscription tiers (Free, Pro, Plus, Max) plus a BYOK add-on tier; no visible team/enterprise plan

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Everdent (trading as Remio)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    remio.ai

    > Browse all vendor trust reports