// Trust & Security Report
Everdent (trading as Remio)
remio: a local-first personal AI assistant / "second brain" that captures files, meetings, emails, and web pages into a personal knowledge base. Distributed as Windows/Mac desktop app, iOS/Android mobile app, and a browser extension, with a BYOK (bring-your-own-API-key) mode. No separate team or enterprise product tier was found.
Certifications held
2
Maturity
Startup
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on remio.ai“"For users in the EU, we comply with the General Data Protection Regulation."”
Verify on remio.ai“Privacy policy states compliance with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) for California users.”
> Show 6 unconfirmed / not-held certifications
source: remio.aiNo public evidence. No trust center exists (trust.remio.ai does not resolve); neither the Privacy Policy nor Terms & Conditions on remio.ai mention SOC 2.
source: remio.aiNo public evidence. Not referenced on remio.ai privacy policy, terms, about-us, or pricing pages.
source: remio.aiNo public evidence of HIPAA compliance or a Business Associate Agreement offering. remio is marketed as a consumer/prosumer knowledge tool, not a healthcare product.
source: remio.aiNo public evidence. Not applicable/not mentioned; payment processing appears to be handled by a third-party billing provider, not disclosed on vendor pages reviewed.
source: remio.aiNo public evidence. No AI-governance certification referenced anywhere on remio.ai.
source: remio.aiNo public evidence; not applicable, remio is a consumer/prosumer product with no government-cloud offering mentioned.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
Not explicitly specified. Product is marketed as "local-first": captured content (files, recordings, web pages) is stored on the user's device; cloud-side processing occurs only via LLM provider APIs (OpenAI, Google Gemini, xAI, Anthropic, OpenRouter) or the user's own BYOK key. No dedicated EU/US data-residency guarantee is published.
Privacy policy states "No personal data is used to train models" and "Your email content is never used for AI model training or other machine learning purposes." No tiered exception was found (no enterprise opt-in-to-training tier exists). Note: a third-party "Data Processing Addendum & Subprocessors" page found during research at getremy.ai/dpa belongs to a different product ("Remy"), not remio, and was excluded to avoid identity conflation.
// Security controls
Encryption at rest
Yes, stated: "All data at rest is encrypted and all data in transit is encrypted."
remio.aiLocal-first storage
Primary content (files, notes, recordings, saved pages) stored on-device rather than centrally in the vendor's cloud, per product marketing and privacy policy
remio.aiAuthentication
Google SSO / OAuth 2.0 used for integrations; "All Google API calls use OAuth 2.0 secure authentication"
remio.aiLog retention
Algorithm/operational usage logs cached and auto-deleted after a maximum of 30 days
remio.aiIndependent security score (not a formal certification)
Vendor and third-party listings reference a "TAC Security Verified" badge with an ESOF Cyber Score of 9.7/10.0; this is a commercial vulnerability-scoring badge, not an audited certification (no SOC 2/ISO equivalent), and could not be confirmed on a remio.ai-owned page during this review
tacsecurity.com// Products & data scope
data: Local files, meeting recordings/transcripts, saved web pages, notes; stored primarily on-device
Primary product; requires Windows 10+ (x64) or Apple Silicon Mac
data: Notes, voice recordings, saved pages captured on mobile, synced to the same knowledge base
Positioned as capture companion to the desktop app
data: Auto-saves browsed web pages into the user's knowledge base
No separate privacy terms found beyond the main privacy policy
data: AI requests routed through the user's own API key (OpenAI, Gemini, xAI, Anthropic, OpenRouter) rather than remio-managed keys
Marketed as "strict key-based privacy"; no evidence of a distinct enterprise/team tier with SSO, audit logs, or admin controls
// What to watch
- No trust center found; certifications assessed entirely from Privacy Policy and Terms & Conditions pages, not an audited compliance portal.
- GDPR/CCPA statements in the privacy policy are self-declared postures, not independently verified certifications.
- A 'TAC Security Verified / ESOF Cyber Score 9.7' badge is referenced in third-party listings but is a commercial vulnerability-scan score, not an audit-based certification like SOC 2 or ISO 27001; do not present it as equivalent.
- Legal entity name is not stated on the vendor's own privacy policy or terms pages; 'Everdent (trading as Remio)' is sourced from third-party company-research sites (Tracxn, aVenture), not a vendor-domain page - treat with medium confidence.
- During research, a similarly-named but unrelated product 'Remy' (getremy.ai) publishes its own DPA page; this was explicitly excluded to avoid identity conflation and should not be attributed to remio.
- No HIPAA, SOC 2, or ISO 27001 evidence exists; appropriate for a consumer/prosumer product but means remio is not suitable to list as enterprise/regulated-industry ready.
// At a glance
Pricing model
Freemium, credits-based subscription tiers (Free, Pro, Plus, Max) plus a BYOK add-on tier; no visible team/enterprise plan
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Everdent (trading as Remio)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
remio.ai