Legal

Privacy Policy

Last updated: May 3, 2026

Introduction

This Privacy Policy explains how GIPO SOFTWARE SOLUTIONS INC. ("Remy", "we", "us", or "our") collects, uses, stores, and shares information about you when you visit our website at useremy.app (the "Site") or use Remy, our personal CRM application (collectively, the "Service").

Remy is designed for individual use. Your data — contacts, notes, tags, and the relationships you record — belongs to you alone and is never shared with teammates, organizations, or other Remy users. We treat your information with the level of care that this personal context demands.

By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

Information We Collect

We collect information in three ways: information you provide directly, information generated automatically when you use the Service, and information we receive from third-party integrations you choose to connect.

Information You Provide

  • Account information: your name, email address, password (stored as a salted hash), and optional two-factor authentication settings.
  • Profile information: any details you add to your profile, such as a display name or avatar.
  • Contact data: information you add or import about the people in your address book, including names, email addresses, phone numbers, postal addresses, organizations, job titles, birthdays, and any custom fields or tags you create.
  • Notes: free-text notes you write about your contacts, including conversation summaries, preferences, meeting context, and "introduced by" relationships.
  • Billing information: if you subscribe to a paid plan or purchase AI credits, we collect billing details through our payment processor. We do not store full payment card numbers on our servers.
  • Communications: the content of any messages you send to our support team.

Information Collected Automatically

  • Usage data: pages and features accessed, actions performed, timestamps, and other interaction data needed to operate and improve the Service.
  • Device and connection data: IP address, browser type and version, operating system, device identifiers, and language preferences.
  • Log data: server logs of requests, error reports, and security events.
  • Audit logs: records of sensitive actions performed in your account (such as sign-ins, API key creation, data exports, and bulk operations) which are kept for security and accountability.

Information from Integrations

If you connect a third-party service to Remy, we receive information from that service in accordance with the permissions you grant. Currently this includes:

  • Google Sign-In: your name, email address, and profile picture, used to authenticate you.
  • Google Contacts: when you enable Google Contacts sync, we read and (if you enable two-way sync) write contacts and contact groups in your Google account on your behalf. We only access the data necessary to perform the sync you have configured.

How We Use Information

We use the information we collect to:

  • Provide, operate, and maintain the Service and the features you request.
  • Authenticate you, secure your account, and prevent fraud and abuse.
  • Sync your contacts with the third-party services you have connected.
  • Process payments and manage subscriptions and AI credit balances.
  • Respond to support requests, send transactional emails (account, security, billing, and integration notifications), and provide service announcements.
  • Generate responses through the AI Assistant when you ask it questions about your contacts and notes. Relevant excerpts from your data may be sent to our AI provider to produce these responses (see "Third-Party Services and Integrations" below).
  • Monitor performance, debug issues, analyze usage trends in aggregate, and improve the Service.
  • Comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information. We do not use the contents of your contacts, notes, or AI Assistant conversations to train machine-learning models, and we do not share them with advertisers.

Sharing and Disclosure

We share information only in the limited circumstances described below.

  • Service providers and sub-processors: we share information with third-party vendors who process data on our behalf to operate the Service (for example, hosting, database, email delivery, payment processing, and AI inference). These providers are contractually bound to use the information only to provide their services to us and to protect it appropriately. See "Third-Party Services and Integrations" for the current list.
  • At your direction: when you connect an integration (such as Google Contacts) or generate an API key, you instruct us to share data with the third party or client you have authorized.
  • Legal and safety reasons: we may disclose information if we believe in good faith that doing so is necessary to comply with a law, regulation, legal process, or governmental request; to enforce our Terms of Service; to detect or prevent fraud, security, or technical issues; or to protect the rights, property, or safety of Remy, our users, or the public.
  • Business transfers: if we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service.

  • Account data, contacts, and notes are retained while your account is open and deleted when you delete your account.
  • Soft-deleted records (contacts and notes you have removed but not yet purged) may be retained in our database for up to 30 days to support recovery, after which they are permanently deleted.
  • Billing records and related transaction data are retained as required by applicable tax and accounting laws.
  • Audit logs and security event data are retained for a limited period necessary for security investigations and compliance.
  • Backups containing your data are rotated and overwritten on a regular schedule; data may persist in encrypted backups for a short period after deletion.

You can permanently delete your account at any time from your account settings. Deletion of integration data held by third parties (such as Google) is governed by those services' own retention rules.

Security

We use administrative, technical, and physical safeguards designed to protect your information, including:

  • Encryption of data in transit (TLS) and at rest where supported by our infrastructure providers.
  • Secure password hashing and optional two-factor authentication.
  • Access controls that limit data access to authorized personnel on a need-to-know basis.
  • Audit logging of sensitive operations.
  • Regular security review of our dependencies and infrastructure.

No method of transmission over the Internet or electronic storage is completely secure. While we work hard to protect your information, we cannot guarantee its absolute security.

International Data Transfers

GIPO SOFTWARE SOLUTIONS INC. is established in Canada, and our service providers operate in Canada, the United States, the European Union, and other regions. When you use the Service, your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that differ from those in your country.

Where required, we rely on appropriate transfer mechanisms (such as Standard Contractual Clauses or equivalent safeguards) to protect personal information transferred internationally.

Your Rights

Depending on where you live, you may have the following rights regarding your personal information:

  • Access: request a copy of the personal information we hold about you.
  • Correction: ask us to correct inaccurate or incomplete information.
  • Deletion: request that we delete your personal information.
  • Portability: receive your data in a structured, machine-readable format.
  • Restriction or objection: ask us to restrict or object to certain processing.
  • Withdraw consent: where processing is based on consent, withdraw that consent at any time.
  • Non-discrimination: not be discriminated against for exercising any of these rights.
  • Lodge a complaint: contact your local data protection authority if you believe your rights have been violated.

You can exercise most of these rights directly through your account settings (for example, by editing your profile, exporting your data, or deleting your account). For other requests, contact us at the address below. We will respond within the time required by applicable law.

Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Service and remember your preferences. The cookies we set fall into the following categories:

  • Strictly necessary cookies: required to authenticate you, maintain your session, and provide core security features. The Service cannot function without these.
  • Functional cookies: remember your preferences (such as theme and locale).
  • Analytics: we may collect aggregated, privacy-respecting analytics about how the Service is used. We do not use third-party advertising or cross-site tracking cookies.

Most browsers allow you to control cookies through their settings. Disabling strictly necessary cookies will prevent you from using the Service.

Third-Party Services and Integrations

We rely on the following sub-processors to deliver the Service. Each provider acts on our instructions and is bound to confidentiality and data protection obligations.

  • Vercel — application hosting and content delivery.
  • Neon — managed PostgreSQL database hosting.
  • Resend — transactional email delivery.
  • Stripe — payment processing and subscription management.
  • Google (OAuth) — sign-in via Google accounts (used only when you choose this option).
  • Google People API — read and optional write access to your Google Contacts (used only when you enable the integration).
  • OpenAI — AI inference for the AI Assistant. When you query the AI Assistant, the prompts you send and the relevant context retrieved from your data (such as excerpts of contacts or notes) are transmitted to OpenAI to generate a response. We have configured this integration so that your data is not used by the provider to train its models.

Integrations you choose to connect — and any external clients you authorize through API keys — are governed by their own terms and privacy policies. You are responsible for reviewing those terms.

Children's Privacy

The Service is not directed to, and we do not knowingly collect personal information from, individuals under the age of 16. If you believe we have collected information from a child under 16, please contact us so we can delete it.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will revise the "Last updated" date at the top of this page and, where appropriate, provide additional notice (such as an in-product message or email). Your continued use of the Service after the changes take effect constitutes your acceptance of the updated policy.

Contact Information

If you have questions, comments, or requests regarding this Privacy Policy or our data practices, please contact us at:

GIPO SOFTWARE SOLUTIONS INC. Email: legal@useremy.app

This Privacy Policy is accessible via the footer of our website.