Security at Recall

Your code context is sensitive. We built Recall with security as a foundation, not an afterthought.

Last updated: January 26, 2026

On this page

Our Approach

Recall is built on a process-and-delete architecture. Your session transcripts are temporarily processed on our servers to generate AI summaries, then immediately deleted. We never store raw transcripts—only the summarized knowledge.

What this means:

During summarization (typically under 3 seconds), your session transcript exists in plaintext on our servers and is sent to our AI provider. After the summary is generated, the original transcript is immediately deleted from memory. We store only the AI-generated summary—never the full transcript or raw code.

Important: This is not zero-knowledge

Unlike zero-knowledge systems where the server never sees plaintext data, Recall does temporarily access your transcript content during AI processing. If your security requirements mandate that no third party ever sees your data in plaintext, Recall may not be the right fit. For most teams, our process-and-delete approach provides a practical balance of functionality and privacy.

Data Handling

Understanding exactly what data flows through Recall and what happens to it.

What we capture

  • Session summaries — AI-generated summaries of what happened
  • Decisions made — Key choices and their reasoning
  • Mistakes to avoid — Lessons learned from debugging
  • Files changed — File paths (not file contents)
  • Metadata — Timestamps, tags, session duration

What we never store

  • Raw code — Your actual source code is never stored
  • Full transcripts — Session transcripts are deleted after summarization
  • Secrets or credentials — Never extracted or stored
  • File contents — Only paths, never the actual content
  • Passwords — We use GitHub OAuth, no passwords stored

The summarization flow

  1. Session transcript encrypted on your machine
  2. Encrypted transcript sent to Recall servers
  3. Decrypted in memory, summarized by AI in under 3 seconds
  4. Original transcript immediately deleted
  5. Only the encrypted summary is stored

Encryption

Stored session data is encrypted with your team's encryption key. Recall does not have access to your team key and cannot decrypt stored content.

1

AES-256-GCM encryption

Session summaries are encrypted using AES-256-GCM, a military-grade encryption standard. Each session uses a unique initialization vector (IV).

2

Team-controlled encryption keys

Each team has a unique encryption key generated during signup. This key is required to decrypt stored session content. Recall does not have access to your team key—only your team can decrypt stored data.

3

TLS 1.3 in transit

All API communication uses TLS 1.3 encryption, protecting data as it moves between your device, our servers, and AI providers.

Two different states to understand

  • At rest (stored data): Encrypted with your team key. Recall cannot decrypt this content.
  • During processing: When you save a session, your transcript is temporarily processed in plaintext on our servers and sent to our AI provider for summarization. This typically takes under 3 seconds, after which the transcript is immediately deleted.
  • Search metadata: Titles and tags are stored unencrypted to enable server-side search.

AI Processing

Session summarization is performed using AI models. Here's exactly how your data is processed.

How summarization works

  1. Your encrypted session transcript arrives at our servers
  2. Transcript is decrypted in memory (never logged or stored)
  3. Content is sent to our AI provider for summarization
  4. AI generates a structured summary (decisions, mistakes, files changed)
  5. Summary is validated for quality (must score ≥80%)
  6. Summary is encrypted with your team key
  7. Original transcript is immediately deleted from memory
  8. Only the encrypted summary is stored

AI providers

Your session transcript is sent to one of these third-party AI providers for summarization:

ProviderModelUsage
GoogleGemini 2.0 FlashPrimary summarization
OpenAIGPT-4oFallback
AnthropicClaude HaikuFallback

We use API endpoints that do not train on customer data per each provider's terms. Enterprise customers can use BYOK to route requests through their own API keys.

Your data is sent to third parties

To generate summaries, your session transcript content is sent in plaintext to one of the AI providers listed above. This is a necessary part of how Recall works. Each provider has their own privacy policy and data handling practices. If your organization prohibits sending code context to third-party AI providers, Recall may not be suitable for your use case.

Infrastructure

Recall is built entirely on Cloudflare's global edge network.

Cloudflare Workers

Serverless compute at the edge. No traditional servers to compromise. Code runs in isolated V8 environments with no persistent state.

Cloudflare D1

SQLite database with automatic encryption at rest. Data is replicated across multiple regions for durability.

Cloudflare R2

Object storage for backups. Encrypted at rest with automatic redundancy. Hourly backups retained for disaster recovery.

DDoS Protection

Enterprise-grade DDoS mitigation included by default. Cloudflare handles over 20% of global internet traffic.

No infrastructure in China

All Recall infrastructure is located in the United States and Europe. We do not use any infrastructure providers based in China or subject to Chinese data access laws.

Access Control

Fine-grained permissions and secure authentication.

GitHub OAuth

Secure authentication via GitHub. We never store passwords. Your GitHub account's security protections (2FA, SSO) apply to Recall.

JWT tokens

Short-lived, cryptographically signed access tokens. Tokens expire after 24 hours and must be refreshed.

Team isolation

Complete data isolation between teams. Each team has its own encryption key. Team A cannot access Team B's data under any circumstances.

Role-based access

Three roles with different permissions: Owner (full control), Admin (manage members), Member (view and contribute). Roles can be changed at any time.

API tokens

Separate tokens for MCP integration. Tokens can be revoked at any time. Each token is scoped to a specific team.

BYOK (Enterprise)

Enterprise customers can bring their own AI API keys for complete control over AI processing.

Bring Your Own Key benefits

  • Use your own API keys — OpenAI, Anthropic, or Google. Your keys, your costs, your audit trail.
  • AI requests bypass Recall — Session content goes directly from our servers to your AI provider. Never touches Recall's API keys.
  • Full model control — Choose which model to use for summarization. Switch providers anytime.
  • Encrypted key storage — Your API keys are encrypted with AES-256 before storage. We cannot read them.

Data Export & Deletion

You own your data. Export or delete it anytime.

Export your data

  • • Export all session summaries as JSON
  • • Export decisions and mistakes as CSV
  • • Available to all plans, anytime
  • • No lock-in, no export fees

Delete your data

  • • Request complete data deletion
  • • All data removed within 30 days
  • • Includes all backups
  • • Confirmation email sent when complete

When someone leaves your team

Their access is revoked immediately. Historical session context remains with the team—the knowledge belongs to the team, not any single person. This is intentional and mirrors how institutional knowledge works.

Vulnerability Disclosure

We appreciate responsible security research.

Reporting a vulnerability

If you discover a security vulnerability, please report it to us responsibly:

  • • Email: [email protected]
  • • We will acknowledge receipt within 5 business days
  • • We will work with you to understand and resolve the issue
  • • We will not take legal action against good-faith security research

Please do not publicly disclose vulnerabilities until we have had a chance to address them.