Data Use & Privacy Overview

If you have any questions or feedback, please email us at [email protected]. For more information about how we collect, use, disclose, and process personal data, see our full Privacy Policy.

Here is how your data is handled based on the Rhei CLI and account settings you choose.

• If you use Rhei in local mode: source code, the local code map, graph index, derived reports, local evidence ledger, and local memory stay on your machine. No Rhei account is required, and source code is not uploaded.
• If you sign in to Rhei: Rhei stores account, authentication, entitlement, trial, billing, rate-limit, and project-binding data needed to operate the service. Signing in does not by itself permit source upload.
• If you enable Rhei Pro: server-backed capabilities may be used after approval, sign-in, entitlement checks, and the configured source-upload mode. In auto mode, failures fall back to local behavior. Only required mode blocks.

• never: no source text is sent. Features that require source slices remain local-only or unavailable.
• metadata_only: Rhei may send repo identity, file names, hashes, feature identifiers, and planning metadata. Source text is not sent.
• selected_slices: explicitly selected code slices may be sent for context planning, reranking, drift signals, or review intelligence.

• Rhei does not train models on customer code by default.
• Rhei does not expose model weights, embeddings, raw prompts, feature columns, eval artifacts, or internal model artifacts through the public MCP package.
• Some Pro capabilities may use Rhei infrastructure or selected model providers. Providers may run automated safety or abuse checks under their own policies. Non-zero-retention provider paths should be labeled before they are enabled for a workspace.
• Plaintext source slices used for Pro requests should be treated as request-scoped or short-lived operational data. Derived metadata, hashes, embeddings, file names, entitlement records, and audit traces may be stored to provide the product, enforce limits, improve reliability, support deletion, or investigate abuse.

• Even when signed in, Pro requests go through Rhei backend services for entitlement, rate limiting, final context planning, and policy checks.
• Local correctness does not depend on a server response. Server-backed results are advisory.
• Public beta users should use the default public MCP profile. Internal full or local-beta profiles are for Rhei dogfooding.
• You can disable Pro behavior by signing out, using local mode, setting source upload to never, or deleting project/account data where deletion controls are available.