Security

Rhei's core runs on your machine. In local mode, source code, the code graph and symbol index, derived reports, the evidence ledger, and memory never leave the device — no account is required and there is no background upload path. Cloud features are additive and opt-in, not the foundation the product depends on.

When cloud features are enabled, what they can see is controlled by one explicit setting with three values:

• never — no source text is sent, ever. Features that would need source degrade to local behavior instead of uploading.
• metadata_only — repo identity, file names, hashes, and planning metadata may be sent. Source text is not.
• selected_slices — only explicitly selected code slices may be sent, for context planning, reranking, or review intelligence.

The full contract, including retention and provider boundaries, is documented in the Data Use overview.

Rhei does not train models on customer code by default. Any provider path with non-zero retention must be labeled before it can be enabled for a workspace — it cannot be switched on silently.

Cloud assist, context decisions, gated edits, and memory promotions are receipt-backed. For any request you can see what was selected, what was sent, what was used, and why. Edits run preview-first behind explicit apply gates with durable verification after every write — agents never get silent write authority.

Signing in stores account, authentication, entitlement, trial, billing, rate-limit, and project-binding data needed to operate the service. Signing in does not by itself permit source upload. Payments are processed by Stripe; Rhei does not store card numbers. Details are in the Privacy Policy.

• Free / local — fully on your machine, no account.
• Pro / Team — hosted services with the upload-mode contract above and receipt-backed cloud assist.
• Enterprise — private Docker / VPC deployment inside your infrastructure, with SSO, access and policy controls, org-level memory governance, and audit support.

If you believe you have found a security issue in Rhei, email [email protected] with steps to reproduce. We confirm receipt, keep you informed while we investigate, and credit reporters who wish to be credited. Please give us reasonable time to remediate before public disclosure.

Evaluating Rhei for an organization? We answer security questionnaires and walk through the architecture with your team — email [email protected]. See also the trust overview and plans.