Privacy Policy

Last updated: May 15, 2026

1. Introduction

RemoteAI ("we", "our", or "us") operates the RemoteAI remote desktop platform, including the website at remoteai.pro, desktop client, mobile application, and web client (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

Account Information

  • Email address (for account creation and authentication)
  • Password (stored as a BCrypt hash, never in plaintext)
  • Two-factor authentication secrets (encrypted at rest)

Device Information

  • Device name and operating system
  • Unique device identifier (generated locally)
  • IP address (for connection establishment only)
  • Device status (online/offline, CPU/RAM/disk usage for Continuous Presence)

Usage Data

  • Connection timestamps and duration
  • Feature usage (commands executed, files transferred)
  • Audit logs (login events, device pairing, permission changes)

Data We Do NOT Collect

  • Screen content — streams are peer-to-peer encrypted (AES-256-GCM) and never pass through our servers in decryptable form
  • Clipboard content — encrypted end-to-end
  • File contents — transferred via E2E encrypted channels
  • Keyboard or mouse input — sent directly to your device, never logged

3. How We Use Your Information

  • To provide and maintain the Service
  • To authenticate your identity and authorize device access
  • To process payments and manage subscriptions (via Razorpay)
  • To send critical service notifications (security alerts, password resets)
  • To monitor and improve service reliability and performance
  • To comply with legal obligations

4. End-to-End Encryption

All remote desktop sessions use AES-256-GCM encryption with X25519 ECDH key exchange. Screen content, clipboard data, file transfers, and input events are encrypted before leaving your device. Our servers facilitate connection establishment only — they cannot decrypt your session data.

5. Data Sharing

We do not sell your personal data. We share information only with:

  • Razorpay — payment processing (email, subscription details)
  • TURN relay servers — IP addresses for connection relay when P2P fails (no content)
  • Law enforcement — only when required by valid legal process

6. Data Retention

  • Account data: retained while your account is active
  • Audit logs: retained for 90 days
  • Connection logs: retained for 30 days
  • Relay file transfers: deleted immediately after delivery (not stored)

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data in a portable format
  • Withdraw consent for optional data processing

To exercise these rights, contact us at privacy@remoteai.pro.

8. Security

We implement industry-standard security measures including encrypted storage, rate limiting, two-factor authentication, JWT token expiration, and regular security audits. All data in transit uses TLS 1.2+ encryption.

9. Children

Our Service is not intended for children under 13. We do not knowingly collect personal information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. Continued use of the Service after changes constitutes acceptance.

11. Contact

For questions about this Privacy Policy, contact us at: privacy@remoteai.pro

RemoteAI — Remote Access Interface
India