Privacy Policy

Last updated: April 27, 2026

The short version

DevRecall is a local-first application. We — the maintainers of DevRecall — operate no servers that receive, store, or process your data. The application reads activity from services you connect (Git, GitHub/GitLab/Bitbucket, Slack, Google Calendar, Jira, Linear) and stores it in a SQLite database on your own device, under ~/.devrecall/. Nothing in that database is transmitted back to us.

We do not run analytics, telemetry, crash reporting, error tracking, advertising, or any other form of remote data collection. We do not have user accounts. We do not have a database of users. There is nothing for us to leak.

What data DevRecall accesses

When you connect a source, DevRecall reads activity directly from that source's API using credentials you provide (OAuth tokens, personal access tokens, or local Git access). The categories of data accessed depend on which sources you enable:

  • Git (local repos): commit metadata, branch activity, files changed.
  • GitHub / GitLab / Bitbucket: pull/merge requests you authored or reviewed, issues, comments, repository metadata.
  • Slack: messages you sent and threads you participated in, in channels and DMs your token can access.
  • Google Calendar: events on your calendars — titles, times, attendees, organizers, response status.
  • Jira / Linear: issues you touched, transitions, comments, sprint membership.

All of this data is stored locally in ~/.devrecall/devrecall.db. You can inspect it, export it, or delete it with standard SQLite tools.

Authentication tokens

OAuth tokens and personal access tokens are stored on your device in ~/.devrecall/tokens/ with file permissions 0600 (readable only by your user account). Tokens never leave your machine except to call the source's official API (e.g., api.github.com, slack.com, www.googleapis.com).

The OAuth callback relay

For OAuth-based sources (Slack, Google Calendar), DevRecall uses a Cloudflare Worker hosted at relay.devrecall.dev to receive the OAuth callback redirect from the provider. This is necessary because OAuth providers require a public HTTPS redirect URI, and DevRecall runs locally on your machine.

The relay:

  • Receives the temporary code query parameter from the OAuth provider and forwards it to the local DevRecall instance that initiated the flow.
  • Does not log, store, or persist the code, the access token, or any other request data.
  • Is open source — you can audit it at https://github.com/pavelpilyak/devrecall/tree/main/relay.

The OAuth code is exchanged for an access token directly between your DevRecall instance and the provider. The relay never sees the access token.

Optional third-party services

DevRecall can generate summaries and chat responses using a language model. Two paths:

  • Local model (default): Embeddings run via a bundled ONNX model. Chat can use a local Ollama instance. Nothing leaves your machine.
  • Bring your own key (BYOK): You may configure an OpenAI or Anthropic API key. When you do, the relevant excerpts of your activity database are sent to that provider's API to generate a response. This data is sent under your API key and is governed by that provider's privacy policy and terms — not ours. We never see this traffic.

Compliance with Google API Services

DevRecall's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, calendar data accessed via Google Calendar OAuth is used only to generate summaries, standups, and search results visible to you within DevRecall on your own device. It is not transferred to others, not used for advertising, not used to build or improve generalized products, and not read by any human other than you.

You can revoke DevRecall's access to your Google account at any time from myaccount.google.com/permissions. To remove the locally cached calendar data, delete ~/.devrecall/devrecall.db or use devrecall reset.

Data retention

DevRecall retains data on your device until you delete it. We do not retain anything anywhere else, because we do not receive anything in the first place.

To wipe everything DevRecall has stored, remove the ~/.devrecall/ directory.

Children's privacy

DevRecall is a developer tool not directed to children under 13. We do not knowingly receive any data from anyone, including children — but DevRecall is not designed for use by children.

Open source & auditability

DevRecall is MIT-licensed open source. Every claim on this page is verifiable in the source code at https://github.com/pavelpilyak/devrecall. The OAuth callback relay is at https://github.com/pavelpilyak/devrecall/tree/main/relay.

Changes to this policy

If we change this policy materially, we will update the date at the top and note the change in the project's release notes on GitHub. Trivial wording changes will not be announced.

Contact

Questions or concerns about this policy: open an issue at https://github.com/pavelpilyak/devrecall/issues. Security disclosures: see SECURITY.md in the repository.