Privacy Policy
1. Who we are
Recursive is a product of Future In Detail LLC, a limited liability company organized in the State of New York, United States. Throughout this policy, "we," "us," and "our" refer to Future In Detail LLC, and "Recursive" refers to the desktop application, the website at recursive.computer, and the license and billing infrastructure that supports them.
For any privacy-related question, you can reach us at [email protected].
2. Scope
This policy covers the Recursive website, the Recursive desktop application, and the licensing and payment systems that support them. It does not cover third-party services you choose to connect to Recursive (for example, Anthropic, OpenAI, GitHub, or any plugin you install) — those services have their own privacy policies, and your use of them is governed by their terms.
3. What the desktop app collects
Nothing by default. Recursive has no built-in usage analytics and does not track how you use the app, what files you open, what prompts you send, or what code you write. Your work stays on your machine unless you explicitly send it somewhere (for example, by committing to GitHub, by calling an AI provider's API, or by turning on Pro remote access or multi-device sync — see section 5).
3.1 Optional anonymous diagnostics (opt-in)
During setup (and later in Settings → About) you can choose to send anonymous diagnostics to help us fix crashes and understand product usage. This is off by default until you turn it on. If enabled, the app may send:
- Error reports: error name and a short, sanitized message (file paths and home-directory segments are stripped).
- A truncated stack trace (also stripped of paths; not your source code).
- Where in the app UI the error occurred (URL path only — no query strings or tokens).
- Coarse usage: when the app opens and which high-level sidebar area you view (for example
/tasksor/inbox) — not individual tasks, sessions, or file names. - App version, release channel (stable/canary), and operating system.
- A random anonymous install identifier (a UUID generated on your machine — not tied to your license, email, or hardware id).
We do not collect your source code, repository paths, prompts, task titles, inbox content, license key, email, or any intentionally identifying information. Error reports cover both UI (frontend) errors and background server errors. You can disable all diagnostics at any time in Settings → About.
The only other network traffic initiated by the app itself is:
- Periodic license validation against our licensing server (see below).
- Update checks against our release server to tell you when a new version is available.
- Any request you or an agent explicitly make — for example, calling an AI provider's API with your own API key, or fetching a plugin from a registry you configured.
These requests reach a release server and content-delivery network we operate (Cloudflare). Like any web server, those endpoints keep standard, aggregate request counts — for example, how many times an installer was downloaded, or how many update checks our release server received in a day, broken down only by app version, release channel, and operating-system platform. These are running totals we use to understand reach and active usage. They are counted at the edge from ordinary server logs; we do not join them to your IP address, to the anonymous install identifier described above, or to anything else that could single you out, and we never use them to build a profile of you.
4. What the website collects
The recursive.computer website has no third-party analytics, no advertising trackers, and no behavioral cookies. We use localStorage on your browser to remember your theme preference (light or dark). That preference stays in your browser and is not transmitted to us.
5. Remote access and multi-device sync (Pro)
Pro adds two optional features that can move your data off your machine. Both are off unless you turn them on.
5.1 Remote access
When you enable remote access, your devices reach each other through a relay service we operate (hosted on Cloudflare). Remote access is always end-to-end encrypted — there is no setting to turn it off. Your devices perform an ephemeral key exchange and encrypt every request and response with AES-256-GCM before it reaches the relay, so the relay only ever carries ciphertext and cannot read your data. The encryption keys are generated on your own devices and are never sent to us. The connection is additionally protected by TLS in transit.
5.2 Multi-device sync
Sync copies the workspace data you select between devices you own. How it is protected depends on where you send it:
- To third-party storage you configure (for example, your own cloud bucket): the data is encrypted on your device with AES-256-GCM before it is uploaded, using a key derived and held locally. Neither the storage provider nor we can read it.
- To another Recursive instance you host yourself (a self-hosted "box"): the data is written directly into that machine's live files so the running instance can use it, which means it is stored unencrypted on a server that you control, protected by HTTPS in transit and an access key. We do not operate or have access to that machine.
Remote access and sync only move data at your direction. Apart from relaying remote-access traffic as described above, we do not store your workspace contents on our own servers, and we never use them to train machine-learning models.
6. License and purchase data
When you buy a license or subscribe to a paid feature, we process a small amount of personal data so that we can deliver your license key and verify it when you activate the app. Specifically:
- Email address — used to deliver your license key, send receipts and renewal notices, and identify your account if you contact support.
- Payment details — collected and processed by Stripe. We never see or store your full card number; Stripe returns a customer and subscription identifier that we associate with your license.
- License key — a cryptographic identifier tied to your purchase. We store a hash of the key; the key itself is delivered to you by email.
- Tier and policy — the plan you purchased (for example, Pro or a Teams seat) and the feature set that comes with it.
- Device bindings — a machine identifier for each device you activate the license on, the number of activations, and the last time each device checked in. This lets us enforce the per-tier device limit.
- Audit log — a 90-day event log of activations, deactivations, and license state changes, used for abuse detection and support.
7. How we use this data
We use the data above only for the following purposes:
- Issuing, validating, renewing, and enforcing your license.
- Processing payments, refunds, and billing disputes.
- Sending transactional emails: welcome, receipts, renewal reminders, payment failures, cancellations.
- Detecting and investigating license abuse (for example, a single license activated on dozens of machines).
- Responding to your support or privacy requests.
We do not sell your data. We do not share it with advertisers. We do not use it to train machine-learning models.
8. Third-party processors
The following third parties process data on our behalf. Each has been chosen because it is a reputable provider with its own strong privacy commitments:
- Stripe (Stripe, Inc.) — payment processing, subscription management, invoices. See the Stripe Privacy Policy.
- Resend (Resend, Inc.) — transactional email delivery. See the Resend Privacy Policy.
- Cloudflare (Cloudflare, Inc.) — hosting for our licensing server, website, and release artifacts, the relay that carries Pro remote-access traffic, and the aggregate, anonymized edge request counts for our download and update endpoints (see section 3.1). See the Cloudflare Privacy Policy.
9. How long we keep it
License records are retained for as long as your license exists, plus a reasonable period afterwards to handle renewals, support, disputes, and legal obligations (typically up to seven years for records connected to a financial transaction). Audit log entries are automatically deleted after 90 days. If you ask us to delete your data, we will do so to the extent we are not required to keep it for tax, accounting, or fraud-prevention reasons.
10. Your rights
Depending on where you live, you may have the right to access, correct, export, or delete the personal data we hold about you, and to object to or restrict how we use it. To exercise any of these rights, email [email protected] from the address associated with your license. We will respond within 30 days.
You may cancel your subscription at any time from your Stripe customer portal. Cancelling a subscription stops future billing and, at the end of the current term, disables the paid features tied to the subscription.
11. Children
Recursive is not directed at children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.
12. International users
Recursive is operated from the United States. If you use Recursive from outside the United States, you understand that your data may be transferred to, stored in, and processed in the United States and other countries where our processors operate.
13. Security
We take reasonable measures to protect the data we store. License keys are hashed at rest. Administrative access to the licensing infrastructure is protected by passkey authentication. Stripe webhook payloads are cryptographically verified before being trusted. No system is perfectly secure; if a breach ever affects your data, we will notify you as required by law.
14. Changes to this policy
We may update this policy from time to time. If we make a material change, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email. Continued use of Recursive after a change means you accept the updated policy.
15. Contact
Questions about this policy, or about how we handle your data, can be sent to [email protected].