What stays on your device
Everything by default. The OS, every app, every container, every LLM weight, every video frame from a camera, every QR access log - all live on the local NVMe / SATA storage of your Reefy device. None of this is uploaded to reefy.ai or anyone else automatically.
What the reefy.ai dashboard sees
The hosted dashboard at reefy.ai is the control plane that lets you adopt and manage devices remotely. To do that job it stores:
- Your email address (from Google OAuth) so we know which devices are yours.
- Device identifiers (UUID, hostname, public IP at registration, hardware info reported at boot) so we can route MQTT and tunnel traffic to the right machine.
- Encrypted backup metadata (when you enable BorgBase backups) - the backup itself is end-to-end encrypted; we never see the plaintext.
- Telemetry that you opt into: CPU/GPU/RAM/disk metrics for dashboard charts. Stored 30 days, then aggregated.
What we don't collect
- The contents of your AI conversations, files, or camera feeds.
- The contents of your apps' data volumes.
- Your LLM provider credentials - the BYO-subscription OAuth tokens never leave your device.
- Third-party analytics on the device (no telemetry, no phone-home).
Third-party services we use
- Google OAuth for dashboard sign-in.
- Cloudflare for tunnels (every device gets a reefy.ai subdomain) and CDN in front of reefy.ai itself.
- BorgBase for optional encrypted cloud backups (you can also use any restic-compatible target).
- AWS for the dashboard's hosting + Postgres.
- Google Analytics on reefy.ai marketing pages (not on the dashboard).
How to delete your data
Sign in to the dashboard and remove each device; that drops its metadata from our database. Email @reefy_ai on X to request full account deletion - we delete within 30 days.
Open source
The OS and apps are open source so you can audit exactly what runs on your hardware. See github.com/reefyai/reefy.