Privacy Policy
Last updated: July 17, 2026 · Effective: July 17, 2026
REKH is a privacy browser. That isn't a slogan — it's an architecture. Your browsing history, your passwords, and what you read never reach us, because the browser is built so they can't.
The short version. We do not collect your browsing history. We do not track you across sites. We do not sell or share your data. We run no advertising. Your bookmarks, history, settings, vault, and Knowledge Base live on your device. Data only leaves when you take an action that requires it (like asking the AI a question), and we tell you exactly when below.
1. Who we are
REKH ("REKH", "we", "us") is a web browser operated by Cooperanth Consulting LLC, a limited liability company registered in Wyoming, United States. This policy explains how the REKH browser and the rekhbrowser.com website handle information.
2. What we do not collect
To be unambiguous, REKH does not collect, transmit, or store any of the following on our servers:
- Your browsing history, the pages you visit, or the content of those pages.
- Your search queries.
- Your bookmarks, tabs, or session.
- The contents of your encrypted Vault (passwords, secrets, notes).
- The contents of your Knowledge Base.
- Your AI provider API keys.
- Behavioural analytics, telemetry, or usage tracking inside the browser.
- Any advertising or cross-site tracking identifiers.
We do not build a profile of you, and we have no advertising business that would benefit from one.
3. What stays on your device
REKH stores the following locally only, on your computer:
| Data | Where it lives |
|---|---|
| Bookmarks, history, open tabs, settings | Local application storage |
| Vault entries (passwords/secrets) | Encrypted file, AES-256-GCM, unlocked only by your master password |
| Knowledge Base ("About You") | Local application storage |
| AI provider API key (if you bring your own) | Your operating system's keychain/credential store |
Your Vault master password is never stored anywhere and never transmitted. It cannot be recovered by us or by anyone else — if you lose it, the vault contents are unrecoverable. That is the intended design.
4. When data leaves your device
REKH is a browser, so of course the websites you visit receive requests from you — that is how the web works. Beyond that, data leaves your device only in these situations:
You use the AI assistant
When you ask the assistant a question or use an action (Summarize, Translate, Key points), REKH sends your prompt, the visible text of the current page, and — if you enabled it — your Knowledge Base, to the AI provider you chose in Settings. If you use your own API key, this goes directly from your device to that provider; it does not pass through us. That provider's own privacy policy governs what they do with it. If you use REKH AI+, see section 5.
You use Media tools
Choosing "find image source" sends that image's URL to the reverse-image search service (TinEye). Choosing "compare prices" sends the product title to the shopping search service. These are user-initiated and go directly from your device.
Background operations
- Tracker filter lists are downloaded from the blocklist provider so blocking stays current. No browsing data is sent with these requests.
- Update checks contact the software release host to see whether a newer version exists.
- Favicons are fetched from the sites you visit, as in any browser.
- If you enable a VPN/proxy, your traffic routes through the provider you configured. Their policy governs that traffic.
5. REKH AI+ accounts
REKH AI+ is optional. If you don't create an account, we hold no information about you at all. If you do, we operate the service on our own infrastructure and store the minimum needed to run it:
- Your email address (to identify the account and contact you about the service).
- An access token, stored only as a cryptographic hash.
- Usage counters — the number of tokens consumed in the current billing period, and your plan. This is a count, not content.
When you send an AI request through REKH AI+, our server forwards it to the underlying AI provider using our key and returns the response. We do not store the content of your prompts or the responses, and we do not use them to train any model. We meter the size of the request for billing and limits; we do not retain the text.
Payments, if any, are handled by our payment processor or the relevant app store. We do not receive or store your full card details.
6. How we use information
We use the limited information described in section 5 only to: operate and secure the AI+ service, enforce plan limits, prevent abuse, handle billing, and respond to support requests. We do not use it for advertising, profiling, or resale.
7. Sharing and disclosure
We do not sell your personal information, and we never have. We share information only in these narrow cases:
- Providers you choose. Your AI provider, VPN provider, or a search service receives what you send them, at your direction.
- Service providers we use to run REKH AI+ (for example, the upstream AI provider and our payment processor), limited to what's necessary.
- Legal requirements. If compelled by valid legal process, we can only produce what we actually hold — which, as described above, is very little. We cannot produce browsing history or vault contents because we do not have them.
8. Retention
On-device data stays until you delete it (Clear data on exit, or removing the app). For REKH AI+, we retain your account record while the account is active, and delete it within 30 days of a deletion request. Usage counters reset each billing period.
9. Security
Vault contents are encrypted with AES-256-GCM using a key derived from your master password (scrypt); the key exists only in memory while unlocked and auto-locks after inactivity. API keys are stored in your OS keychain. Traffic to our services uses HTTPS. Our servers are operated by us on infrastructure we control. No system is perfectly secure, but we've designed REKH so that a breach of our servers cannot expose your browsing or your secrets — we don't hold them.
10. Your rights and controls
Because most data never leaves your device, you already control it: clear it in the browser at any time. For a REKH AI+ account, depending on where you live (including under the GDPR and CCPA/CPRA), you may have the right to access, correct, export, or delete your information, and to object to processing. We do not sell or "share" personal information as those laws define it, so there is nothing to opt out of — but you may still exercise your rights by emailing us.
To request deletion of a REKH AI+ account, email privacy@rekhbrowser.com.
11. Children
REKH is not directed to children under 13 (or the equivalent minimum age in your country), and we do not knowingly collect information from them. A web browser can reach the whole internet; we recommend adult supervision and appropriate device-level parental controls for younger users.
12. Changes
If we change this policy, we'll update the date at the top and, for material changes, notify you in the app or by email where we have one. Continued use after a change means you accept the updated policy.
13. Contact
Questions, requests, or privacy concerns:
Cooperanth Consulting LLC — Wyoming, USA
privacy@rekhbrowser.com