Trust & Transparency

What Repull AI sees, and what it doesn't.

Repull Studio uses Repull AI to generate code from your prompts. This page lays out exactly what context Repull AI sees, what it never sees, what it is and is not allowed to do, how long we keep things, and how to opt out. Plain English. No surprises.

Last updated 6 May 2026 · Effective for all Studio projects created after this date.

What Repull AI sees

To generate code that fits your project, Repull AI needs context. This is the full list.

Your prompts

The text you type into the Studio chat — instructions, follow-ups, refinements.

Existing project files

The current contents of your Studio project (source files, config, schema) so Repull AI has context to edit them.

Conversation history within a project

Earlier messages in the same Studio project, so follow-up requests like ‘make the title bigger’ have the right reference point.

Your current customer ID

Used to scope the project to your account — Repull AI never sees other customers' projects, prompts, or files.

What Repull AI cannot do

Even though Repull AI writes code, it does not have side-effect superpowers. These actions are explicitly blocked at the platform level.

Spend money on your behalf

Repull AI has no payment authority. It cannot move money, change billing plans, refund guests, or charge cards.

Send emails on your behalf

Repull AI does not have a send-email tool. Generated apps can use email APIs that you wire up explicitly with your own keys, but the agent itself cannot trigger sends.

Modify your booking platform listings

No write access to Airbnb, Booking.com, VRBO, or any channel manager from inside Repull AI. Listing changes happen through your dashboard or PMS, never through a generated app.

Contact your guests

Repull AI cannot send messages to guests, post replies, leave reviews, or trigger any guest-facing communication.

What Repull AI does not see

These categories never reach Repull AI, even when generating code that interacts with them.

Your reservations data

Guest names, dates, prices, channel IDs, conversation transcripts — none of it is sent to Repull AI.

Your guest data

Email addresses, phone numbers, ID documents, payment details, check-in instructions — never sent.

Your auth tokens or API keys

Your dashboard session, OAuth tokens, and the API keys you use to call Repull are stripped from any context Repull AI receives.

Your Stripe and bank-linking data

Cards, payouts, payment methods, owner banking details — handled inside Stripe and Plaid, never reach Repull AI.

Your Studio Secrets

Anything you store in Studio Secrets is encrypted at rest and decrypted only at runtime inside your deployed app. Repull AI never sees the values.

Other tenants' data

Repull is multi-tenant by design. Your prompts, files, and project state are scoped to your customer ID and never mixed into another customer's context.

How Repull AI is built

Repull AI is a frontier coding model with Repull-tuned context. The request flow runs through Repull infrastructure in the United States and the European Union, with a Data Processing Agreement covering the underlying model provider. Under that agreement your prompts and project files are not used to train models and are not retained beyond the request lifecycle.

We deliberately keep this description vendor-neutral — Repull AI is the product surface, and we route to whichever frontier model performs best for the task. The model selection may change as the landscape evolves; we will update this page and notify active customers if anything material changes — see the Updates section.

Retention policy

How long Repull keeps each kind of data inside Studio. Different kinds have different lifespans for different reasons.

Generated code

Until you delete it

Your Studio project source code stays in your account until you soft-delete the project. Soft-deleted projects are purged within 30 days.

Conversation history

90 days

Chat messages within a Studio project are kept for 90 days so you can scroll back through how an app evolved. After 90 days they are hard-deleted.

Usage logs

12 months

Aggregate metering for billing and abuse prevention — counts of generations, tokens, deploys per account. No prompt or file content is included.

Studio Secrets

Until you delete them

Stored encrypted at rest. Removed immediately when you delete a secret or the project that owns it.

Chat history

Your chat with Repull AI in each Studio project is saved on our servers — not just in your browser. Here is what that means for you.

You can resume your work on any device — open the same Studio project from a different browser and the conversation is right where you left it.
With your permission in a support case, our team can look at what Repull AI said and did so we can help you debug issues faster.
We keep a record of file changes Repull AI made on your behalf, so you have a clear audit trail of how your project evolved.

You can clear the chat for any project at any time from that project's settings — that erases the history from our servers, not just from your browser. Per-message deletion is also available; see Opt-out paths.

Opt-out paths

If you want less AI in the loop, you have three escape hatches.

Disable the embedded RepullAgent in your deployed app

Every Studio app ships with the <RepullAgent /> component. You can turn it off with a config flag — set REPULL_AGENT_DISABLED=true in your project environment variables, or remove the component from the page tree. Your team will keep the app, just without the embedded AI.

Embedded agent reference

Delete an individual generation

You can remove a single Repull AI generation (the chat exchange plus the code diff it produced) from a project's history. The conversation message and any associated logs are hard-deleted within 24 hours and removed from the per-customer audit log. The corresponding API endpoint is DELETE /api/studio/projects/{id}/generations/{id}.

Account-level opt-out

Want AI features off across your whole Repull account? Email hello@repull.dev and we will flip the flag manually. Studio becomes read-only for existing projects and AI generation is blocked.

Compliance

GDPR

Soft-deleted Studio projects are purged within 30 days, in line with our standard data deletion timeline. You can export your data at any time through the project Export button or by emailing support. Data subject access requests are honored within the 30-day GDPR window.

EU AI Act

Repull Studio is an AI-powered system. The EU AI Act requires that users are informed when they are interacting with AI. This page satisfies that disclosure. The embedded RepullAgent and all Studio chat interactions are clearly labeled as AI in the UI.

SOC 2 Type II

In progress. We are in the observation window for SOC 2 Type II certification covering Studio and the rest of the Repull platform. Updated status will appear here once the audit completes.

Updates

Material changes to this policy require re-acceptance from active customers. The version log lives below.

VersionDateSummary

v1.12026-05-06Restated what Repull AI cannot do (no money movement, no email send, no booking-platform listing edits, no guest contact). Clarified that retention and per-customer audit logs cover Build Mode, Plan Mode, and Canvas alike. Added explicit reference to the per-generation deletion endpoint.

v1.02026-05-04Initial transparency policy published — covers Studio prompts, generated code, embedded RepullAgent, retention, opt-out paths, GDPR, and EU AI Act disclosure.

Questions about how Repull handles your data?

Email hello@repull.dev for data protection topics or general help.

Back to Studio docs

Previous← Embedded agent NextFAQ →