Privacy Policy
Last updated: July 1, 2026
The short version. Restura is a developer API client. Your requests, collections, and history stay on your own device. We don't require an account, we don't run ads, and we never sell your data.
This policy explains what data Restura ("we", "the app") handles when you use the web app at restura.dev or the Restura desktop application, and the choices you have.
1. Data stored on your device
Almost everything you create in Restura is stored locally, not on our servers:
- Web app — requests, collections, environments, and history are kept in your browser's local storage (IndexedDB). They never leave your browser except as part of a request you explicitly send.
- Desktop app — the same data is stored in encrypted local storage on your machine.
- Secrets (API keys, tokens, passwords) are held as encrypted handles and resolved only at the moment a request is signed. They are never written to logs and are excluded from collections you export.
2. Requests you send
When you send a request, it goes to the upstream server you choose. On the web, requests are relayed through the Restura proxy so your browser can reach servers it otherwise couldn't; on desktop they go out directly. In either case Restura does not log, store, or inspect your request or response bodies.
3. Error reporting (opt-out)
To help us fix crashes, Restura may send anonymous error reports. This is on by default but can be turned off any time in Settings → Privacy. A report contains only:
- the error message and stack trace,
- the app build/version and your browser or OS user-agent string.
Reports are used solely to diagnose problems. They are not used to identify you, are not combined with any profile, and contain none of your request data or secrets.
On the desktop app, if error reporting is left enabled, Sentry also records anonymous session health — that a session started and ended, whether it was crash-free, and the app version — so we can tell how many people a bad release affects. These sessions carry no IP address and no identifier, and turning off error reporting turns them off too.
4. AI assistant
Restura includes an optional AI assistant. If you enable it and provide your own API key for a third-party provider (such as OpenAI, Anthropic, or OpenRouter), the relevant request context — with URLs and secrets redacted — is sent to that provider to generate a response. That data is governed by the provider's own privacy policy. Restura does not store your prompts or AI responses on our servers.
5. Hosting and third parties
We rely on a small number of service providers:
- Cloudflare — hosts the web app and the request proxy.
- Sentry — receives desktop crash reports, only if error reporting is left enabled.
- Your chosen LLM provider — only if you use the AI assistant, as described above.
6. Cookies and tracking
Restura uses no advertising or analytics cookies and does not track you across sites. The only browser storage we use is the local storage that keeps your workspace working. We run no application-level analytics on the web app; the anonymous session-health counts described in section 3 are the only usage signal, and they are desktop-only.
7. Children
Restura is a developer tool and is not directed at children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect data from children.
8. Changes to this policy
We may update this policy as the app evolves. When we do, we'll revise the "Last updated" date at the top of this page.
9. Contact
Questions about privacy? Open an issue or a private security advisory on our GitHub repository:
This is a general, plain-language policy provided for transparency and does not constitute legal advice. Depending on where you and your users are located, additional obligations (for example under the GDPR or CCPA) may apply.