Built to keep your text yours.
Rheme runs locally, opens no connection, and ships nothing it does not own. Here is how we build it, and how to tell us if we got something wrong.
How we build
- Nothing leaves the device. The runtime resolves text in process. It has no network code and makes no request, so your input cannot be exfiltrated by it.
- No third-party surface. Fonts, icons, and the runtime are served from our own infrastructure. The site loads no external script, which removes a whole class of supply-chain risk.
- Deterministic and reviewed. The same input gives the same output, which makes the runtime straightforward to audit and to fuzz. It has been through exhaustive adversarial review.
- Small surface. The core is a few hundred kilobytes of Rust with no runtime dependencies, so there is little to attack and little to keep patched.
Reporting a vulnerability
If you have found a weakness, we want to hear about it before anyone else does. Write to security@rheme.dev with enough detail to reproduce the issue. A proof of concept helps, and you are welcome to encrypt your message.
Please give us a reasonable window to fix the problem before you share it publicly. We will not pursue a researcher who reports in good faith and avoids privacy violations and service disruption while testing.
We acknowledge fast
You will hear back within two working days, with a real assessment rather than an autoreply.
We fix in the open
Valid issues get a tracked fix and a release note, so users can see what changed and why.
We credit you
With your permission, every confirmed finding is credited to its reporter in the advisory.
Scope
The runtime, the website, and the Inspector. Third-party services we do not run are out of scope.
This page describes the process we are standing up ahead of the first public release. The reporting address will be live before launch.