Privacy

Last updated: June 20, 2026

What we collect

• Account data: name, email, GitHub user id (if you sign in with GitHub), password hash (bcrypt — original never stored), Stripe / PayPal customer id when you subscribe.
• Encrypted blobs: ciphertext of your synced SSH hosts, crons, and preferences. We never see plaintext (see below).
• Operational logs: standard webserver request logs. No request bodies, no payloads.

Zero-knowledge encryption

For Pro sync, every resource is encrypted on your device with AES-256-GCM before being sent to us. The encryption key is derived from your password (or a separate sync passphrase for GitHub-only accounts) via Argon2id with a per-user salt. The key never leaves your device and never touches our servers. We literally cannot decrypt your synced SSH credentials, crons, or preferences — and neither can a leaked database backup, a subpoena, or a malicious admin.

The trade-off: if you forget your passphrase, your synced data is permanently lost. We have no recovery mechanism — building one would compromise the zero-knowledge guarantee.

Third parties

• Stripe — payment processing if you choose Stripe checkout. They see card details; we don't.
• PayPal — same, for PayPal subscriptions.
• GitHub — only if you sign in with GitHub. They see that you authorized our app.
• Let's Encrypt — when you enable HTTPS on a deployment, your domain + email go to them as part of the ACME flow.

What we don't do

• No analytics. No tracking pixels. No fingerprinting.
• No advertising. No data sales. No third-party trackers in the desktop app.
• No telemetry sent from the desktop app to us, ever.

Account deletion

Email thayron.arrais@gmail.com from your account email. Your row in users + all related ciphertext blobs are deleted within 7 days.