This Privacy Policy describes how Termique ("we", "us", or "our") collects, uses, and protects information when you use the Termique desktop application and associated services (the "Service"). By using the Service you agree to the practices described here.
Short version: Termique is cloud-first. Hosts, groups, and snippets sync automatically to our backend. SSH credentials and private keys are end-to-end encrypted with your master password. We store ciphertext only and cannot decrypt them.
1. Data We Collect
Account data
When you sign in with Google, we receive your name, email address, and profile photo URL from the authentication provider. This is used solely to identify your account and associate your cloud data with you.
Device checkin data
The desktop and mobile apps (not the web dashboard, which is not itself tracked as a device) check in with our API each time you unlock, so we can show a Connected devices list in your account settings and let you sign out devices you no longer recognize. Each checkin records the platform, an optional device label, and the checkin time. We derive an approximate location (city/country) from your IP address when your device checks in, to help you recognize entries in your device list. The IP address itself is not stored.
Subscription data
Payment is processed by Polar.sh. We receive confirmation of your subscription status (active, cancelled, etc.) and your billing period dates. We do not store your payment card details - those remain with Polar.sh under PCI-DSS standards.
Cloud-synced app data
The following is stored on our servers, associated with your account:
- Host configurations (label, hostname, port, username, auth type)
- Host groups
- Snippet library
- SSH public keys (private keys are stored encrypted in your OS keychain only)
- Key-value settings (AI preferences, theme, etc.)
- Encrypted credential blobs - AES-GCM ciphertext encrypted with a key derived locally from your master password. We cannot decrypt these.
Command audit logs
If you or a host owner enables command logging for a shared host, terminal commands entered during sessions are recorded and stored. Audit logs are only accessible to the account that owns the host.
AI assistant usage
If you use the hosted AI assistant, conversation messages are sent to our API and forwarded to our AI provider (Cloudflare Workers AI) to generate responses. Conversations are not stored permanently unless you use the AI memory feature, which you can manage and delete at any time.
If you configure a custom AI endpoint (BYO), your messages go directly from your device to your chosen provider. We never see those messages.
Usage data
We may collect basic technical information such as app version, operating system, and error reports to diagnose issues and improve the Service. This data is not linked to your identity.
2. How We Use Your Data
- To provide and maintain the Service
- To sync your data across devices
- To process subscription payments via Polar.sh
- To provide the hosted AI assistant
- To notify you of important changes to the Service
- To investigate and prevent security incidents
- To comply with legal obligations
We do not sell your data to third parties. We do not use your data for advertising.
3. Data Storage and Security
Cloud data is stored in a PostgreSQL database hosted on secure infrastructure. All data in transit is encrypted via TLS. Credential blobs stored in the database are already AES-GCM encrypted before they leave your device - we store ciphertext only.
SSH private keys are never uploaded to our servers. They are encrypted with your master password and stored exclusively in your operating system's keychain (macOS Keychain, Windows Credential Manager, or the Linux Secret Service).
No security measure is perfect. We employ commercially reasonable practices but cannot guarantee absolute security.
4. Data Retention
We retain your account and app data for as long as your account is active. If you delete your account, all associated data is permanently deleted from our servers within 30 days. Anonymised usage data may be retained longer for analytics purposes.
5. Third-Party Services
- Firebase (Google) - authentication. Privacy policy
- Polar.sh - subscription billing. Privacy policy
- Cloudflare Workers AI - hosted AI inference. Messages sent to the hosted assistant are processed by Cloudflare. Privacy policy
6. Children's Privacy
The Service is not directed at anyone under the age of 16. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us and we will delete it promptly.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data
- Object to or restrict certain processing
- Export your data in a portable format
To exercise any of these rights, contact us at privacy@termique.app. You may also delete your account directly from Settings → Account → Delete account.
8. Changes to This Policy
We may update this policy periodically. Material changes will be communicated via email or prominent notice in the application at least 14 days before taking effect.
9. Contact
Privacy-related questions: privacy@termique.app