Privacy Policy - TerminaLLM

Last Updated: February 22, 2026

Overview

TerminaLLM ("the App") is a mobile SSH terminal client that enables secure remote command execution. This Privacy Policy describes how we collect, use, and protect your information.

Information We Collect

Data Stored Locally on Your Device

The App stores the following information locally on your device using platform-native encrypted storage (iOS Keychain / Android EncryptedSharedPreferences):

• SSH Connection Details: Host address, port number, and username
• TOTP MFA Secrets: Encrypted secrets for multi-factor authentication
• Host Key Fingerprints: SSH server fingerprints for man-in-the-middle attack prevention
• Security Audit Logs: Connection attempts, authentication events, and security-related activities (up to 1,000 most recent events)
• Session Information: dtach session identifiers for session persistence
• App Preferences: Biometric authentication settings, security profiles, terminal preferences
• Credential Vault (Opt-in): If you enable the Credential Vault, SSH passwords, private keys, and passphrases are encrypted and stored locally using HKDF-Expand key derivation with per-credential nonces, XOR stream encryption, and HMAC-SHA256 authentication tags. Vault entries have configurable TTL expiry and are stored exclusively in platform-native encrypted storage
• Media Drop (Camera/Photo Library): When you use the Media Drop feature, the App requests access to your device camera or photo library on demand via standard iOS/Android permission prompts. Selected images or files are uploaded directly to your remote server at /tmp/terminallm-uploads/ via SFTP with chmod 600 (owner-read/write only) permissions. Media files are not cached or stored locally by the App — they are streamed from the system picker to the remote server. Camera and photo library access can be revoked at any time in your device settings
• Port Forwarding Rules: Saved port forwarding rules (local port, remote host, remote port, rule name) are stored locally per connection profile. No network traffic is intercepted or logged — tunnels bind exclusively to localhost (127.0.0.1) on your device
• AI Chatbot Usage: Daily message count for free-tier enforcement is stored locally. Your chatbot subscription tier (free/pro) is stored locally. The last 50 chatbot messages are persisted in platform-native encrypted storage for conversation continuity across app sessions
• Terminal Session Recordings: If you use the recording feature, terminal sessions are captured in asciicast v2 format (.cast files) and stored locally in the app's documents directory. Recordings contain all terminal output and input events with timestamps. Recordings are not encrypted at rest and are never automatically uploaded or shared
• Encrypted Backups: If you create a backup, an encrypted .tlmbackup file is generated containing your selected data categories (profiles, snippets, settings, and optionally vault credentials). Backups are encrypted with AES-256-GCM using a password-derived key (PBKDF2). Backup files are stored locally or shared via the system share sheet — they are never uploaded to TerminaLLM servers
• Custom Terminal Themes: User-created terminal color themes (23 color values per theme) are stored in platform-native encrypted storage
• Connection History: Timestamps, durations, and host information for recent connections (up to 10 entries) are stored locally in encrypted storage for the session resume feature
• Connection Health Check: TCP port reachability results for saved profiles are cached in memory with a 60-second TTL. Health check results are never persisted to disk or transmitted
• Proxy Authentication Token: A JWT token for proxy authentication is stored locally in encrypted storage. It contains only your device identifier and subscription tier — no personal information
• Device Identifier: A randomly generated device identifier (not linked to your hardware or advertising ID) is created and stored locally for proxy authentication purposes
• iOS Live Activities: When an SSH session is active on iOS 16.1+, session metadata (server name, connected AI tool, AI state, and file change counts) is written to an App Group shared container (NSUserDefaults) and displayed on the Lock Screen and Dynamic Island via iOS Live Activities. This data is visible without unlocking your device. Live Activities are automatically ended when you disconnect or the session is idle for 8 hours (iOS system limit)

Data Transmitted to External Services

• AI Chatbot: When using the built-in AI chatbot, your messages are sent through the TerminaLLM proxy server (hosted on Fly.io) to the Anthropic API. The proxy server receives your device identifier and daily message count for free-tier rate limiting. Messages are not stored on the proxy server — they are streamed through to Anthropic and discarded. See Anthropic's Privacy Policy for how Anthropic handles API data

Data We Do NOT Collect

• Passwords (by default): SSH passwords are not stored by default — you enter them at connection time and they are cleared from memory after use. If you opt in to the Credential Vault, credentials are encrypted and stored locally with configurable TTL expiry (see "Credential Vault" above)
• Command History: Commands executed on remote servers are not logged by the App
• Terminal Output: Content displayed in the terminal is not stored or transmitted
• Location Data: We do not access your location
• Personal Information: We do not collect names, emails, or other personal data

Voice Input

The App offers optional speech-to-text input for dictating terminal commands and chatbot messages. Voice recognition is performed entirely on-device using platform-native engines (iOS Speech framework, Android SpeechRecognizer). No audio data is recorded, stored, or transmitted by the App. Voice input can be used without an internet connection on supported devices.

How We Use Information

All data stored by the App is used solely to provide its functionality:

• Connection Details: Enable quick reconnection to previously accessed servers
• Credential Vault: Enable seamless reconnection without re-entering credentials (opt-in only, encrypted locally, auto-expires per TTL)
• TOTP Secrets: Verify your identity through multi-factor authentication
• Host Key Fingerprints: Protect against man-in-the-middle attacks
• Audit Logs: Allow you to review security events on your device
• Session Information: Enable resumption of interrupted AI coding sessions
• Media Drop: Upload photos, screenshots, and files to your remote server for use in AI coding sessions
• Port Forwarding Rules: Quickly re-establish SSH tunnels for accessing remote development servers
• Device Identifier & Usage Count: Enforce free-tier daily message limits via the proxy server
• AI Chatbot: Provide AI-powered assistance for terminal and coding questions

Data Security

Encryption at Rest

• iOS: All sensitive data stored in Apple Keychain with first_unlock_this_device accessibility
• Android: EncryptedSharedPreferences with AES-256 encryption

Encryption in Transit

• All SSH communications use industry-standard SSH protocol encryption
• Host key verification prevents man-in-the-middle attacks
• AI chatbot communications use HTTPS/TLS

Additional Security Measures

• Multi-factor authentication (TOTP) required for app access
• Optional biometric authentication (Face ID / Fingerprint)
• Session timeouts after inactivity
• Rate limiting on authentication attempts
• Screen capture prevention (Android)
• Clipboard auto-clear after paste operations

Data Retention

• Connection Details: Retained until you uninstall the App or clear app data
• Audit Logs: Last 1,000 events retained, older events automatically deleted
• Session Data: Retained until you clear session or uninstall the App
• Chatbot Messages: Last 50 messages persisted in platform-native encrypted storage for conversation continuity. System messages (welcome prompts) are not persisted. Clearing conversation removes all stored messages
• Terminal Recordings: Retained until you manually delete them or uninstall the App
• Encrypted Backups: Backup files exist wherever you saved or shared them; the App does not manage backup file lifecycle after export
• Custom Themes: Retained until you delete the theme or uninstall the App
• Connection History: Up to 10 recent entries retained; older entries automatically removed
• Health Check Cache: In-memory only, cleared when the App is closed (60-second TTL)
• Device Identifier: Retained until you uninstall the App or clear app data

Your Data Rights

Access Your Data

You can view your stored audit logs within the App's settings.

Export Your Data

Audit logs can be exported as JSON format from the App settings.

Delete Your Data

• Uninstalling the App removes all locally stored data
• You can clear specific data (saved connections, audit logs) from App settings

For EU Residents (GDPR)

You have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict processing
• Data portability
• Object to processing

To exercise these rights, use the in-app data management features or contact us at the address below.

For California Residents (CCPA/CPRA)

You have the right to:

• Know what personal information is collected
• Delete your personal information
• Opt-out of the "sale" of personal information (we do not sell data)
• Non-discrimination for exercising your rights

Third-Party Services

The App integrates with the following third-party services:

• Anthropic, PBC — AI chatbot responses are powered by Anthropic's Claude API. Requests pass through our proxy to Anthropic. See Anthropic's Privacy Policy
• Fly.io — Our proxy server infrastructure is hosted on Fly.io. The proxy does not store message content
• GitHub (Developer feature only) — When developer mode is enabled, the App checks GitHub for release updates using your provided PAT

Open Source Libraries

The App uses open-source libraries for SSH connectivity and terminal rendering. These libraries do not collect or transmit user data.

Children's Privacy

The App is not intended for children under 13 years of age. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy periodically. Changes will be noted by updating the "Last Updated" date. Continued use of the App after changes constitutes acceptance of the updated policy.

Contact Information

For privacy-related questions or concerns:

GitHub Issues: github.com/terminallm-issues/.github/issues

Data Processing Location

Most data processing occurs locally on your device. When using the AI chatbot, message data is processed through our proxy server (Fly.io, US-East region) and Anthropic's API servers.