Privacy Policy - TerminaLLM

Last Updated: July 14, 2026

Data Controller

TerminaLLM LLC, 7401 Granada Road, Denver, CO 80221, USA, is the data controller for your personal data under the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA).

Privacy contact: privacy@terminallm.app

We do not have a separately appointed Data Protection Officer or an EU Article 27 representative at this time. Users in the European Economic Area, the United Kingdom, or Switzerland may direct GDPR / UK GDPR inquiries to privacy@terminallm.app.

Overview

TerminaLLM ("the App") is a mobile SSH terminal client that enables secure remote command execution. This Privacy Policy describes how we collect, use, and protect your information.

Information We Collect

Data Stored Locally on Your Device

The App stores the following information locally on your device using platform-native encrypted storage:

Data Transmitted to External Services

Data We Do NOT Collect

Cookies and Tracking Signals

The App is a native mobile application and does not use cookies, web beacons, or browser localStorage. We do not track your activity across other apps or websites and we do not share or sell any data to advertisers. Because the App is not a web browser, we do not receive or respond to "Do Not Track" headers; native-mobile equivalents (iOS Limit Ad Tracking, Android opt-out of ad personalization) do not apply because we do not display advertising and do not use advertising identifiers.

Voice Input

The App offers optional speech-to-text input for dictating terminal commands and chatbot messages. Two speech engines are available:

TerminaLLM never permanently stores audio data. Users choose their preferred engine in Settings. Microphone access is requested only when the mic button is tapped.

How We Use Information

All data stored by the App is used solely to provide its functionality:

Data Security

Encryption at Rest

Encryption in Transit

Additional Security Measures

Managing Your Subscription

You can cancel your subscription at any time:

Cancellation takes effect at the end of your current billing period. You retain access to paid features until the period ends. No refunds are issued for partial periods. You can manage or change your plan at any time through the same settings.

Data Retention

Your Data Rights

Access Your Data

You can view your stored audit logs within the App's settings.

Export Your Data

Audit logs can be exported as JSON format from the App settings.

Delete Your Data

For EU / UK / Swiss Residents (GDPR / UK GDPR / FADP)

You have the right to:

Legal bases for processing: We process the limited personal data we receive (device identifier, IP address, FCM token, optional email correspondence, chatbot inputs you choose to send) on the bases of (a) performance of contract to deliver the App and any subscription you purchase, (b) legitimate interests in operating, securing, and debugging the App, and (c) consent, where required (e.g., for crash reporting where you have not opted out).

To exercise your rights, email privacy@terminallm.app. We will acknowledge your request within 30 days and, in most cases, complete it within that window. We may need to verify your identity (typically by responding from the email you used to contact us, or by confirming the device identifier from within the App). There is no charge for the first request in any 12-month period; manifestly unfounded or repetitive requests may incur a reasonable fee or be refused as permitted by Art. 12(5) GDPR.

For California Residents (CCPA/CPRA)

You have the right to:

To exercise California rights, email privacy@terminallm.app with the subject "California Privacy Request." We do not currently use a "Do Not Sell or Share" link because we do not sell or share personal information; if that ever changes, we will add the link as required by §1798.135.

Authorized Agents and Minors

You may use an authorized agent to submit a request on your behalf, subject to verification under Cal. Civ. Code § 1798.140(d). For users under 16, the CCPA requires opt-in consent before any sale or sharing — we do not sell or share at all, so this is moot, but we honor the rule by default.

Third-Party Services

The App integrates with the following third-party services:

Subprocessors

We use the following subprocessors to provide the App, operate the proxy service, deliver purchases and notifications, and diagnose crashes:

Subprocessor Purpose User data processed Privacy statement
Anthropic, PBC AI chatbot and voice-to-command completions Chatbot messages and natural-language command requests you choose to send, selected context such as remote OS type and shell, and transient request metadata routed through our proxy Anthropic Privacy Policy
Google Cloud / Firebase Firestore storage and cloud authentication for the TerminaLLM proxy Device identifiers, subscription tier/state, usage counters, push token mappings, platform, token expiration timestamps, and service-account authentication metadata Google Privacy Policy and Firebase Privacy and Security
Google Cloud Run Hosting the TerminaLLM proxy in the US-East region Device identifiers, subscription tier, request timestamps, IP addresses, routes, HTTP status codes, chatbot or translation payloads while streaming, and push notification relay requests Google Privacy Policy
Firebase Cloud Messaging Push notification delivery for AI prompt alerts FCM device tokens, opaque TerminaLLM push tokens, platform, notification routing metadata, and transient notification payloads Google Privacy Policy and Firebase Privacy and Security
Firebase Crashlytics Crash reporting and diagnostics Crash reports, stack traces, device model, OS version, app version, breadcrumbs, crash timestamps, and any incidental diagnostic data captured in crash context Google Privacy Policy and Firebase Crashlytics data handling
Apple App Store iOS distribution, in-app purchases, subscriptions, purchase restoration, and refunds Apple account, purchase, subscription, refund, device, IP address, and App Store interaction data processed by Apple under its terms App Store & Privacy
Google Play Android distribution, in-app purchases, subscriptions, purchase restoration, and refunds Google account, purchase, subscription, refund, device, IP address, and Play Store interaction data processed by Google under its terms Google Privacy Policy and Google Play Terms of Service

Open Source Libraries

The App uses open-source libraries for SSH connectivity and terminal rendering. These libraries do not collect or transmit user data.

Children's Privacy

The App is not intended for children under 13 years of age (or the equivalent minimum age in the user's jurisdiction, e.g., 16 in some EU member states under GDPR). The App's store age rating is set to reflect that an SSH terminal can expose users to unrestricted command execution and arbitrary remote content.

We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, contact privacy@terminallm.app and we will delete the data and any related account state from our systems within 30 days, in accordance with the Children's Online Privacy Protection Act (COPPA, 15 U.S.C. §§ 6501–6506) and equivalent laws in other jurisdictions.

Changes to This Policy

We may update this Privacy Policy periodically. Changes will be noted by updating the "Last Updated" date. Continued use of the App after changes constitutes acceptance of the updated policy.

Contact Information

For privacy-related questions, requests, or complaints:

privacy@terminallm.app Send Email

Mailing address: TerminaLLM LLC, 7401 Granada Road, Denver, CO 80221, United States

GitHub Issues: https://github.com/terminallm-issues/.github/issues

Data Processing Location and International Transfers

Most data processing occurs locally on your device. When you use the AI chatbot, voice-to-command translation, or push notifications, limited data (your device identifier, subscription tier, message content for chatbot/translation, and FCM token for push) is processed by our proxy server (Google Cloud Run, US-East region), Anthropic's API servers, and/or Firebase Cloud Messaging (Google) — all of which are located in the United States.

For users in the European Economic Area, the United Kingdom, or Switzerland: When personal data is transferred from your jurisdiction to the United States, the transfer relies on (a) the EU-U.S. Data Privacy Framework (DPF) and the UK Extension thereto, where the U.S. recipient self-certifies under that framework (Google LLC is DPF-certified; Anthropic's certification status is published on its trust center), or (b) the European Commission's Standard Contractual Clauses (SCCs) (2021/914) and the UK International Data Transfer Addendum, where DPF certification does not apply. We have evaluated U.S. surveillance law (per Schrems II, C-311/18) and have implemented supplementary measures including end-to-end TLS, minimization (we do not transmit terminal output, credentials, or names), and short retention windows on proxy logs. To request a copy of the relevant transfer mechanism, email privacy@terminallm.app.

This privacy policy is provided for informational purposes. TerminaLLM is designed with privacy as a core principle — we collect minimal data, store credentials locally, and only transmit data to external services when required for specific features (AI chatbot).