Privacy Policy

Last updated: January 23, 2026

Overview

ShellMinder.ai ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our service.

Information We Collect

Account Information

  • OAuth Data: Email address, name, and profile picture from your OAuth provider (Google, GitHub, or Discord)
  • Profile Data: Display name, timezone, and notification preferences

SSH Credentials

  • SSH Keys: Private keys stored with 0600 permissions in isolated directories per user
  • Passwords: Encrypted using Fernet (symmetric encryption) before storage
  • Host Information: Hostname, port, username for SSH connections

Session Data

  • Session Metadata: Session names, creation times, status
  • Terminal Output: Recent terminal output for monitoring and pattern detection
  • Activity Logs: Session creation, connection, and termination events

Monitoring Data

  • Session Events: Crash detection, idle detection, waiting state detection
  • AI Analysis: Terminal output sent to AI providers for pattern detection (cached for cost reduction)

How We Use Your Information

  • Service Delivery: Connect you to your remote shell sessions
  • Monitoring: Detect when sessions crash, go idle, or need input
  • Notifications: Alert you via web, Discord, or email about session events
  • Authentication: Verify your identity via OAuth providers
  • Security: Isolate your sessions and credentials from other users

Data Storage and Security

  • Database: PostgreSQL with row-level security isolating user data
  • SSH Keys: Stored in filesystem with 0600 permissions (user-only access)
  • Passwords: Encrypted with Fernet before database storage
  • Session Cookies: Secure, HttpOnly, SameSite=Lax flags enabled
  • HTTPS: All production traffic encrypted via TLS 1.3

Third-Party Services

OAuth Providers

We use Google, GitHub, and Discord for authentication. Please review their privacy policies:

AI Providers

We may use AI services for session monitoring:

  • Ollama: Local AI (no data leaves our servers)
  • OpenAI: If you provide your own API key, terminal output may be sent to OpenAI's API
  • Anthropic: If you provide your own API key, terminal output may be sent to Anthropic's API

Notification Services

  • Discord Webhooks: If configured, notifications are sent to your Discord server
  • Email: Future feature - email notifications if enabled

Your Rights

  • Access: View all your stored data via the Profile and Settings pages
  • Modify: Update your profile, notification preferences, and AI settings
  • Delete: Delete individual hosts, sessions, or your entire account
  • Export: Request a copy of your data by contacting support

Data Retention

  • Active Sessions: Retained until you delete them
  • Terminated Sessions: Metadata retained for 30 days, then deleted
  • Credentials: Deleted immediately when you remove a host
  • Monitoring Events: Retained for 90 days
  • Account Data: Retained until you delete your account

Data Sharing

We do not sell or share your data with third parties except:

  • When required by law (e.g., valid legal process)
  • To protect our rights or safety
  • With your explicit consent

Cookies

We use cookies for:

  • Session Management: Maintain your logged-in state
  • Preferences: Remember your view preferences (table vs card)

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice on the service.

Contact Us

If you have questions about this Privacy Policy, please contact us at: privacy@shellminder.ai

Security Note: Your SSH credentials are isolated per-user and encrypted. We cannot access your private keys or decrypted passwords.