Skip to main content
TerminalSync
ESEN
TerminalSyncBack to home

Privacy Policy

This policy describes what data we collect, why, how we protect it, and how you can exercise your rights over it.

Last updated: May 4, 2026

1. Who we are

TerminalSync is a desktop application that syncs the state of your terminals, AI configuration files, and secrets across your computers through the storage provider of your choice (Google Drive, iCloud, Dropbox).

Operated by TerminalSync. Legal contact: legal@terminalsync.ai.

2. Data we collect

We collect only the minimum data necessary to operate the service:

  • User account: email, full name (if provided), avatar (if provided via Google or Apple OAuth), time zone. Hosted on Supabase.
  • Subscription data: billing status, plan, last 4 digits of payment method. Processed by Stripe.
  • Minimal operational logs: sign-in timestamps, sign-in IP (anonymized after 30 days), non-fatal errors (Vercel Speed Insights / Vercel Analytics).
  • Affiliate data: if you arrived via an affiliate link, a Rewardful cookie records the referrer.

3. Data we DO NOT collect

The encrypted content of your terminals, files, secrets, or AI conversations NEVER touches our servers. All that content is encrypted locally on your Mac with AES-256-GCM (zero-knowledge) before being uploaded to the cloud provider you choose. The encryption keys live in your Mac's OS keychain and never leave it.

This means that even if we wanted to, we couldn't read your files or your conversations with Claude/Codex.

4. What we use your data for

  • Authenticating you and keeping your session active.
  • Processing payments and issuing invoices (via Stripe).
  • Notifying you about product updates and security alerts.
  • Improving site performance (aggregated Speed Insights data, not individual user tracking).

5. Who we share your data with

We share data with the following providers strictly to operate the service:

  • Supabase: account database hosting (EU/US).
  • Stripe: payment processing (US).
  • Vercel: website + API hosting (global Edge Network).
  • Resend: transactional email delivery (US).
  • Rewardful: affiliate tracking (first-party cookie).

We don't sell your data. We never have. We never will.

6. Your rights

Under GDPR (EU), CCPA (California), and equivalent laws, you have the right to:

  • Access: request a copy of your personal data.
  • Rectification: correct inaccurate data.
  • Erasure: ask us to delete your account and associated data.
  • Portability: export your data in JSON format.
  • Objection: opt out of marketing emails at any time.

To exercise any of these rights, email privacy@terminalsync.ai. We respond within 30 calendar days.

7. Retention

We keep your account data while your account is active. If you cancel, we delete your personal data within 90 days, except for data we are legally required to retain (tax records: 7 years).

8. Cookies

We use cookies strictly necessary for authentication and preferences (language, theme). If you arrived via an affiliate link, a Rewardful cookie records the referrer for 60 days. We don't use ad cookies or cross-site tracking.

9. Changes to this policy

If we materially modify this policy, we notify you by email at least 30 days before the change takes effect. For minor changes (typographical corrections, clarifications), we update the "last updated" date above.

10. Contact

Questions, concerns, or requests? Email privacy@terminalsync.ai.