Privacy

Private by default.

Effective 2026-07-12

Termoire is private by default. The terminal has no backend and collects no data — no analytics, no tracking, no advertising, no third-party SDKs. The only features that touch a server — agent notifications and iCloud sync — are opt-in, and this page says exactly what they send.

What Termoire stores, and where

Everything Termoire saves stays on your device:

Connection details
Host names, usernames, ports, groups, notes, and per-host settings — stored in an app-private file on the device.
Known-host fingerprints
The server keys you've trusted, so Termoire can warn you if one changes — stored in an app-private file on the device, like an OpenSSH known_hosts file.
Secrets
Your SSH private keys, any passwords you choose to save, Secure-Enclave key material, an optional Tailscale token, and Mosh/ET session-resume material — stored in the iOS Keychain, encrypted by the system and protected after first unlock. A Secure-Enclave key's private half never leaves the chip, and biometry-gated items are bound to this device.
Agent inbox
The recent agent events and notifications shown in the inbox and Fleet are cached locally on the device so they're there when you open the app.
App preferences
Theme, font, scrolling, and feature toggles — stored in the app's local settings.

The terminal has no backend

Termoire only makes the network connections you initiate — to the SSH, Mosh, and Eternal Terminal servers you add. Those connections, including anything you type or receive, go directly between your device and your servers. The terminal itself has no backend: it sends nothing to us and nothing to any third party. Because you may connect to servers on your local network, iOS may ask for Local Network permission; this is used solely to reach the servers you specify.

Agent notifications (opt-in)

To tell you when a background AI coding agent needs you — and to let you approve or deny its permission prompts remotely — you can install a small hook on a host. When you do, only what your agent tool already emits leaves that host: the event name, a session id, the notification text (for example, “Claude needs your permission to run …”), and the host name you registered. No file contents, no command output, and no keystrokes are sent. That information goes to Termoire's push relay (by default at api.termoire.com), which forwards it to Apple's Push Notification service and on to your device. The relay stores only your device's push token and its host bindings (device secrets are hashed at rest) and keeps no message history — payloads are pushed and forgotten. The encrypted delivery path is end-to-end encrypted for your device, so the relay sees only ciphertext, and your approve/deny decisions are sealed end-to-end. This feature is opt-in and per host, you can remove it at any time, and you can point Termoire at your own self-hosted relay instead.

Apple Push Notification service

When agent notifications are enabled, delivery to your device uses Apple's Push Notification service (APNs), acting as a processor. Apple's handling of push traffic is governed by Apple's privacy policy.

iCloud sync (opt-in)

If you enable iCloud sync (a Termoire Pro feature), your hosts and app preferences are kept in step across your devices through Apple's CloudKit under your own Apple Account. Biometry-gated secrets stay bound to the device and are never synced. This uses your iCloud storage and is governed by Apple's privacy policy; turn it off at any time in Settings.

Tailscale import (optional)

If you import hosts from Tailscale, the tailnet API token you paste is stored in your device Keychain and sent to Tailscale's API to list your machines. It is used for nothing else, is governed by Tailscale's privacy policy, and you can remove it at any time.

Voice dictation (optional)

Dictation uses Apple's Speech framework and requires microphone and speech-recognition permission. The “Never send speech to Apple” setting forces recognition to run entirely on-device; where that isn't possible for your language or device, Termoire tells you rather than falling back silently.

Subscriptions & payments

Termoire Pro is sold through the Apple App Store. Apple handles the entire purchase and any billing; we never see or store your payment details. Termoire receives only Apple's entitlement status through StoreKit — whether an active subscription or lifetime purchase exists — which is used solely to unlock Pro features.

No analytics or tracking

There are no analytics, no tracking, no advertising, and no third-party data SDKs in the app. We do not build profiles of you and we do not sell data — we have nothing to sell.

Children's privacy

Termoire is a developer tool and is not directed at children. It collects no personal information from anyone, including children.

Your control

You can delete any saved host, key, password, or known-host entry inside the app at any time; remove the agent hooks from a host (Termoire uninstalls them, or you can do it by hand — see the Guides); and turn off iCloud sync and agent notifications whenever you like. Deleting the app removes all of its locally stored data, including Keychain items it created.

Changes

If this policy changes, we will update this page and its effective date.

Contact

Questions about privacy? Email [email protected]. For anything else, see Support.