Privacy Policy
1. Scope
This Privacy Policy explains how Terminal Chat (the "Service") and the optional Terminal Chat Browser Control extension collect, use, store, and share information when you create an account, send messages, upload files, run code in the sandbox, automate browser tasks, connect third-party accounts, or use any other product feature.
2. Information You Provide
Account: when you sign in with Google, we receive your name, email address, profile image, and a verified-email signal from Google. Chats and content: messages you send, files you upload, slides and documents you generate, custom skills you create, memories you ask the assistant to save, and templates you build. Payments: if you subscribe, Stripe processes your payment and returns a customer ID and subscription status to us; we never see or store your full card number. Connector accounts: if you link Google or Microsoft accounts (for connectors such as Drive, Gmail, or Calendar), we receive OAuth access and refresh tokens for the scopes you approve.
3. Information Collected Automatically
Sessions: we store your session token, IP address, and user-agent string to keep you signed in and to detect abuse. Usage: per-request logs of which model was used, token counts, and computed cost are stored to enforce plan limits and produce billing summaries. Sandbox: each chat is paired with an isolated Docker container; files you create inside the sandbox live in that container until it is destroyed. Cookies: a session cookie from our authentication system, and a JWT cookie used for guest accounts.
4. How We Use Information
To operate the Service (authenticate you, render chats, run code, generate slides and documents, deliver streamed AI responses), to enforce subscription limits, to provide persistent memory and context across sessions, to improve reliability and debug issues, to prevent abuse, and to communicate service-related notices. We do not sell personal information and we do not use your chat content to train foundation models.
5. AI Model Providers
Messages sent to the assistant are routed to third-party AI providers to generate a response. Depending on the model you select, your prompts and any attached content may be processed by Vercel AI Gateway, OpenAI, Anthropic, Google, Mistral, DeepSeek, OpenRouter, OpenCode.ai, or other model providers listed in the model picker. These providers process the content under their own terms and privacy policies. Switching models routes future requests to a different provider.
6. Tools and Integrations
Web search and extraction: when you ask the assistant to search or read a web page, queries are sent to a SearXNG instance and a content scraper that we operate. File storage: uploads, downloads, and skill files are stored in S3-compatible object storage; download links auto-expire and the underlying files are removed within one day by lifecycle rules. Connectors: when you grant access to Google or Microsoft, we store your OAuth tokens encrypted with AES-256-GCM and use them only to perform actions you request inside chat. Browser Control extension: when enabled, the extension can read the current page structure and perform navigation, clicks, scrolling, and form filling on the active tab in response to your chat instructions; it does not record your browsing history in the background.
7. Sharing
We share information with infrastructure and processing providers strictly to operate the Service: hosting and database providers, the AI providers listed above, Stripe (payments), Google (sign-in and connectors), and Microsoft (connectors). If you publish a chat using the share link feature, the chat contents become accessible to anyone with that link until you delete it. We may disclose information when required by law or to protect rights, safety, and integrity of the Service.
8. Data Retention
Account data is retained while your account is active. Chats, messages, generated artifacts, and memories are retained until you delete them or delete your account. Usage logs are retained for billing and abuse-prevention purposes. Sandbox containers stop after roughly two minutes of inactivity, are deleted after fifteen minutes of inactivity, and are forced-deleted after one hour. Generated download files in object storage are removed within approximately one day. Sessions are removed when they expire or you sign out.
9. Your Choices and Controls
You can delete individual chats, individual saved memories, individual templates, and individual workflows from your account. You can disconnect any linked connector at any time, which deletes the stored OAuth tokens. You can disable the Browser Control extension at any time, and you control which actions you authorize. You can cancel your subscription from the profile page. You can request deletion of your account by contacting us.
10. Security
Data is transmitted over HTTPS. Connector OAuth tokens are encrypted at rest using AES-256-GCM. Sessions are scoped to your account and bound to a token stored as a secure cookie. Sandbox execution runs in isolated Docker containers per chat. No system can be guaranteed perfectly secure; you are responsible for safeguarding your account credentials.
11. Children
Terminal Chat is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, please contact us so we can delete it.
12. Changes to This Policy
We may update this policy from time to time. The "Effective date" above reflects when the current version took effect. Continued use of the Service after a change constitutes acceptance of the updated policy.
13. Contact
Questions, requests, or complaints about privacy can be sent to atheergunner@gmail.com.