Privacy Policy

1Information We Collect

Termique is designed with privacy as a core principle. We collect minimal information required to provide the service:

• ✓
  Account Information: When you sign in with Google OAuth, we receive your email address and basic profile information solely for authentication. We do not access your Google drive, emails, or other Google data.
• ✓
  Encrypted Credentials: Your SSH keys, server hostnames, ports, usernames, and connection metadata are end-to-end encrypted before leaving your device using your master password. We cannot decrypt or access this data.
• ✓
  Hardware Key Metadata: If you use Yubikey or Apple Secure Enclave, we store only the public key reference identifier—not the private key material itself.
• ✓
  Anonymous Analytics: We collect aggregated, anonymized usage data (e.g., connection session counts, feature usage) to improve service reliability. No personally identifiable information is included.
• ✓
  Session Logs: Connection timestamps and server identifiers are stored locally on your device only. These logs are not transmitted to our servers.

2How We Use Your Information

Your information is used solely to provide and improve the Termique service:

• ✓
  Authenticate you via Google OAuth and maintain your session
• ✓
  Sync your encrypted credential vault across your authorized devices
• ✓
  Provide zero-knowledge key derivation using your master password
• ✓
  Improve service performance, stability, and security
• ✓
  Send transactional emails (account verification, password resets, security alerts)

3Google OAuth Authentication

We use Google Sign-In for authentication only. When you authorize Termique:

• •
  We request your email address and basic profile (name, profile picture) for account identification
• •
  We do not request access to Google Drive, Gmail, Calendar, or any other Google services
• •
  OAuth tokens are stored encrypted on Cloudflare's edge network with AES-256-GCM
• •
  You can revoke Termique's Google access at any time via your Google Account settings

Google's privacy policy governs their collection of your data. We encourage you to review it.

4Zero-Knowledge Encryption

Termique implements a strict zero-knowledge architecture:

• ✓
  Master Password Derives Keys: Your encryption key is derived from your master password using Argon2id locally on your device. The derived key never leaves your device.
• ✓
  AES-256-GCM Encryption: All credentials are encrypted with AES-256-GCM with unique per-item nonces before any data leaves your device.
• ✓
  Server-Side Illiteracy: Our servers store only encrypted blobs. We have zero ability to decrypt your SSH keys, server details, or connection metadata.
• ✓
  Loss of Password = Loss of Access: If you forget your master password, we cannot recover your data. We strongly recommend using a password manager and备份 your master password securely.

5Hardware Security Keys

Termique supports hardware-backed authentication:

• ✓
  Yubikey: We support FIDO2/WebAuthn for second-factor authentication. The private key resides on your Yubikey and never touches our servers.
• ✓
  Apple Secure Enclave: On macOS/iOS, keys can be stored in the Secure Enclave—a hardware security module. Biometric (Touch ID/Face ID) unlocks the key.
• ✓
  Hardware key enrollment is optional and can be disabled at any time from account settings

6Data Storage & Security

• ✓
  Encrypted vaults are stored on Cloudflare's distributed edge network
• ✓
  All data in transit uses TLS 1.3 with certificate pinning
• ✓
  Data at rest is encrypted with AES-256-GCM on Cloudflare's storage layer
• ✓
  We maintain SOC 2 Type II compliance for our infrastructure provider

7Cookies & Tracking

We use minimal cookies:

• •
  Authentication Cookies: Session tokens stored as HTTP-only, secure cookies. Max age: 30 days.
• •
  Google OAuth Cookies: Set by Google's OAuth flow. Governed by Google's privacy policy.
• •
  Analytics Cookies: Aggregated analytics only. No personal data. Can be opted out.
• •
  No Advertising Cookies: We do not use advertising trackers.

8Data Retention & Deletion

• ✓
  Account Deletion: You can delete your account and all associated data at any time from Settings or by emailing privacy@termique.dev
• ✓
  Data Export: Before deletion, you can export your encrypted vault in a portable format
• ✓
  Deletion Timeline: All personal data is purged within 30 days of account deletion request
• ✓
  Audit Logs: Local session logs remain on your device only and are deleted when you uninstall the app

9Your Rights (GDPR/CCPA)

Depending on your jurisdiction, you may have the following rights:

• •
  Right to Access: Request a copy of your account data
• •
  Right to Rectification: Correct inaccurate account information
• •
  Right to Erasure: Delete your account and all data
• •
  Right to Data Portability: Export your encrypted vault
• •
  Right to Object: Opt out of anonymous analytics

To exercise any of these rights, contact privacy@termique.dev. We respond to all requests within 30 days.

10Children's Privacy

Termique is not intended for users under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete that information promptly.

11Third-Party Services

We utilize the following third-party services:

• •
  Google Cloud: OAuth authentication infrastructure
• •
  Cloudflare: Edge network for data storage and delivery

We do not sell, trade, or share your personal information with third parties for advertising purposes. All service providers are contractually bound to confidentiality obligations.

12Security Incident Notification

In the event of a data breach that affects your personal information, we will notify you within 72 hours of becoming aware of the incident, as required by applicable law. Notifications will be sent to the email address associated with your account.

13Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. We will notify you of significant changes via email or an in-application notice at least 30 days before they take effect. Your continued use of Termique after any modifications constitutes acceptance of the updated policy.

14Contact Us

For privacy-related questions, data subject requests, or security concerns, contact us at privacy@termique.dev. For general inquiries, visit termique.dev.