# Privacy Policy — SSHED

> How SSHED, a GTAI project, handles your data — what we collect, why, where it lives, and your rights.

- **HTML version**: https://sshed.net/privacy/
- **Last updated**: 2026-06-20
- **Effective**: 2026-06-20

This is the markdown twin of the privacy policy. The HTML version is the authoritative legal copy; this version exists for machine consumption (LLMs, archives, accessibility).

---

## Contents

1. Who we are
2. Scope of this policy
3. Information we collect
4. What we do *not* collect
5. How we use information
6. Legal bases (GDPR)
7. Subprocessors
8. Data retention
9. International transfers
10. Your rights
11. Cookies & analytics
12. Security
13. Children
14. Changes to this policy
15. Contact us

---

## 1. Who we are

SSHED is a service operated by **GTAI**, a company registered in the United Arab Emirates (National Bank of Abu Dhabi, Abu Dhabi). In this policy, "SSHED", "we", "us" and "our" refer to GTAI in its capacity as the operator of SSHED. For data protection purposes, GTAI is the **controller** of personal data processed in connection with SSHED.

If you are in the European Economic Area (EEA), the United Kingdom, or another jurisdiction whose data protection law applies to our processing of your personal data, this policy is intended to meet our obligations to you under that law (including the EU/UK General Data Protection Regulation).

## 2. Scope of this policy

This policy applies to:

- The SSHED marketing website at `sshed.net`
- The SSHED application at `app.sshed.net`
- Any related APIs, documentation, support channels, and email communications

It does **not** apply to third-party websites or services we link to, or to the servers you operate and connect to SSHED. Those servers are under your control; what runs on them, and the data they hold, is your responsibility.

## 3. Information we collect

### 3.1 Account information
When you sign up, we collect your email address and display name from your identity provider (Auth0). We do **not** receive or store your password — authentication is handled entirely by Auth0.

### 3.2 Billing information
If you subscribe to a paid plan, billing is processed by **Stripe**. We receive a customer ID, subscription status, plan tier, and invoice metadata from Stripe — we never see or store your card details. Stripe's own privacy policy governs how they handle that information.

### 3.3 Server and mesh metadata
When you link a Tailscale or Headscale account, SSHED reads the hostnames, IP addresses, and online status of the nodes on your tailnet so we can display them in your dashboard. This metadata is stored in our database to power features like saved connections and the audit log.

### 3.4 SSH keys
When you generate an SSH keypair in SSHED, we store the private key **encrypted at rest** using a per-deployment encryption key managed via Docker Swarm secrets. The plaintext key never leaves the server it is generated on, except as a *public* key installed to your server's `authorized_keys` file. You may also choose to bring your own keys; in that case, the same at-rest encryption applies.

### 3.5 Usage telemetry
We use **PostHog** (hosted in the EU) to understand how SSHED is used — which features get opened, where the funnel breaks, which errors users hit. PostHog events are associated with your account ID and email so we can support you when you contact us. You can opt out of analytics in your account settings; we will then send PostHog only what is necessary to deliver the service.

### 3.6 Audit log
SSHED keeps an audit log of session events (who connected to which server, when, from where) and key events (generated, installed, rotated, deleted). Retention is 30 days on Free and Pro plans, and custom on Enterprise. Audit logs are visible only to you (and, on Enterprise, to your team admins).

### 3.7 Support communications
If you email us at `privacy@sshed.net`, `abuse@sshed.net`, or any other SSHED address, we retain the message and any context you provide so we can respond and improve the service.

## 4. What we do *not* collect

- **Terminal session contents.** We do not log keystrokes, command output, file contents, or anything you type or read inside a terminal session. Sessions are end-to-end encrypted between your browser and your server; we only record metadata for the audit log.
- **Payment card details.** Stripe handles cards. We never see card numbers, CVCs, or full bank details.
- **Files on your servers.** SSHED does not index, mirror, or back up the contents of your servers' filesystems.
- **Sensitive categories.** We do not knowingly process special categories of personal data (e.g. health, biometric, political views) and ask that you not enter such data into SSHED.

## 5. How we use information

- To provide the SSHED service: showing your servers, serving terminals, managing keys, billing your subscription.
- To secure the service: detect abuse, enforce rate limits, investigate incidents.
- To improve the service: aggregate, anonymized analytics on feature usage and error rates.
- To communicate with you: account, billing, security, and (only with consent) marketing emails.
- To comply with law: respond to lawful requests and meet our legal obligations.

## 6. Legal bases (GDPR)

For users protected by EU/UK data protection law, our legal bases are:

- **Contract** (Art. 6(1)(b)) — to provide the service you signed up for.
- **Legitimate interests** (Art. 6(1)(f)) — to secure the service, prevent abuse, and improve reliability. Balanced against your rights.
- **Consent** (Art. 6(1)(a)) — for non-essential analytics and marketing emails. Withdrawable at any time.
- **Legal obligation** (Art. 6(1)(c)) — tax, accounting, and lawful disclosure.

## 7. Subprocessors

We rely on a small set of subprocessors to deliver SSHED:

- **Auth0** (Okta, Inc.) — identity and authentication. Data: email, display name, login events.
- **Stripe, Inc.** — payments and subscription billing.
- **Cloudflare, Inc.** — CDN, DNS, WAF, Pages hosting, Tunnel, Access. Data: request metadata.
- **Akamai Technologies / Linode** — application hosting and managed Postgres, in Frankfurt, Germany.
- **PostHog, Inc.** (EU instance) — product analytics.
- **Resend, Inc.** — transactional email delivery.

We will update this list when subprocessors change. Material additions are announced at least 14 days in advance for users on annual Pro plans and on Enterprise.

## 8. Data retention

- **Account data** — kept while your account is active and for 30 days after deletion (grace period). Purged from primary systems within 30 days, from backups within 90 days.
- **Audit logs** — 30 days on Free and Pro; custom on Enterprise.
- **SSH keys** — retained until you delete them or your account is purged; encrypted at rest at all times.
- **Billing records** — retained for the period required by applicable tax law (typically 7 years).
- **Support communications** — kept for 24 months unless you ask us to delete sooner.

## 9. International transfers

GTAI is established in the UAE. Our application infrastructure runs in **Frankfurt, Germany** (Akamai/Linode). Some subprocessors (notably Auth0 and Stripe) may process limited data in the United States or other jurisdictions.

Where your data is transferred outside the EEA or UK to a country without an adequacy decision, we rely on appropriate safeguards — typically the **European Commission's Standard Contractual Clauses (2021/914)** with the relevant subprocessor, supplemented by technical measures (encryption in transit and at rest). You can request a copy of the safeguards in place for a specific transfer by emailing `privacy@sshed.net`.

## 10. Your rights

Depending on where you live, you may have the right to:

- **Access** — request a copy of the personal data we hold about you.
- **Rectification** — correct inaccurate or incomplete data.
- **Erasure** — delete your data ("right to be forgotten"), subject to overriding obligations.
- **Restriction** — pause processing while a concern is investigated.
- **Portability** — receive your data in machine-readable form, or have us transmit it.
- **Objection** — object to processing based on legitimate interests, including direct marketing.
- **Withdraw consent** — where processing relies on consent.
- **Lodge a complaint** — with your local data protection authority (EEA: national DPA; UK: ICO).

To exercise any of these rights, email `privacy@sshed.net`. We will respond within 30 days, extendable by up to 60 for complex requests (notified within the initial period).

## 11. Cookies & analytics

SSHED uses cookies and similar technologies for a small set of purposes:

- **Authentication** — session cookies set by Auth0 to keep you signed in. Essential.
- **Preferences** — local storage for theme choice, layout, saved connections. Essential.
- **Analytics** — PostHog cookies recording feature usage. Non-essential. Opt-out available in account settings.
- **Anti-abuse** — Cloudflare's bot protection sets short-lived cookies. Essential.

We do not use third-party advertising cookies or sell data to advertisers.

## 12. Security

Engineering measures appropriate to the sensitivity of the data we hold:

- TLS 1.2+ for all data in transit (HSTS enforced).
- Fernet-encrypted SSH private keys at rest, with the encryption key held only in Docker Swarm secrets — never written to disk in plaintext.
- Per-deployment secrets and least-privilege internal networking (Docker Swarm overlay with attachable scoping).
- Identity managed entirely by Auth0 with JWKS-verified tokens; we never see or store passwords.
- Daily managed Postgres backups; documented quarterly restore drills.
- Audit log of every privileged event.

If you believe you have found a vulnerability, please report it to `security@sshed.net` — we operate a good-faith disclosure policy and will not pursue legal action against researchers who report responsibly.

## 13. Children

SSHED is a tool for software professionals. It is not directed at children under 16. If you believe a child has provided us with personal data, contact `privacy@sshed.net` and we will delete it.

## 14. Changes to this policy

We may update this policy. Material changes are notified to registered users by email at least 14 days before they take effect, and the "Last updated" date at the top is revised. Continued use of SSHED after the effective date constitutes acceptance.

## 15. Contact us

- Privacy & data requests: `privacy@sshed.net`
- Abuse reports: `abuse@sshed.net`
- Security disclosures: `security@sshed.net`
- Postal: GTAI, National Bank of Abu Dhabi, Abu Dhabi, United Arab Emirates

---

*This document is a plain-language summary of how we handle data. It is not a substitute for legal advice.*