Privacy policy.
Last Updated: June 2, 2026 • Effective Date: June 2, 2026
SysNav provides an AI-powered terminal assistant for system administrators and DevOps engineers. This Privacy Policy describes how we collect, use, and protect your information when you use SysNav's software, platform, and services.
Our Commitment: SysNav runs your SSH and terminal sessions locally — your SSH credentials and private keys never leave your device. When you use AI features, SysNav uses a cloud-first design: your prompt, terminal context, recent conversation, and the output of commands the agent runs (after you approve them) are sent to SysNav's cloud service and then to our AI providers to generate a response. We transmit only what the assistant needs to help you, and never your SSH credentials, private keys, or secrets.
1. Information We Collect
1.1 Information You Provide
When you create an account or use SysNav, you may provide:
- • Account Information: Email address, name, company name (optional)
- • Authentication: Password (bcrypt hashed) or OAuth tokens from Google/GitHub
- • Billing Information: Payment details processed securely through Stripe (we never see your full credit card number)
- • Support Requests: If you contact us for help, we collect your email and any information you provide
1.2 Information Stored Locally on Your Device
SysNav stores the following data locally on your computer in an encrypted SQLite database. Your SSH credentials, private keys, and application preferences never leave your device. Your terminal and AI history is stored locally and, when you actively use AI features, the relevant recent portions are sent to our cloud service to answer you (see §1.3):
- • Terminal Command History: Last 50+ commands per terminal session
- • AI Conversation History: Your prompts to the AI assistant and its responses
- • Terminal Context Snapshots: Current working directory, OS type, shell type, recent command names
- • SSH Connection Configurations: Encrypted credentials for saved SSH connections
- • Application Preferences: UI settings, color schemes, keybindings
You control this data: Clear conversation history, delete SSH configurations, and reset preferences anytime. Uninstalling SysNav removes all local data from your device.
1.3 Information Sent to SysNav's Cloud Service and AI Providers
SysNav uses a cloud-first architecture. When you use the AI assistant, your request is sent to SysNav's cloud service, which calls our AI providers (Anthropic Claude, OpenAI GPT) and streams the response back to your device. The following is transmitted:
What is Sent
- ✓ Your natural language prompt
- ✓ Recent conversation history
- ✓ Current working directory path
- ✓ OS type and version
- ✓ Shell type (bash, zsh, etc.)
- ✓ Recent command names (~5 commands)
- ✓ Output of commands the agent runs (after you approve them)
- ✓ Error messages you include
What is NOT Sent
- ✗ SSH credentials or private keys
- ✗ Environment variables or secrets
- ✗ File contents you don't reference
- ✗ Output of commands you run yourself (only agent-run, approved commands)
- ✗ Your complete local command history
Example: What Gets Transmitted
{
"prompt": "Why did my last command fail?",
"context": {
"cwd": "/var/www/html",
"os": "ubuntu-22.04",
"shell": "bash",
"recent_commands": ["cd /var/www/html", "nginx -t", "systemctl restart nginx"],
"last_error": "Job for nginx.service failed."
}
}AI Provider Data Retention
Anthropic (Claude) and OpenAI (GPT-4) use zero-retention API tiers:
- • Prompts processed for abuse detection only
- • Deleted within 30 days maximum
- • Never used for model training
- • SOC 2 Type II, GDPR, CCPA compliant
SysNav Cloud Service & Audit Log
For security and accountability, SysNav's cloud service records metadata about commands the agent proposes and you approve — the command text, your account ID, the target terminal, and a timestamp — in an audit log. This log is used to investigate abuse and support requests.
- • It does not contain file contents, SSH credentials, or full command output
- • Retained only as long as needed for security review and abuse investigation; we are rolling out automated retention limits (target: 90 days)
- • Never sold, and never used for model training
1.4 Technical Information
We automatically collect certain technical information:
- • Device Information: OS type and version, hardware specifications
- • Network Information: IP address (for authentication and fraud prevention)
- • Usage Metadata: Login timestamps, feature usage patterns (aggregated, no terminal data)
- • Error Logs: Opt-in crash reporting (no terminal commands included)
1.5 Cookies and Tracking
- • Session Cookies: Required for authentication (HTTP-only, secure)
- • Preference Cookies: Remember your settings
- • Analytics: Privacy-respecting analytics to understand page visits. No cross-site tracking or advertising cookies.
2. How We Use Your Information
AI Assistant Features
Generate intelligent responses using Anthropic/OpenAI APIs
Account Management
Create and maintain your account, manage subscriptions
Security & Fraud Prevention
Verify identity, detect unauthorized access and abuse
Product Improvement
Analyze aggregated usage patterns (no individual terminal data)
We Do NOT:
- ❌ Use terminal commands or output for model training or analytics
- ❌ Sell your data to third parties or data brokers
- ❌ Use SSH credentials or connection details for any purpose
- ❌ Share your AI conversations with anyone beyond the AI providers needed to answer you (never sold, never used for training)
3. How We Share Your Information
3.1 AI Service Providers
| Provider | Data Shared | Retention |
|---|---|---|
| Anthropic (Claude) | Prompt, context, conversation, approved command output | Zero-retention tier — 30 days max (abuse detection) |
| OpenAI (GPT) | Prompt, context, conversation, approved command output | Zero-retention tier — 30 days max (abuse detection) |
3.2 Service Providers and Infrastructure
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | User database | Email, name, subscription status |
| Stripe | Payments | Billing information (PCI-compliant) |
| Vercel | Website hosting | Standard web server logs |
| Google/GitHub | OAuth authentication | Email, profile name |
All service providers are SOC 2 Type II certified and comply with GDPR and CCPA.
We may also disclose information if required by law (subpoena, court order) or in connection with a business transfer (acquisition or merger). We will notify you before your information becomes subject to a different privacy policy.
4. Your Rights and Choices
Access
Request a copy of your personal data
Correction
Update inaccurate information
Deletion
Delete your account within 30 days
Portability
Export data in machine-readable format
To exercise these rights, email us at privacy@sysnav.ai or use account settings in the application.
Control Local Data
- • Clear Conversation History: Delete all AI conversations from Settings
- • Remove SSH Configurations: Delete saved connections anytime
- • Disable AI Assistant: Turn off AI features entirely (works offline)
- • Uninstall: Completely removes all local data from your device
California (CCPA) & European (GDPR) Rights
California residents: Right to know, delete, and opt-out. We don't sell personal information.
EU/EEA residents: Right to restriction, objection, lodge complaint, and contact our DPO at dpo@sysnav.ai
5. Data Retention
| Data Type | Retention | Reason |
|---|---|---|
| Local data (device) | Until you delete or uninstall | User control |
| Account data | While active / 30 days after deletion | Service provision |
| AI provider data | 30 days max (abuse detection) | Security |
| Billing records | 7 years | Legal compliance |
6. Data Security
We implement industry-standard security measures:
- • Encryption: TLS 1.3 in transit, AES-256 at rest
- • SSH Credentials: Stored in OS-native secure storage (Keychain, Credential Manager)
- • Authentication: bcrypt password hashing, OAuth 2.0, HTTP-only cookies
- • Infrastructure: SOC 2 Type II certified partners (Supabase, Vercel, Stripe)
While we implement robust security, no method is 100% secure. See our Security Page for details.
7. Beta Software Notice
SysNav is currently in beta. This means:
- • Experimental Features: AI assistance and terminal management are actively being improved
- • Rapid Changes: Features and data practices may evolve (we'll update this policy)
- • Not Production-Ready: Use proper backups for critical environments
8. International Data Transfers
Your information may be processed in the United States where our infrastructure partners operate. We use Standard Contractual Clauses (SCCs) for GDPR-compliant transfers. Enterprise customers can request EU-only data storage.
9. Children's Privacy
SysNav is not intended for users under 18. If you believe we've collected information from a child, contact privacy@sysnav.ai and we'll delete it promptly.
10. Changes to This Policy
We may update this policy as we add features. Material changes will be communicated via email, prominent website notice, or in-app notification. Your continued use constitutes acceptance.
11. Contact Us
Questions about this Privacy Policy or how we handle your data?
Email: privacy@sysnav.ai
Security Issues: security@sysnav.ai
GDPR/EU Users: dpo@sysnav.ai
Website: sysnav.ai