Privacy policy.
Last Updated: December 2, 2025 • Effective Date: December 2, 2025
SysNav provides an AI-powered terminal assistant for system administrators and DevOps engineers. This Privacy Policy describes how we collect, use, and protect your information when you use SysNav's software, platform, and services.
Our Commitment: SysNav uses a local-first architecture. Your terminal commands, SSH credentials, and sensitive system data stay on your device. We only transmit minimal context to AI providers when you explicitly use AI features.
1. Information We Collect
1.1 Information You Provide
When you create an account or use SysNav, you may provide:
- • Account Information: Email address, name, company name (optional)
- • Authentication: Password (bcrypt hashed) or OAuth tokens from Google/GitHub
- • Billing Information: Payment details processed securely through Stripe (we never see your full credit card number)
- • Support Requests: If you contact us for help, we collect your email and any information you provide
1.2 Information Stored Locally on Your Device
SysNav stores the following data locally on your computer in an encrypted SQLite database. This data is NOT automatically transmitted to our servers or third parties:
- • Terminal Command History: Last 50+ commands per terminal session
- • AI Conversation History: Your prompts to the AI assistant and its responses
- • Terminal Context Snapshots: Current working directory, OS type, shell type, recent command names
- • SSH Connection Configurations: Encrypted credentials for saved SSH connections
- • Application Preferences: UI settings, color schemes, keybindings
You control this data: Clear conversation history, delete SSH configurations, and reset preferences anytime. Uninstalling SysNav removes all local data from your device.
1.3 Information Sent to AI Providers
When you use SysNav's AI assistant, we send minimal context to third-party AI providers (Anthropic Claude, OpenAI GPT-4) to generate intelligent responses:
What is Sent
- ✓ Your natural language prompt
- ✓ Current working directory path
- ✓ OS type and version
- ✓ Shell type (bash, zsh, etc.)
- ✓ Recent command names (~5 commands)
- ✓ Error messages you include
What is NOT Sent
- ✗ Full terminal command output
- ✗ SSH credentials or private keys
- ✗ Environment variables or secrets
- ✗ File contents from your system
- ✗ Complete command history
Example: What Gets Transmitted
{
"prompt": "Why did my last command fail?",
"context": {
"cwd": "/var/www/html",
"os": "ubuntu-22.04",
"shell": "bash",
"recent_commands": ["cd /var/www/html", "nginx -t", "systemctl restart nginx"],
"last_error": "Job for nginx.service failed."
}
}AI Provider Data Retention
Anthropic (Claude) and OpenAI (GPT-4) use zero-retention API tiers:
- • Prompts processed for abuse detection only
- • Deleted within 30 days maximum
- • Never used for model training
- • SOC 2 Type II, GDPR, CCPA compliant
1.4 Technical Information
We automatically collect certain technical information:
- • Device Information: OS type and version, hardware specifications
- • Network Information: IP address (for authentication and fraud prevention)
- • Usage Metadata: Login timestamps, feature usage patterns (aggregated, no terminal data)
- • Error Logs: Opt-in crash reporting (no terminal commands included)
1.5 Cookies and Tracking
- • Session Cookies: Required for authentication (HTTP-only, secure)
- • Preference Cookies: Remember your settings
- • Analytics: Privacy-respecting analytics to understand page visits. No cross-site tracking or advertising cookies.
2. How We Use Your Information
AI Assistant Features
Generate intelligent responses using Anthropic/OpenAI APIs
Account Management
Create and maintain your account, manage subscriptions
Security & Fraud Prevention
Verify identity, detect unauthorized access and abuse
Product Improvement
Analyze aggregated usage patterns (no individual terminal data)
We Do NOT:
- ❌ Use terminal commands or output for model training or analytics
- ❌ Sell your data to third parties or data brokers
- ❌ Use SSH credentials or connection details for any purpose
- ❌ Share AI conversation history with anyone (stays on your device)
3. How We Share Your Information
3.1 AI Service Providers
| Provider | Data Shared | Retention |
|---|---|---|
| Anthropic (Claude) | Prompts + minimal context | 30 days max (abuse detection) |
| OpenAI (GPT-4) | Prompts + minimal context | 30 days max (abuse detection) |
3.2 Service Providers and Infrastructure
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | User database | Email, name, subscription status |
| Stripe | Payments | Billing information (PCI-compliant) |
| Vercel | Website hosting | Standard web server logs |
| Google/GitHub | OAuth authentication | Email, profile name |
All service providers are SOC 2 Type II certified and comply with GDPR and CCPA.
We may also disclose information if required by law (subpoena, court order) or in connection with a business transfer (acquisition or merger). We will notify you before your information becomes subject to a different privacy policy.
4. Your Rights and Choices
Access
Request a copy of your personal data
Correction
Update inaccurate information
Deletion
Delete your account within 30 days
Portability
Export data in machine-readable format
To exercise these rights, email us at privacy@sysnav.ai or use account settings in the application.
Control Local Data
- • Clear Conversation History: Delete all AI conversations from Settings
- • Remove SSH Configurations: Delete saved connections anytime
- • Disable AI Assistant: Turn off AI features entirely (works offline)
- • Uninstall: Completely removes all local data from your device
California (CCPA) & European (GDPR) Rights
California residents: Right to know, delete, and opt-out. We don't sell personal information.
EU/EEA residents: Right to restriction, objection, lodge complaint, and contact our DPO at dpo@sysnav.ai
5. Data Retention
| Data Type | Retention | Reason |
|---|---|---|
| Local data (device) | Until you delete or uninstall | User control |
| Account data | While active / 30 days after deletion | Service provision |
| AI provider data | 30 days max (abuse detection) | Security |
| Billing records | 7 years | Legal compliance |
6. Data Security
We implement industry-standard security measures:
- • Encryption: TLS 1.3 in transit, AES-256 at rest
- • SSH Credentials: Stored in OS-native secure storage (Keychain, Credential Manager)
- • Authentication: bcrypt password hashing, OAuth 2.0, HTTP-only cookies
- • Infrastructure: SOC 2 Type II certified partners (Supabase, Vercel, Stripe)
While we implement robust security, no method is 100% secure. See our Security Page for details.
7. Beta Software Notice
SysNav is currently in beta. This means:
- • Experimental Features: AI assistance and terminal management are actively being improved
- • Rapid Changes: Features and data practices may evolve (we'll update this policy)
- • Not Production-Ready: Use proper backups for critical environments
8. International Data Transfers
Your information may be processed in the United States where our infrastructure partners operate. We use Standard Contractual Clauses (SCCs) for GDPR-compliant transfers. Enterprise customers can request EU-only data storage.
9. Children's Privacy
SysNav is not intended for users under 18. If you believe we've collected information from a child, contact privacy@sysnav.ai and we'll delete it promptly.
10. Changes to This Policy
We may update this policy as we add features. Material changes will be communicated via email, prominent website notice, or in-app notification. Your continued use constitutes acceptance.
11. Contact Us
Questions about this Privacy Policy or how we handle your data?
Email: privacy@sysnav.ai
Security Issues: security@sysnav.ai
GDPR/EU Users: dpo@sysnav.ai
Website: sysnav.ai