Privacy Policy

1. Overview

Shellular ("we", "our", "us") is a remote development tool that connects your mobile device directly to your own machine. We are committed to your privacy. This policy explains what data we collect (very little), how it is used, and your rights.

Short version: We do not collect, store, or sell any personal information. No sign-up is required to use Shellular.

2. Information We Do Not Collect

We do not collect:

• Your name, email address, or any other personally identifiable information (PII).
• Account credentials — Shellular has no account or sign-up system.
• The contents of your filesystem, terminal sessions, or AI prompts.
• Precise device location, contacts, photos, or any other sensitive device data.

3. Information That May Be Processed Transiently

When you use Shellular, traffic between the Shellular mobile app and the CLI on your machine is relayed through our servers at api.shellular.dev. This relay operates as a pass-through only:

• All relay traffic is end-to-end encrypted using libsodium. The relay server cannot read the content of any message.
• The pairing key is exchanged out-of-band via a QR code displayed in your terminal and scanned by the app — the server never sees your pairing key.
• We may retain standard server logs (IP addresses, timestamps, byte counts) for up to 30 days solely for abuse prevention and infrastructure monitoring. These logs are not shared with third parties.

4. Local Data & Device Permissions

The Shellular CLI runs on your own machine and accesses only the directory you explicitly specify with the --dir flag (defaulting to your home directory). Path-traversal outside that root is rejected. The CLI connects outbound only — it opens no listening ports on your machine.

The Shellular mobile app stores your pairing key and session state locally on your device using the platform's secure storage. This data never leaves your device except as part of the encrypted relay traffic described above.

5. Analytics & Crash Reporting

We do not use third-party analytics SDKs or advertising networks. We may collect anonymous, aggregated crash reports (stack traces without any user-identifying information) to improve stability. You may opt out of crash reporting in the app settings.

6. Third-Party Services

Shellular can optionally route AI prompts to third-party services such as OpenCode, Anthropic Claude, GitHub Copilot, or OpenAI Codex depending on what is installed on your machine. These requests originate from the CLI on your machine and are governed by the respective provider's privacy policies. Shellular does not proxy or log these prompts.

7. Children's Privacy

Shellular is a developer tool not directed at children under 13 (or the applicable local age threshold). We do not knowingly collect data from children. If you believe a child has provided personal data to us, please contact us and we will delete it promptly.

8. Data Security

We use industry-standard measures to protect our relay infrastructure. Because all relay traffic is end-to-end encrypted, even a full compromise of the relay server would not expose your terminal sessions, files, or AI conversations.

9. Changes to This Policy

We may update this policy from time to time. The effective date at the top of this page will be updated accordingly. Continued use of Shellular after a change constitutes acceptance of the revised policy.

10. Contact Us

Questions or concerns about this policy? Reach us at team@shellular.dev.