← ShellPad

Privacy Policy

Last updated: March 2026

ShellPad ("the App") is developed and operated by ht2.io. This Privacy Policy explains what data the App collects, how it is used, and your rights regarding that data.

1. Data We Collect

Data stored on your device only:

• SSH/SFTP server connection details (hostname, port, username)
• SSH credentials (passwords and private keys) — stored in your device's secure keychain via platform-provided secure storage; not synced by default (see below)
• Known host key fingerprints for servers you've connected to
• App settings and preferences
• Saved macros and commands

Data transmitted for cross-device sync (optional):

• Connection metadata (server name, hostname, port, username) — transmitted to our sync server only when you enable cross-device sync
• SSH credentials are not synced by default. You may opt in to credential sync in Sync Settings. When enabled, credentials are encrypted end-to-end on your device before transmission and are never readable by the sync server. If credentials were previously synced, they remain on the server until account deletion.

Crash and error reporting:

• Anonymized crash reports and stack traces via Sentry, to help us identify and fix bugs
• These reports do not include connection details, credentials, or file contents

2. Data We Do Not Collect

• SSH or SFTP credentials (passwords, private keys, passphrases)
• Contents of files you view or edit through the App
• Shell command history or terminal output
• Personal identifiers beyond what you optionally provide for sync

3. How Data Is Used

• On-device data — used solely to provide the App's core functionality (connecting to your servers, editing files, running commands)
• Sync data — used solely to synchronize your connection list across your own devices
• Crash reports — used to identify, prioritize, and fix software defects

We do not sell, rent, or share your data with third parties for marketing purposes.

4. Data Retention

• On-device data — retained until you delete it or uninstall the App
• Sync data — retained until you delete the sync record or request account deletion; you can delete all sync data from App settings
• Crash reports — retained for 90 days, then automatically deleted

5. Security

SSH credentials are stored using platform-provided secure storage (Android Keystore / iOS Secure Enclave). Data in transit is encrypted using TLS 1.2 or higher. We apply the principle of least privilege: we only collect data necessary to operate the App.

6. Third-Party Services

• Sentry (privacy policy) — error and crash reporting

7. Children's Privacy

The App is not directed at children under 13. We do not knowingly collect personal information from children under 13.

8. Your Rights

You may:

• Delete all on-device data by uninstalling the App
• Delete sync data from within App settings
• Request deletion of your sync account by contacting us

9. Changes to This Policy

We may update this policy as the App evolves. Material changes will be communicated via an in-app notice. Continued use of the App after changes constitutes acceptance.

10. Contact