privacy policy

guest@shussh.io:~ $cat PRIVACY.md

┌─┐╷ ╷╷ ╷┏━┓┏━┓╻ ╻
╰─╮├─┤│ │┗━┓┗━┓┣━┫
╰─┘╵ ╵╰─┘┗━┛┗━┛╹ ╹

effective

Last updated: April 17, 2026

This Privacy Policy explains what information shussh ("we", "us") collects when you use ssh shussh.io and the shussh service (the "Service"), how we use it, and the choices you have.

1. what we collect

account data

your SSH public key (used as your identity);
your chosen username and display settings;
email address, if you provide one for recovery or billing receipts.

billing data

Payments are processed by Stripe. We do not see or store your full card number. We receive limited metadata from Stripe (last 4 digits, card brand, billing country, subscription status) to operate your account. Stripe's own privacy policy is at stripe.com/privacy.

service data

messages and room/server configuration you create on the Service;
connection metadata: IP address, SSH client version, timestamps, session duration;
operational logs needed to run, debug, and secure the Service.

2. how we use it

to operate, maintain, and improve the Service;
to authenticate you and route your messages to the right server;
to process payments and send billing receipts;
to prevent abuse, fraud, and security incidents;
to comply with legal obligations.

3. what we don't do

we don't sell your personal data;
we don't run advertising or ad-tracking on the Service;
we don't read private server contents except as strictly necessary to operate the Service or to comply with law.

4. sharing

We share data only with:

Stripe — payment processing;
infrastructure providers (e.g. our hosting provider) — to run the Service;
law enforcement — when required by valid legal process.

5. retention

We keep account data while your account is active. When you delete your account we remove identifying data within 30 days, except where we are required to keep records (e.g. tax records for billing). Operational logs are rotated on a rolling window not to exceed 90 days except when needed for security investigations.

6. security

All traffic to the Service is encrypted in transit via SSH. Access to production systems is restricted and audited. No system is perfectly secure; if you believe you've found a vulnerability, please email support@shussh.io.

7. your rights

Depending on where you live (including the EEA, UK, and California), you may have the right to access, correct, export, or delete personal data we hold about you, and to object to or restrict certain processing. To exercise these rights, email support@shussh.io.

8. children

The Service is not directed to children under 13 (or the minimum digital-consent age in your country). We do not knowingly collect data from children.

9. international transfers

Our infrastructure may be located in jurisdictions different from yours. By using the Service you consent to the transfer, storage, and processing of your data in those locations, subject to appropriate safeguards.

10. changes

We may update this Policy from time to time. Material changes will be announced inside the Service and on this page.

11. contact

Privacy questions: support@shussh.io.