Termixa
Home Features Guides Pricing Contact Get Started

Privacy Policy

Last updated: 6 July 2026 · Effective date: 6 July 2026

This Privacy Policy explains what personal data Termixa collects, why, how we use it, who we share it with, and the rights you have. It applies to the Termixa mobile app, the desktop and headless connector, and the termixa.com website (together, the “Service”).

The short version. Termixa connects your phone and your computer over a direct, end-to-end encrypted, peer-to-peer channel. We do not see, store, or process the contents of your terminal sessions — your commands, keystrokes, output, code, and files never reach our servers, and we have no technical ability to read them. We only handle the limited account and operational data described below.
Contents
  1. Who is responsible
  2. Data we collect
  3. What we do not collect
  4. How & why we use data
  5. Legal bases
  6. Sharing & sub-processors
  7. International transfers
  8. Data retention
  9. Security
  10. Your rights
  11. Cookies & local storage
  12. Children
  13. Changes
  14. Contact

1. Who is responsible for your data

The data controller for the Service is Termixa (“we”, “us”), based in Türkiye. For any privacy question or request, contact us at support@termixa.com.

2. Data we collect

Account information

When you sign in with Google or Apple, we receive your email address and a stable user identifier from that provider, which we use to create and identify your account. If you use “Sign in with Apple” and choose “Hide My Email”, we only receive a private Apple relay email address.

Subscription & entitlement data

If you subscribe to Termixa Pro, Apple processes the payment; we receive and store your subscription status, product identifier, renewal/expiry dates, the original transaction identifier, and the storefront (country) associated with the purchase, so we can unlock Pro features, recognise renewals and cancellations, and understand aggregate revenue by country. We never receive or store your payment card details. We also store the status of any complimentary access we grant.

Device registry

To enforce the number of devices allowed on your plan and to let you manage them, we store, for each device on your account, a per-app device identifier (Apple’s identifier for vendor, which resets if you reinstall the app), a device name, the platform, and a “last seen” timestamp.

Trial-abuse signal (Apple DeviceCheck)

To prevent repeated free-trial abuse, we use Apple’s DeviceCheck to record two bits of information per device — in practice, whether a trial has already been used. This does not expose or store any hardware serial number or personal device information. We also keep an anonymous counter of how many trial requests were denied, with no device or user detail.

Connection metadata

To establish a Session, our signaling server briefly processes pairing data (such as a temporary room identifier and PIN) and issues short-lived credentials for relay access. Your IP address is processed transiently to route you to the nearest relay region and for basic abuse-prevention (such as rate-limiting); it is not used to build a profile of you and is not retained for tracking.

Relay usage

When a direct peer-to-peer connection is not possible and an encrypted relay is used, we record the approximate number of bytes relayed for your account per month. This is used to operate the relay fairly, enforce quotas, and prevent abuse. The relay only forwards opaque, encrypted packets and cannot read their contents.

Support & contact messages

If you email us or use the contact form on our website, we receive the information you provide — such as your name, email address, and message — and, for the web form, the IP address of the request (used to prevent spam and abuse). We use this to respond to you and keep a record of the correspondence. The contact form uses our own self-hosted challenge (“CAPTCHA”) to prevent spam; it does not share your data with a third-party CAPTCHA provider.

3. What we do not collect

  • The contents of your terminal — your commands, keystrokes, output, code, files, or environment.
  • The data flowing through your Sessions, including anything served from your exposed local ports.
  • Hardware serial numbers or advertising identifiers.
  • Any behavioural profile for advertising. We do not use third-party advertising or analytics trackers, and we do not sell your personal data.

Because Sessions are end-to-end encrypted and peer-to-peer first, your Content is technically inaccessible to us. When traffic passes through a relay, it remains encrypted end-to-end and the relay forwards only opaque packets.

4. How & why we use data

  • To create, secure, and operate your account and authenticate your devices.
  • To provide, maintain, and enforce your plan (Free, Trial, or Pro), including device, workspace, port, and session limits.
  • To process and recognise subscriptions, renewals, cancellations, and complimentary grants.
  • To establish and route connections, choose the nearest relay, and keep the connection service working.
  • To prevent fraud, abuse, and trial abuse, and to protect the security and integrity of the Service.
  • To respond to your support requests and communicate with you about the Service.
  • To comply with legal obligations and enforce our Terms of Service.

5. Legal bases (for EEA/UK users)

Where the EU/UK General Data Protection Regulation applies, we rely on the following legal bases:

  • Performance of a contract — to provide the Service you request (account, connections, plan enforcement, subscriptions).
  • Legitimate interests — to secure the Service, prevent abuse and fraud, enforce quotas, and respond to support requests, balanced against your rights.
  • Legal obligation — to comply with applicable laws, including tax, accounting, and consumer-protection requirements.
  • Consent — where we specifically ask for it; you may withdraw consent at any time.

6. Sharing & sub-processors

We do not sell your personal data and we do not share it for advertising. We share limited data only with service providers that help us operate the Service, and only as needed:

  • Apple — Sign in with Apple, App Store in-app purchases, and DeviceCheck.
  • Google — Google sign-in.
  • Hosting & infrastructure providers — for our backend, database, signaling, and relay (TURN) servers.
  • Cloudflare — DNS and email routing for our domain.
  • Email delivery provider — to send and receive support and notification emails (for example, contact-form notifications and replies).

We may also disclose data if required to do so by law, to respond to lawful requests from public authorities, to enforce our Terms, or to protect the rights, property, or safety of Termixa, our users, or others. If we are ever involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, subject to this Policy.

7. International transfers

We operate infrastructure in multiple regions (including the European Union, the United States, and Türkiye) to provide low-latency connections. As a result, your data may be processed in countries other than your own. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for such transfers. Session Content itself remains end-to-end encrypted and is not accessible to us wherever a relay is located.

8. Data retention

We keep your account, entitlement, and device data for as long as your account is active. We keep subscription and transaction records for as long as necessary to comply with legal, tax, and accounting obligations, even after your account is closed. Connection metadata is short-lived and not retained for analytics. Relay-usage totals are kept on a per-month basis for operational and abuse-prevention purposes. Support and contact messages are kept for as long as needed to handle your request and maintain a reasonable record. When data is no longer needed, we delete or anonymise it.

9. Security

We use technical and organisational measures appropriate to the risk, including end-to-end encryption of Sessions, encrypted transport (TLS) for our web and API traffic, short-lived credentials, hashed refresh tokens, and access controls. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials and your devices secure.

10. Your rights

Depending on where you live, you may have some or all of the following rights regarding your personal data: to access it; to correct it; to delete it; to restrict or object to its processing; to data portability; and to withdraw consent where processing is based on consent. Users in Türkiye have the rights provided under the Personal Data Protection Law (KVKK, Law No. 6698); users in the EEA/UK have the rights provided under the GDPR.

You can exercise these rights, including requesting deletion of your account and associated data, by emailing us from your account address at support@termixa.com. Deleting your account removes your stored account, device, and entitlement records; we may retain limited transaction records where required by law, in anonymised form where possible. You also have the right to lodge a complaint with your local data-protection authority (in Türkiye, the Kişisel Verileri Koruma Kurumu).

11. Cookies & local storage

Our website uses a small amount of local storage in your browser strictly to make the site work — specifically, to remember your light/dark theme preference and your cookie-notice choice. These are essential and are stored only on your device.

We do not use advertising cookies, third-party analytics trackers, or cross-site tracking of any kind. Because we only use essential local storage, there is nothing to opt out of for tracking; the cookie notice simply informs you of this. Our mobile app similarly stores only the data needed to keep you signed in and remember your preferences on your device.

12. Children

The Service is not directed to children under 16 (or the equivalent minimum age in your region), and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, contact us and we will delete it.

13. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

14. Contact

Questions about your privacy or this Policy? Email us at support@termixa.com.

Termixa

Mission control for the AI working on your computer.

Product Features Pricing Download
Resources Guides Support Contact
Legal Terms of Service Privacy Policy
© Termixa. All rights reserved. made for builders, by builders