VantaShell Privacy Policy

This Privacy Policy explains how VantaShell collects, uses, stores, protects, and shares user information when users use the VantaShell website, application, account, subscriptions, licenses, downloads, features, and services.

VantaShell is designed for digital and SSH workflows, including local functionality on the user's device. Certain data may remain on the user's device, while other data may be processed through account, licensing, payment, support, security, update, or external provider systems.

By using VantaShell, the user confirms that they have read this Privacy Policy.

For personal data processed in connection with the VantaShell website, accounts, subscriptions, licenses, support, and services, the data controller is:

Controller: [company/legal entity name]

Address: [company address]

Contact email: [contact email]

Contact page: /contact

If VantaShell appoints a data protection officer or a dedicated point of contact for privacy requests, that information will be published or communicated through official channels.

VantaShell may collect information provided directly by the user, such as:

• name;
• email address;
• account authentication data;
• account settings;
• product preferences;
• selected plan;
• messages sent to support;
• refund, billing, or assistance requests;
• information submitted through contact forms;
• other information the user voluntarily submits.

For operation of the service, VantaShell may also collect technical or operational information, such as account identifiers, authentication sessions, subscription status, license status, license keys or license fingerprints, device activations, app version, download channel, billing events, security logs, authentication events, support activity, IP addresses, browser type, operating system, and error, crash, or diagnostic information if enabled.

Not all of this data is collected in every situation. The data collected depends on how the user uses VantaShell, the selected plan, account settings, enabled features, and integrated providers.

VantaShell is designed for local-first workflows. Depending on the app configuration and features used, certain data may remain on the user's device.

This data may include, without limitation:

• SSH hosts;
• local configurations;
• terminal history or activity;
• snippets;
• local files;
• SSH keys;
• passwords;
• credentials;
• operational notes;
• infrastructure data;
• work contexts;
• local logs.

VantaShell does not necessarily have access to the user's local data simply because the application is installed or used. However, this data may be transmitted outside the device if the user enables a sync feature, connects an external provider, sends data to support, uses an integration, enables a cloud feature, or manually enters that information into a form, ticket, or external channel.

The user is responsible for not sending passwords, private keys, secrets, tokens, production logs, confidential data, regulated data, or sensitive information through support, forms, email, integrations, or external services unless they have approval from their organization and understand the risks.

For VantaShell accounts, we may process data required for authentication, such as the email address, the account password in protected form, session tokens, reset tokens, and security information.

VantaShell does not ask users to send SSH passwords, private keys, production tokens, or sensitive credentials through support. If the user voluntarily submits such information, VantaShell may delete, restrict, or ignore that information when it is not necessary to resolve the request.

The user must keep passwords, private keys, SSH credentials, devices, backups, and operational files secure.

VantaShell may use personal and technical data for:

• creating and administering accounts;
• authenticating users;
• securing sessions;
• verifying email addresses;
• providing access to the application;
• activating licenses;
• managing subscriptions;
• processing payments;
• sending transactional emails;
• providing downloads and updates;
• responding to support requests;
• investigating technical issues;
• preventing fraud, abuse, and unauthorized access;
• enforcing the Terms of Service;
• administering refund, cancellation, or billing requests;
• improving product stability and quality;
• analyzing service performance;
• complying with legal, tax, accounting, or security obligations.

We may use aggregated or de-identified information to understand product performance, release quality, plan usage, support load, and general usage trends. This information is not intended to directly identify an individual user.

Where applicable law requires a legal basis, VantaShell may process data based on the following legal bases:

• performance of a contract, for account creation, service delivery, license activation, subscription management, and support;
• legal obligations, for tax records, accounting, invoicing, responses to authorities, or compliance with law;
• legitimate interests, for security, fraud prevention, service protection, product improvement, and operations administration;
• consent, where required, such as for certain cookies, optional communications, or features that require explicit agreement;
• defense of legal rights, for investigating disputes, chargebacks, policy violations, or legal requests.

The user may choose not to provide certain data, but some account, licensing, billing, download, support, or security features may not work without it.

Payments may be processed through third-party payment providers. VantaShell does not need to store full card numbers, CVV codes, or other complete payment instrument data on its own systems.

We may receive information from the payment processor such as:

• payment status;
• customer identifier;
• subscription identifier;
• selected plan;
• amount paid;
• currency;
• invoices;
• renewal dates;
• payment events;
• refund statuses;
• metadata required for account access.

For administering subscriptions, refunds, disputes, chargebacks, taxes, and billing support, VantaShell may exchange relevant account and transaction information with the payment processor.

The VantaShell website may use cookies, local storage, or similar technologies for:

• authentication;
• login sessions;
• security;
• fraud prevention;
• preferences;
• checkout;
• basic website operation;
• technical analysis;
• experience improvement;
• support or communication;
• analytics, if enabled.

Some cookies are strictly necessary for website operation or for services explicitly requested by the user. Other cookies, such as analytics, marketing, or tracking cookies, may require consent depending on applicable law.

The user may control cookies through browser settings or through the cookie banner/settings made available on the website, if available. Blocking necessary cookies may prevent authentication, checkout, account access, or other features from working correctly.

Third-party providers used for payments, support, analytics, security, or hosting may set their own cookies or similar technologies when the user interacts with their services.

VantaShell may send necessary transactional emails, such as:

• account confirmations;
• email verifications;
• password resets;
• security notifications;
• payment confirmations;
• invoices;
• subscription notifications;
• important service changes;
• responses to support requests.

These communications are necessary to provide the service and are not considered marketing communications.

If VantaShell sends newsletters, offers, or optional commercial communications, the user may unsubscribe using the instructions in the email or other methods made available.

VantaShell may share information with providers that help operate the service, such as:

• payment processors;
• hosting providers;
• email services;
• support systems;
• security tools;
• logging and monitoring services;
• technical analytics services;
• infrastructure providers;
• legal, tax, or accounting advisors when necessary.

These providers may process data only for the purposes necessary to provide their services to VantaShell, in accordance with applicable contracts and obligations.

VantaShell may also share information when required by law, to protect the rights, safety, and security of VantaShell or users, to investigate fraud, abuse, or Terms of Service violations, to respond to disputes, chargebacks, or legal requests, in connection with a merger, acquisition, asset sale, reorganization, or business transfer, or at the user's instruction or with the user's consent.

VantaShell may allow the user to connect or use external services. These services may have their own privacy policies, terms, and security practices.

VantaShell does not always control how external providers process data when the user interacts directly with them or gives them access to information.

The user should review the policies and settings of external providers before submitting sensitive data, credentials, logs, files, or operational information.

We keep data for as long as necessary for:

• providing the service;
• administering the account;
• maintaining security;
• activating licenses;
• processing payments;
• providing support;
• resolving disputes;
• preventing fraud;
• account recovery;
• complying with legal, tax, and accounting obligations;
• keeping business records;
• defending legal rights.

Some data may be kept after account closure when retention is necessary for legal, tax, accounting, anti-fraud, security, audit, dispute, or Terms of Service enforcement reasons.

Data that is no longer needed may be deleted, anonymized, or aggregated depending on the nature of the data and applicable obligations.

VantaShell uses administrative, technical, and organizational measures intended to protect account, licensing, payment, support, and security data.

These measures may include access controls, encryption where appropriate, security logging, monitoring, internal access limitation, session protection, and incident investigation procedures.

No system is perfectly secure. The user is responsible for using strong passwords, protecting devices, keeping SSH keys and credentials secure, securing backups, and promptly reporting suspicious activity.

For the desktop app, the user remains responsible for the security of their own device, operating system, private keys, local files, SSH configurations, and connected operational environments.

VantaShell is not intended for the deliberate collection of medical data, biometric data, sensitive financial data, children's data, critical trade secrets, production passwords, private keys, access tokens, or other strictly confidential data through support channels or public forms.

The user must not send such data to VantaShell unless it is strictly necessary, authorized by the user's organization, and permitted by applicable law.

If such data is sent accidentally, VantaShell may take reasonable steps to delete, restrict, or protect it depending on the situation.

VantaShell and its providers may process information in countries different from the country where the user lives.

These transfers may occur through hosting, email, payment, support, security, analytics, or infrastructure providers.

When applicable law requires special measures for international transfers, VantaShell will use appropriate mechanisms, such as contractual clauses, adequacy decisions, or other available legal safeguards. The European Commission notes that transfers of data to third countries may require safeguards such as adequacy decisions, standard contractual clauses, or binding corporate rules.

Depending on the country where the user lives and the applicable law, the user may have the right to request:

• access to personal data;
• correction of inaccurate data;
• deletion of data;
• restriction of processing;
• objection to certain processing;
• data portability;
• withdrawal of consent, where processing is based on consent;
• information about how data is processed;
• protection from certain automated decisions where applicable law provides this right.

The GDPR recognizes several rights individuals have over their personal data, including information, access, rectification, erasure, restriction, portability, objection, and rights related to automated decision-making and profiling.

To exercise these rights, the user may contact VantaShell through the contact page or through the email address indicated in this policy.

VantaShell may request additional information to verify the user's identity before responding to a privacy request.

Users may request correction, export, or deletion of personal data through the contact page.

In certain cases, VantaShell may refuse or limit a request if keeping the data is necessary for:

• legal obligations;
• billing;
• taxes;
• accounting;
• fraud prevention;
• security;
• dispute resolution;
• compliance with the Terms of Service;
• defense of legal rights.

Local data stored exclusively on the user's device may not be accessible to VantaShell. In these cases, the user is responsible for deleting or managing that data directly from the app, operating system, local files, or backups.

Depending on the applicable jurisdiction, the user may have the right to file a complaint with the local data protection authority.

For users in Romania, the competent authority is generally the National Supervisory Authority for Personal Data Processing.

We recommend that the user contact VantaShell first to try to resolve any privacy-related concern.

VantaShell is intended for professional users, developers, administrators, technical teams, and operational workflows.

VantaShell is not intended for children and does not intentionally collect personal data from children.

If we learn that we have collected personal data from a child without the required consent, we will take reasonable steps to delete that data.

VantaShell may update this Privacy Policy when the product, features, providers, data practices, legal requirements, or company operations change.

The updated version will display a new date in the Last updated section.

Continuing to use VantaShell after an updated version is published may constitute acceptance of the changes, to the extent permitted by law.

For questions, requests, or concerns related to privacy, the user may contact VantaShell through:

Contact page: /contact

Email: [privacy/support email]

Controller: [company name]

Address: [company address]