Privacy Policy
DockLab is a desktop SSH client with SFTP, a remote editor, an integrated browser and an AI assistant. It is built and operated under the Legacies brand by Horia Stan, an individual based in Romania (the "data controller" for the purposes of the EU General Data Protection Regulation). Contact: contact@legacies.ro.
The short version: DockLab is local-first. Your hosts, credentials and terminal content live on your machine. We only receive data when you create an optional account (end-to-end encrypted sync) or explicitly opt in to anonymous telemetry. We never sell data and we store no advertising identifiers.
1. Data stored only on your device
- Host definitions, SSH credentials and private-key references - stored in an AES-256-GCM encrypted file on your device.
- AI provider API keys you configure - stored in the same encrypted local store and sent only to the AI provider you chose.
- Terminal content, SFTP file listings, edited files, browser history inside the app - never transmitted to us.
This data never reaches our servers in readable form. AI prompts and terminal commands you explicitly send to an AI provider go directly from your device to that provider under their privacy policy.
2. Account data (optional)
If you create a DockLab account for cross-device sync, we store:
- Your email address and optional username.
- A scrypt hash of your password - we cannot read your password.
- Your synced data (hosts, credentials, preferences, workspaces) as an end-to-end encrypted blob: it is encrypted on your device with a key derived from your password before upload. We cannot decrypt it. If you forget your password, this data is unrecoverable by design.
Legal basis: performance of a contract (providing the sync service you requested). Verification and account emails are delivered through Resend (Resend, Inc., USA) acting as our processor; only your email address and the message content are shared with them for delivery.
3. Collaboration sessions (optional)
If you start or join a live collaboration session, terminal output and chat messages are relayed in real time through our server to session participants. Relayed traffic is not persisted after the session ends.
4. Anonymous telemetry (opt-in, off by default)
On first launch DockLab asks whether you want to share anonymous diagnostics. If you decline (or ignore the dialog), nothing is sent. If you accept, we receive:
- A version ping at startup: app version, operating system, CPU architecture.
- Crash reports: the error message, a stack trace scrubbed of usernames, app version, OS and architecture.
Both carry a random install identifier (crypto.randomUUID) generated on your device.
It is not linked to your account, email or IP address - we do not store IP addresses with
telemetry. Legal basis: consent (Art. 6(1)(a) GDPR), withdrawable anytime in
Settings → Account → Privacy.
5. Server logs
Our API server keeps standard short-lived operational logs (timestamps, request paths, status codes) for security and debugging. Log data is rotated automatically and not used for profiling.
6. Retention
- Account data: kept until you delete your account.
- Telemetry: raw records kept at most 12 months, then deleted.
- Backups: encrypted server backups are retained for 14 days.
7. Deleting your data
Settings → Account → Danger zone → Delete account permanently removes your account record and your encrypted sync blob from our server, effective immediately (backup copies expire within 14 days). You can also email contact@legacies.ro from your account address to request deletion or a copy of your data; we answer within 30 days.
8. Your GDPR rights
You have the right to access, rectify, erase, restrict or object to the processing of your personal data, the right to data portability, and the right to withdraw consent at any time. You may lodge a complaint with your local supervisory authority; in Romania this is ANSPDCP (dataprotection.ro).
9. International transfers
Our servers are located in the European Union (OVH, France/EU). Email delivery via Resend may involve transfers to the USA under Standard Contractual Clauses.
10. Children
DockLab is not directed at children under 16 and we do not knowingly collect their data.
11. Changes
We will post any changes to this policy on this page and update the date above. Material changes to telemetry will re-trigger the consent dialog in the app.