Privacy Policy

DockLab - a Legacies product · Last updated: June 13, 2026

DockLab is a desktop SSH client with SFTP, a remote editor, an integrated browser and an AI assistant. It is built and operated under the Legacies brand by Horia Stan, an individual based in Romania (the "data controller" for the purposes of the EU General Data Protection Regulation). Contact: contact@legacies.ro.

The short version: DockLab is local-first. Your hosts, credentials and terminal content live on your machine. We only receive data when you create an optional account (end-to-end encrypted sync) or explicitly opt in to anonymous telemetry. We never sell data and we store no advertising identifiers.

1. Data stored only on your device

This data never reaches our servers in readable form. AI prompts and terminal commands you explicitly send to an AI provider go directly from your device to that provider under their privacy policy.

2. Account data (optional)

If you create a DockLab account for cross-device sync, we store:

Legal basis: performance of a contract (providing the sync service you requested). Verification and account emails are delivered through Resend (Resend, Inc., USA) acting as our processor; only your email address and the message content are shared with them for delivery.

3. Collaboration sessions (optional)

If you start or join a live collaboration session, terminal output and chat messages are relayed in real time through our server to session participants. Relayed traffic is not persisted after the session ends.

4. Anonymous telemetry (opt-in, off by default)

On first launch DockLab asks whether you want to share anonymous diagnostics. If you decline (or ignore the dialog), nothing is sent. If you accept, we receive:

Both carry a random install identifier (crypto.randomUUID) generated on your device. It is not linked to your account, email or IP address - we do not store IP addresses with telemetry. Legal basis: consent (Art. 6(1)(a) GDPR), withdrawable anytime in Settings → Account → Privacy.

5. Server logs

Our API server keeps standard short-lived operational logs (timestamps, request paths, status codes) for security and debugging. Log data is rotated automatically and not used for profiling.

6. Retention

7. Deleting your data

Settings → Account → Danger zone → Delete account permanently removes your account record and your encrypted sync blob from our server, effective immediately (backup copies expire within 14 days). You can also email contact@legacies.ro from your account address to request deletion or a copy of your data; we answer within 30 days.

8. Your GDPR rights

You have the right to access, rectify, erase, restrict or object to the processing of your personal data, the right to data portability, and the right to withdraw consent at any time. You may lodge a complaint with your local supervisory authority; in Romania this is ANSPDCP (dataprotection.ro).

9. International transfers

Our servers are located in the European Union (OVH, France/EU). Email delivery via Resend may involve transfers to the USA under Standard Contractual Clauses.

10. Children

DockLab is not directed at children under 16 and we do not knowingly collect their data.

11. Changes

We will post any changes to this policy on this page and update the date above. Material changes to telemetry will re-trigger the consent dialog in the app.