rumus rumus

Rumus Privacy Policy

Effective Date: February 2026

1. Introduction

This Privacy Policy describes how Rumus ("we", "us", or "our") collects, uses, and shares information when you use our cross-platform terminal application ("the Software"). We are committed to protecting your privacy and being transparent about our data practices.

Your privacy is important to us. All data collection in Rumus is optional and can be disabled at any time.

2. Information We Collect

2.1 Account Information

If you create an account or subscribe to a paid plan, we collect:

  • Email address
  • Display name (if provided)
  • Payment information (processed by third-party payment processors)

2.2 Telemetry Data

When telemetry is enabled (can be disabled in Settings > Privacy), we collect anonymous usage statistics:

  • Application launch and close events
  • Terminal session creation and closure (local and SSH)
  • Workspace open events
  • Theme and language preference changes
  • Application version
  • Operating system platform

We use PostHog for analytics with the following privacy-preserving configurations:

  • Auto-capture disabled
  • Session recording disabled
  • Heatmaps disabled
  • Page view tracking disabled
  • Do Not Track (DNT) respected
  • Memory-only persistence (no cross-session tracking)

2.3 Crash Reports

When crash reporting is enabled (can be disabled in Settings > Privacy), we collect diagnostic data when errors occur:

  • Error names and messages
  • Stack traces
  • Error source (uncaught exception, unhandled rejection, etc.)

All crash data is sanitized before transmission to remove:

  • File paths (Windows and Unix formats)
  • IP addresses
  • Hostnames and domain names
  • Any potentially identifiable information

2.4 Settings Sync Data

If you are a Pro/Max subscriber and enable settings sync, your data will be synchronized to our servers, including:

  • Application preferences
  • Theme and appearance settings
  • Privacy settings
  • Vault data (hosts, SSH keys, credentials, snippets, etc.)

Important Security Note:

All vault data containing sensitive information (such as SSH private keys, passwords, and host configurations) is end-to-end encrypted on your device before being transmitted and stored on our servers. This means:

  • We store only encrypted (ciphertext) data on our servers
  • We cannot access, read, or decrypt your sensitive information
  • Only you, with your encryption key, can decrypt and access this data
  • If you lose your encryption key, we cannot help you recover the encrypted data

Data Loss Disclaimer: We are not responsible for any data loss, corruption, or inability to recover data, whether caused by software defects, synchronization issues, encryption key loss, or any other reason. You are solely responsible for maintaining backups of your important data.

3. Information We Do NOT Collect

Regardless of your privacy settings, we explicitly do not collect:

  • Terminal command contents - We never see or store the commands you type in the terminal
  • Terminal output - Your terminal output stays on your device
  • File contents or file paths - We do not access your files
  • Unencrypted sensitive data - When sync is enabled, credentials, SSH keys, and host information are transmitted and stored only in end-to-end encrypted form that we cannot decrypt
  • Browsing history or keystrokes - We do not monitor your activity
  • Any personally identifiable information

4. How We Use Your Information

We use the collected information for:

4.1 Service Provision

  • Providing and maintaining the Software
  • Processing subscriptions and payments
  • Syncing your settings across devices (if enabled)

4.2 Improvement and Development

  • Understanding how features are used to improve the Software
  • Identifying and fixing bugs and errors
  • Developing new features based on usage patterns

4.3 Communication

  • Responding to your inquiries and support requests
  • Sending important notices about the Software or your account

5. AI Services and Data

When you use AI features in Rumus, your prompts and context are sent directly to your configured AI provider (such as OpenAI or Anthropic). We act as a conduit and do not store or access the content of your AI interactions.

Note: Each AI provider has their own privacy policy governing how they handle data. We encourage you to review the privacy policies of the AI providers you use.

6. Data Sharing

We do not sell your personal information. We may share information only in the following circumstances:

6.1 Service Providers

We use third-party service providers to help operate our services:

  • PostHog - Analytics (EU-hosted)
  • Payment processors - Subscription billing
  • Cloud infrastructure - Settings sync and account services

6.2 Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

7. Data Storage and Security

7.1 Storage Location

  • Telemetry data is processed by PostHog servers in the European Union
  • Account and subscription data is stored on secure cloud infrastructure

7.2 Security Measures

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of data in transit
  • Secure authentication mechanisms
  • Regular security assessments

7.3 Data Retention

  • Telemetry data is retained for analytical purposes
  • Crash reports are retained for diagnostic purposes
  • Account data is retained while your account is active
  • Upon account deletion, your personal data will be removed within a reasonable timeframe

8. Your Rights and Choices

8.1 Privacy Controls

You can control data collection at any time through Settings > Privacy:

  • Telemetry - Enable or disable anonymous usage statistics
  • Crash Reports - Enable or disable error reporting

8.2 Access and Deletion

You have the right to:

  • Request access to your personal data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format

To exercise these rights, please contact us through our official channels.

8.3 Do Not Track

We respect Do Not Track (DNT) browser settings. When DNT is enabled, telemetry is automatically disabled.

9. Children's Privacy

The Software is not intended for children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete that information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy within the Software or through other communication channels. Your continued use of the Software after the changes take effect constitutes your acceptance of the revised Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through our official channels.