Privacy Policy

Last updated: April 9, 2026

1. What We Collect

When you sign in with GitHub, we store:

• GitHub profile info: username, display name, avatar URL, and GitHub user ID
• Session tokens: random tokens used to keep you signed in
• Connector records: names and tokens for VMs you register
• Agent API keys: stored as hashed values only

2. What We Do NOT Collect

• We do not store, log, or inspect any traffic between your browser and your VMs
• We do not store your GitHub password or OAuth tokens long-term
• We do not use cookies for tracking or analytics
• We do not sell or share your data with third parties

3. How Data Flows

The relay acts as a stateless routing proxy. Browser-to-VM WebSocket traffic passes through the relay in real time and is not stored. The relay only persists the minimal metadata needed to authenticate you and route connections to the correct VM.

4. Data Storage

All data is stored in a SQLite database on the relay server. Session tokens expire automatically and are cleaned up periodically.

5. Data Deletion

You can delete your connectors and agent keys from the dashboard at any time. To request full account deletion, contact us and we will remove all associated records.

6. Third-Party Services

We use GitHub OAuth for authentication. GitHub's privacy policy applies to data they collect during the sign-in process. We use Cloudflare for DNS and Caddy for TLS — standard infrastructure that does not process your VM traffic.

7. Open Source

SpAIglass is open source under the MIT License. You can audit the complete relay source code at github.com/c0inz/spaiglass to verify exactly what data is collected and how it flows.

8. Changes

We may update this policy. Material changes will be noted on this page with an updated date.

← Back to SpAIglass