helmrig

Privacy Policy

Helmrig Shell · Effective June 7, 2026

Helmrig Shell is built around a simple promise: your terminal sessions stay between your iPad and your laptop. This page explains exactly what we collect — and what we don't — in plain English.

1. Who we are

The data controller for Helmrig Shell is Individual entrepreneur Nikita Kislitsin (Identification Number 305512825), registered in Tbilisi, Georgia. For any privacy question or request, email hi@helmrig.app.

2. What this policy covers

  • helmrig.app — the marketing website you are reading right now.
  • qr.helmrig.app — a small rendezvous service used during device pairing.
  • The Helmrig relay serversrelay-nyc.helmrig.app (United States), relay-sgp.helmrig.app (Singapore), and relay-fra.helmrig.app (Germany), used as a fallback when your iPad and laptop cannot reach each other directly.
  • The Helmrig Shell iPad app, distributed via the App Store.
  • The Helmrig CLI / daemon you run on your laptop (the helmrig npm package).

3. What we collect — and don't

helmrig.app. The website uses Vercel Web Analytics and Vercel Speed Insights to count aggregate, anonymous traffic. These services do not use cookies and do not store personally identifying information. The site does not have a signup form and does not ask for your email or any other personal data. Typefaces are loaded from Google Fonts (fonts.googleapis.com); when your browser requests them, your IP address is visible to Google.

qr.helmrig.app (pairing rendezvous). When you pair your iPad with your laptop, the laptop produces a small encrypted blob and uploads it to qr.helmrig.app so your iPad can fetch it via a short URL shown as a QR code. Your iPad's camera is used on-device, only to scan that QR code — the camera feed is never recorded, transmitted, or sent to us. We do not hold the encryption key — the blob is opaque to us. The blob is deleted immediately after the first successful fetch, and otherwise expires shortly after. Our hosting providers (Vercel and Cloudflare) keep standard request metadata — IP address, User-Agent, timestamp — for short, provider-defined periods for abuse prevention and reliability. We do not analyze those access logs.

The Helmrig Shell iPad app. The app does not embed general analytics, crash-reporting, or behavioral telemetry SDKs. We do not receive crash reports or usage events from your device. Its core function — opening terminals on your paired laptop — runs over an end-to-end encrypted tunnel: when your iPad and laptop can reach each other directly, that traffic flows peer-to-peer and never touches our servers; when they cannot (for example, because of restrictive NAT or firewalls), the encrypted tunnel falls back through one of our relay servers, described next. The app requests camera access (to scan the pairing QR code) and local-network access (to reach your laptop on the same network); neither sends any data to us. The app bundles a single narrow third-party SDK, for subscription management, disclosed below.

The Helmrig relay servers. As a fallback for connections that cannot be made directly, Helmrig operates three relay servers — relay-nyc.helmrig.app (United States), relay-sgp.helmrig.app (Singapore), and relay-fra.helmrig.app (Germany) — hosted on DigitalOcean. A relay forwards opaque encrypted bytes between your iPad and your laptop. It cannot decrypt them — the keys live on your devices and are never sent to us. We do not log traffic content, session keys, session identifiers, public-key fingerprints, or User-Agent strings on the relays. We do collect basic operational metrics for monitoring — number of bytes transferred per connected client — with source IP addresses replaced by the placeholder [ip] so they are not stored. Error logs (no normal traffic events) and these anonymized metrics are shipped to Grafana Cloud, where they are kept for 7 days and then deleted.

When the app is distributed through the Apple App Store, Apple collects its own diagnostics — crash logs, usage, install events, and similar. Those are governed by Apple's privacy policy, not this one. You can opt out of sharing diagnostics in iOS settings.

Subscriptions (RevenueCat). Subscriptions inside the app are managed through RevenueCat. The app generates a fully anonymous identifier — for example $RCAnonymousID:d9fe74400a154579bb327d10b4107891 — which is not derived from your email, Apple ID, or any other personal information, and is not linked to your pairing keys or to anything you do inside the app. RevenueCat receives this anonymous ID, the App Store receipt for any purchase you make, your subscription state, and basic device metadata (such as model, OS version, IDFV, and locale) needed to verify entitlements. We do not learn your real identity from this — we only see anonymous IDs and subscription status. The RevenueCat anonymous ID and your pairing keys live in separate systems and are never linked together.

The Helmrig CLI / daemon. The CLI you run on your laptop keeps all of its logs locally on your machine. It does not send analytics, telemetry, or crash reports to us. About once per hour it asks the npm registry (registry.npmjs.org) whether a newer version is available and installs it automatically; that request is made by your machine to npm, Inc., and is governed by npm's privacy policy.

4. What we never see

The connection between your iPad and your laptop is end-to-end encrypted. The keys live on your devices; we never see them. When the connection has to fall back through one of our relay servers, the relay only forwards opaque ciphertext — it cannot read what passes through it. As a result, we have no access to:

  • the contents of any terminal session — including any file you view or edit, any git operation, and any command you run;
  • anything you run inside the terminal, including AI assistants such as Claude Code or Codex;
  • any source code, secrets, or environment variables;
  • which projects you work on or what you do with them.

We could not produce this data if asked.

5. Cookies and similar technologies

helmrig.app does not set first-party cookies. Vercel Analytics and Speed Insights operate without cookies. Resources loaded from Google Fonts or Cloudflare may use technologies controlled by those parties — see their respective policies.

6. Sub-processors

We rely on the following providers to operate the service. Each operates under its own privacy policy.

  • Vercel, Inc. — hosting for helmrig.app and qr.helmrig.app, plus the analytics described above.
  • Cloudflare, Inc. — DNS and proxy in front of qr.helmrig.app.
  • DigitalOcean, LLC — virtual machines hosting the Helmrig relay servers in New York, Singapore, and Frankfurt.
  • Grafana Labs — Grafana Cloud, where anonymized error logs and operational metrics from the relays are stored for 7 days.
  • Apple Inc. — App Store distribution; iOS device diagnostics.
  • RevenueCat, Inc. — subscription billing and entitlement management for the iPad app.
  • npm, Inc. (GitHub) — package registry for the Helmrig CLI.
  • Google LLC — Google Fonts CDN for typography on helmrig.app.

7. International transfers

Our providers and relay servers operate globally. The limited connection metadata they handle — primarily IP addresses, User-Agent strings, and (for relays) byte counts with anonymized client identifiers — may be processed in countries outside Georgia, the European Economic Area, or your country of residence, including the United States, Singapore, and Germany. Each provider relies on its own legal mechanism (such as Standard Contractual Clauses) for such transfers.

8. Retention

  • helmrig.app analytics — aggregated, with no personal identifiers retained.
  • qr.helmrig.app pairing blob — deleted on first fetch, or expires shortly thereafter.
  • Relay error logs and operational metrics — anonymized (no IP, no keys, no session identifiers); retained for 7 days in Grafana Cloud, then deleted.
  • Provider access logs — retained for the period each provider's policy specifies, then deleted.
  • Email correspondence with hi@helmrig.app — kept as long as needed to respond to your message; deleted on request.

9. Security

The connection between the iPad app and the paired laptop is end-to-end encrypted. Keys live on your devices and are never sent to us. When a direct peer-to-peer connection cannot be established, the encrypted tunnel is relayed through one of our servers, which forwards opaque bytes between your endpoints but cannot decrypt them. Pairing material is opaque to qr.helmrig.app and is destroyed after use. Helmrig holds no user accounts, passwords, or sessions.

10. Children

Helmrig Shell is a developer tool and is not directed at children under 16. We do not knowingly collect personal data from anyone in that age group.

11. Your rights

Under the Law of Georgia on Personal Data Protection — and, where applicable, the EU and UK GDPR, the California Consumer Privacy Act, and similar laws — you may have the right to access, correct, delete, port, or object to the processing of your personal data, and to withdraw any consent you have given. Email hi@helmrig.app to exercise any of these rights.

If you believe we have handled your data unlawfully, you may also lodge a complaint with the Personal Data Protection Service of Georgia or your local supervisory authority in the EU/EEA.

12. Changes

We will post any updates to this policy at this URL. Material changes will be marked with a new effective date and, where appropriate, called out in the app or on the website.

13. Contact

Questions, requests, or anything else privacy-related: hi@helmrig.app.