Deputy Shell
Privacy Policy
Deputy Shell is a mobile workspace terminal for running project sessions on-device.
Local app data
Deputy Shell stores projects, session metadata, runtime files, workspace files, diagnostics staging files, and agent credential files locally inside app-private Android storage. Android cloud backup and device-transfer backup are disabled for credential, runtime, session-state, and staging paths unless a future account/restore policy explicitly changes that behavior.
Deputy Shell does not automatically upload workspace files. Commands and tools run by the user may communicate with external services, including Git remotes, package registries, websites, APIs, Codex, curl, and project dependencies. Those transfers are initiated by terminal or tool behavior and are subject to the relevant third-party terms.
Diagnostics exports
Diagnostics export is user initiated and metadata-only by default. Deputy Shell does not automatically upload diagnostics ZIP files.
Default diagnostics exclude terminal commands, terminal output, scrollback, transcripts, session-state files, environment values, source snippets, auth or configuration contents, .env files, tokens, passwords, API keys, and private keys.
Firebase Analytics and Crashlytics
Deputy Shell uses Firebase Analytics and Firebase Crashlytics as processors for optional alpha stability monitoring.
Collection is disabled until the user actively chooses one of the monitoring options in the app. The app provides separate controls for crash and ANR reports, and for limited usage statistics.
Data is not linked to a Deputy Shell account.
Deputy Shell does not intentionally attach terminal text, prompts, commands, command output, workspace contents, file paths, project names, session names, credentials, tokens, API keys, private keys, environment values, source snippets, or diagnostics ZIP contents to telemetry.
Crash reports may contain technical stack traces and exception metadata generated by Deputy Shell or Android. Firebase may also process provider-generated events and identifiers, such as app-instance or installation identifiers, app version, Android version, device model, crash metadata, ANR metadata, and automatic Analytics events where applicable.
Deputy Shell custom telemetry is limited to allowlisted operational events such as app readiness, session lifecycle, runtime provisioning result, workspace import or export result, diagnostics export result, and update-check result. Custom telemetry parameters are fixed enum or bucket values only.
User controls
Users can disable crash and ANR reports and limited usage statistics separately in Settings.
Disabling usage statistics stops Deputy Shell custom Analytics events, disables Firebase Analytics collection where supported, and clears local Analytics state or resets the app-instance identifier where supported. This is local device behavior and is not a server-side deletion claim.
Disabling crash reporting immediately stops Deputy Shell-authored non-fatal reports and custom-key updates. Firebase Crashlytics automatic collection is disabled for the next app run where supported, and pending unsent reports are queued for deletion where supported.
Permissions
Notification permission may be used for live terminal-session status.
Storage Access Framework picker access is used when the user imports or exports files.
Foreground and background session behavior is used to keep terminal sessions running when supported by Android.
Contact
For privacy questions, contact privacy@deputyshell.com.
Alpha status
This policy is prepared for alpha testing and must be finalized before public Play Store release.