IM.codes — Privacy Policy

Last updated: March 2026

Data Storage

IM.codes is a self-hosted platform. Your data is stored on your own server or on app.im.codes if you use the hosted service. We do not operate centralized data collection infrastructure.

What We Store

• Account credentials (hashed passwords or passkeys)
• Server and session configuration
• Chat messages and terminal output relayed through the server
• Push notification tokens (if enabled)

Data Ownership

You own your data. All data resides on infrastructure you control (self-hosted) or on the hosted service you opt into. You can export or delete your data at any time.

Third-Party Sharing

We do not sell, share, or transfer your data to third parties. The server acts as a relay between your browser/mobile app and your daemon — data passes through but is not harvested or analyzed.

Account Deletion

You can delete your account and all associated data from the app settings. For self-hosted instances, removing the server removes all data. On the hosted service, account deletion permanently removes all stored data.

Cookies & Analytics

The web app uses localStorage for session preferences (theme, language, server URL). No third-party analytics or tracking cookies are used.

Security

All connections use HTTPS/WSS. Bot credentials are encrypted with AES-256-GCM at rest. Authentication uses JWT tokens with configurable signing keys.

Contact

For privacy questions, open an issue on GitHub.