Wigwam

Wigwam lets you control your terminal sessions from any device. This policy describes what information we collect, what we do with it, and what we don't do. The short version: your terminal content is end-to-end encrypted and our servers can't read it.

1. Who we are

Wigwam is operated by Vennify. Questions, deletion requests, or anything else: support@wigwam.build.

2. What we collect

Account information

Email address (from your chosen sign-in provider)
A unique account identifier from GitHub, Google, or Apple — or a hashed password if you sign in with email
User settings, team layouts, templates, macros, and keybindings you create

Device information

Device label and platform (e.g. "iPhone", "MacBook")
Device ID (a two-word identifier we generate)
Push notification token (used to deliver alerts)
Your device's public encryption key (so notifications can be encrypted)

Usage data

Product events (e.g. "session started", "button clicked") used to understand which features people use. Events are aggregated into daily metrics and the raw records are deleted after 30 days.
Connection metrics (bytes transferred, connect/disconnect timestamps, disconnect reason) for reliability monitoring.
Error reports (component, stack trace, context) when something breaks.

Cookies and local storage

wigwam_access and wigwam_refresh — secure, http-only cookies that keep you signed in.
Temporary cookies used only during OAuth sign-in and cleared afterwards.
Local storage: your theme preference and encryption keys (which never leave your device).

3. What we do NOT collect

Terminal content. Keystrokes, output, file contents, and any other data that flows between your devices is end-to-end encrypted. Our relay routes the encrypted bytes and rejects unencrypted content at the protocol layer. We have no way to decrypt what you type or see.
Push notification content. Notification titles and bodies are encrypted on the sending device and decrypted on the receiving device. Our servers and the push provider (FCM/APNs) only see "Wigwam — New activity" and an opaque blob.
IP addresses. We briefly read your IP in memory to rate-limit abusive traffic, but we do not store it.
Your code, screenshots, voice, or camera data. The camera is used only locally to scan pairing QR codes. The microphone is used only locally for voice-to-text input that you control. Neither is transmitted or stored.

4. How your data is used

To operate the service (sign you in, route encrypted messages between your devices, deliver notifications you've opted into)
To debug and improve the product (aggregate usage, error reports)
To respond when you contact support

We do not sell your data. We do not share it with advertisers. We do not use it to train AI models.

5. Who processes your data on our behalf

We use a small number of infrastructure providers. They process data only to deliver the service:

Supabase — authentication and database hosting
Hetzner — relay server hosting
Cloudflare — website hosting and DDoS protection
Firebase Cloud Messaging (Google) — Android push delivery
Apple Push Notification Service — iOS push delivery
GitHub, Google, Apple — sign-in providers you choose

6. Retention

Account data and settings: kept until you delete your account
Raw usage events: 30 days
Aggregated daily metrics: retained indefinitely for long-term trends (no personally identifying data)
Error logs: 30 days
Session cookies: expire and are refreshed automatically

7. Your rights

You can:

Request a copy of the data associated with your account
Correct inaccurate information
Delete your account and all associated data

Email support@wigwam.build and we'll handle it within 30 days.

8. Children

Wigwam is not directed at children under 13, and we do not knowingly collect information from them.

9. Changes

If we change this policy materially, we'll update the date at the top and notify signed-in users by email. Continued use after a change constitutes acceptance.

Privacy Policy