Privacy

Your data stays on your machine unless you explicitly send it somewhere.

AI NetShell is local-first. This page describes exactly what that means in practice — no vague promises, just where each class of data lives and where it's allowed to go.

What we collect

Nothing, in the default build

AI NetShell has no analytics, no telemetry, and no "phone home" by default. We — the vendor — do not receive your device output, credentials, prompts, inventory, or usage data. There is no vendor backend that your client reports to.

Stays on your device

What never leaves your machine

Credentials

SSH/RDP/serial passwords and keys, and your AI provider keys, live in your operating system's secure credential store (e.g. Windows Credential Manager). There is no code path that reads a stored secret back out to the UI or to the AI.

Device inventory

Device names, hostnames/IPs, and groups are stored in a local file in the app's data directory.

Session scrollback

Kept in memory only, in a bounded buffer, and cleared when you close the session or clear context.

Case notes & exports

Created locally; exports are age-encrypted and saved where you choose.

Only when you act

What leaves your device, and to whom

Your network devices

Over SSH, RDP, serial, or file transfer, using credentials you provide. Server identity is verified on first use; a later mismatch is refused.

Your chosen AI provider (BYOK)

Only when you use the assistant. What's sent: your questions and redacted device output — secrets are stripped before the model ever sees them. Your API key travels in the request body, never logged. Your data is then subject to that provider's own privacy terms.

License validation (Lemon Squeezy)

On paid tiers, activating and periodically validating a license sends only your license key and a machine instance ID to Lemon Squeezy's license API — nothing else. No device data, prompts, or credentials are part of that call.

An optional NetClaw gateway integration (off by default, separately opted in) sends your questions, the list of your currently-open session names/OS/management IPs, and an operator token to your own gateway over a pinned TLS connection — it is an external agent that reaches devices with its own credentials, outside the app's read-only guarantee, and is always presented distinctly in the app.

The AI assistant

What the model does and doesn't see

  • The AI only ever receives redacted device output.
  • It cannot read your credentials — enforced structurally, not just by policy.
  • Prompts and completions are not logged or persisted by AI NetShell.
  • Bring-your-own-key means inference happens under your own provider account; we don't proxy or retain your conversations.
This website

ainetshell.com itself

This marketing site loads no third-party trackers, ad pixels, or session-replay scripts. The only analytics we use is Cloudflare's cookieless Web Analytics beacon — it doesn't use cookies or persistent identifiers and doesn't fingerprint visitors. It measures aggregate traffic only (which pages, how many visits); it never touches anything about your use of the desktop app.

Future opt-in diagnostics, if any, will be off by default, clearly described, and will never carry device output, credentials, or prompt/completion content. Privacy and security questions: security@ainetshell.com.