Privacy
>shell-mirror is a personal tool for accessing your own terminal session from your own phone.
We keep the wording here simple on purpose. If the product asks you to sign in, it should be clear what that sign-in is for and what it is not for.
Sign-in
>shell-mirror uses Google OAuth 2.0 for authentication. When you sign in, we receive your name, email address, and Google profile ID. This information is used to connect your phone and computer to the same session. We do not request access to your Google contacts, files, calendar, or any other data beyond your basic profile.
Terminal data
Your terminal input and output are transmitted directly between your computer and your phone using a WebRTC peer-to-peer data channel. The >shell-mirror signaling server handles the initial connection setup (exchanging WebRTC offers, answers, and connection candidates) but does not see or store your terminal content.
When a direct peer-to-peer connection cannot be established (for example, due to network configuration), a TURN relay server is used to route the connection. In this case, terminal data passes through the relay, but the WebRTC data channel remains encrypted (DTLS-SRTP).
Session information
The >shell-mirror agent running on your computer sends a status heartbeat to shellmirror.app approximately every 60 seconds. This heartbeat includes your agent ID, machine name, platform, and the number of active sessions. It does not include any terminal content, commands, or output.
Data storage
>shell-mirror does not use a database for terminal sessions. Your sessions exist in memory on your own computer and are lost when the agent stops. The signaling server holds connection state in memory only.
Your sign-in session is stored as a browser cookie that expires after 30 days.
Analytics
The >shell-mirror website (this marketing site and the dashboard) uses Google Analytics 4 and Microsoft Clarity for standard web analytics. These services use cookies. The terminal data path itself does not include analytics tracking.
Third-party services
- Google OAuth 2.0 — authentication
- Google Analytics 4 — web analytics on the marketing site and dashboard
- Microsoft Clarity — session recording on the marketing site and dashboard
- OpenRelay TURN server — WebRTC relay fallback when direct peer-to-peer is not possible
>shell-mirror uses Google sign-in. It requests only your basic profile information (name and email) to authenticate your session. If you want to review or revoke this access, you can do so in your Google account settings.