Privacy Policy

Last updated: November 21, 2025

Introduction

XTRO.dev ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Xtro, our multi-device terminal broadcasting system. We comply with GDPR, CCPA, and other applicable data protection regulations.

Scope

This Privacy Policy applies only to Xtro and does not apply to any third-party applications, services, or websites that you may access through Xtro, including your IDE (VS Code, Cursor), terminal applications, or any code repositories you interact with.

Information We Collect

Account Information

When you sign up for Xtro, we collect:

  • Email address (for account creation and communication)
  • Payment information (processed securely by Stripe; we do not store full credit card details)

Device Pairing Information

To enable cross-device terminal access, we collect:

  • Device identifiers (unique IDs for your Mac and iOS devices)
  • Device names (e.g., "MacBook Pro", "iPhone")
  • Pairing tokens (randomly generated tokens used during QR code pairing; these contain your computer name and expire after 5 minutes)
  • Connection metadata (timestamps, connection status)

Terminal Session Data

To provide our core service of cross-device terminal broadcasting, we transmit:

  • Terminal output and input (commands and their results)
  • Session identifiers
  • Terminal state information (screen dimensions, cursor position)

Important: Terminal data passes through our relay servers to enable iOS connectivity. Local VS Code connections use direct WebSocket connections (localhost:8765) and do not pass through our servers.

How We Use Your Information

We use the collected information to:

  • Provide and maintain the Xtro service
  • Enable terminal broadcasting across your devices
  • Authenticate and authorize device connections
  • Process payments and manage subscriptions
  • Send service-related notifications and updates
  • Provide customer support
  • Improve and optimize our service

Data Storage and Retention

Your data is stored as follows:

  • Terminal Data: Terminal sessions are transmitted in real-time through our relay servers but are not logged or stored. Once delivered to your connected devices, the data is removed from our servers.
  • Account Data: Stored in our secure database (Supabase) for as long as your account remains active.
  • Pairing Tokens: Generated locally on your Mac and embedded in QR codes. These tokens automatically expire after 5 minutes and are cleared after successful pairing. They are never stored on our servers.
  • Device Pairing Records: After successful pairing, we store device identifiers and names to maintain authorized connections between your devices.
  • Payment Information: Processed and stored by our payment processor (Stripe) in compliance with PCI-DSS standards.

Data Sharing and Disclosure

We do not sell your personal information. We may share your data only in the following circumstances:

  • Service Providers: We use third-party services (Supabase for database, Stripe for payments, Cloudflare for DNS) that process data on our behalf under strict confidentiality agreements.
  • Legal Requirements: We may disclose information if required by law, court order, or governmental request.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

Security

We implement industry-standard security measures to protect your data:

  • All connections use TLS/SSL encryption (wss:// protocol)
  • WebSocket connections are authenticated using secure tokens
  • Device pairing uses locally-generated tokens that automatically expire after 5 minutes
  • AES-256 encryption keys are generated during pairing and stored securely in macOS Keychain
  • Payment processing is handled by PCI-DSS compliant providers (Stripe)

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Your Data Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data
  • Portability: Request transfer of your data to another service
  • Objection: Object to processing of your personal data
  • Restriction: Request restriction of processing your data

To exercise these rights, please contact us at [email protected].

Cookies and Tracking

Our website uses minimal cookies for essential functionality only. We do not use tracking cookies or third-party analytics that collect personally identifiable information.

Children's Privacy

Xtro is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal data, please contact us.

International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes that affect how we handle your data, we will provide advance notice via email.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

XTRO.dev
1021 E Lincolnway, #8183
Cheyenne, WY 82001
United States

Email: [email protected]