Privacy

Short version: Haven runs on your machines. Your terminal output, scrollback, files, and SSH credentials stay on your systems and never reach our servers. The only time your data touches our backend is when you explicitly invoke an optional AI feature — see below.

Where things actually live

On your Mac

  • App state — saved hosts, preferences, window layout — is a single JSON file at ~/.haven/app-state.json.
  • SSH passwords are stored in the macOS Keychain under the service com.haven-terminal. They are never written to disk in plaintext, and are never included in app-state.json.
  • Local terminal scrollback lives at ~/.haven/sessions/<id>/transcript.bin and is encrypted at rest with a per-session key.

On your remote hosts

  • The Haven daemon runs from ~/.haven/bin/haven-session-daemon. It's open source — github.com/christiansafka/haven-daemon.
  • Remote session scrollback lives at ~/.haven/sessions/<id>/transcript.bin on the remote host, encrypted at rest the same way.
  • Haven talks to the daemon through a private Unix socket on the remote host with restricted file permissions and a per-launch auth token, so other users on the same machine can't reach it. The connection itself rides on your existing SSH session.

What we collect

We use PostHog for product analytics so we can fix bugs and figure out what to build next. An event is sent when:

  • The app starts.
  • You take an action like creating a session, opening a view, or invoking a shortcut. We send the feature name only — never hostnames, paths, commands, or anything you typed.
  • An unexpected error or crash occurs. The error message and stack trace are included, with user paths stripped.

PostHog records standard request metadata (e.g. OS version). We do not capture session replays, screen recordings, or keystrokes.

AI features

Haven includes optional AI features — currently terminal command generation (Cmd+K) — that send limited data to a Haven-operated backend, which forwards it to a third-party AI provider to generate a response. These features only run when you explicitly invoke them.

  • Haven does not store this data.
  • Neither Haven nor any third-party AI provider uses this data to train or fine-tune models.
  • No terminal output, scrollback, file contents, hostnames, or SSH credentials are ever sent.

What we never collect

  • Terminal output, scrollback, or anything you type
  • File contents, paths, or directory listings
  • Hostnames, IPs, or SSH credentials of your remote machines
  • Commands or their results

Questions?

If anything here is unclear or you'd like more detail, . The legal version of all this is on the Privacy Policy page.

Get in touch

Question, bug report, or feature request — we read everything.