Termimal LogoTermimal LogoTermimalBeta

Privacy Policy

Last updated: 26 May 2026

1. Information We Collect

Hiram OÜ respects your privacy. We collect minimal information required to provide our service: your name, email address, payment method (handled by Stripe — we never store full credit-card details), and the platform-usage data described below.

2. Session Telemetry & Security

For account-security and abuse-prevention, every sign-in to your Termimal dashboard records a row in our login_events table containing:

  • The IP address you signed in from (ISO country, city, region — derived from Cloudflare's geo-IP)
  • Your device class (desktop / mobile / tablet), browser, and OS, derived from the User-Agent string
  • A locally-derived device fingerprint — a 16-character hash of your screen, GPU vendor and timezone, computed in your browser. This fingerprint is stored only on our database; it is NEVER shared with any third party and is NOT used for cross-site tracking
  • The sign-in method (password, Google, Apple, magic link, etc.) and whether the attempt succeeded
  • An anomaly score (0-100) computed against your own history; if the score is high we email you to confirm the sign-in

Session telemetry is retained for 90 days and then automatically deleted. You can review every recorded session at dashboard → Profile → Recent sessions, mark them as safe, or use "This wasn't me" to revoke every active session and reset your password.

3. How We Use Your Data

We use your data to: authenticate your account, save your terminal layouts and watchlists, process subscriptions, detect unusual sign-ins (see section 2), monitor platform performance, and send essential service updates. We do not use your data for automated decision-making, profiling, or advertising.

4. Cookies & Local Storage

We use session cookies (HttpOnly, Secure, SameSite=Lax) to keep you signed in. Local-storage entries hold the idle-timeout timestamp and your dismissed install-prompt state. We do not use any third-party advertising or tracking cookies.

5. Sub-processors

We do not sell, rent, or trade your personal data to third parties. We only share information with the trusted infrastructure providers required to operate the service, each bound by a Data Processing Agreement. The current list is kept up to date by our compliance team and may change as the platform evolves — subscribe to /changelog for material updates.

The current sub-processor list is being refreshed. Please contact support for an up-to-date copy.

6. Your Rights (GDPR)

Hiram OÜ (an Estonian private limited company) is the data controller for the processing described here; reach our privacy contact at privacy@termimal.com. Under the General Data Protection Regulation (GDPR) you have the right to access, correct, export (data portability), and request deletion of your personal data, to restrict processing, and — where we rely on legitimate interest (see section 9) — the right to object under Article 21. You may exercise these rights at any time by contacting us or deleting your account via the dashboard. When you delete your account, every row tied to it (profile, login_events, customer notes, subscription overrides, credits, admin_user_profiles) is automatically removed via cascading foreign keys.

If you believe we have mishandled your data, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, aki.ee) or with the supervisory authority in your EU/EEA country of residence.

7. Screen Watermarking

Pages inside the dashboard render a low-opacity watermark containing your email address. This deters account-sharing — leaked screenshots identify the account-holder. The watermark is purely visual; no biometric or device data is captured.

8. Signup Anti-Abuse Fingerprint

Free trials are a finite, costly resource. To stop a small number of users from creating multiple trial accounts to bypass the trial limit (a practice that drives prices up for everyone else), our signup page records a short fingerprint at the moment you create an account. It captures:

  • Your IP address and Cloudflare-derived country
  • A SHA-256 hash of a small set of browser signals — canvas paint output, WebGL renderer (GPU model), installed system fonts, screen size, timezone, language, hardware concurrency. These are hashed server-side; the raw values are not stored long-term as PII
  • A SHA-256 hash of your normalised email address (so changing the casing or aliasing the address still maps to the same identity for our abuse check, but the raw email isn't kept in this row)

If three or more accounts are created from the same fingerprint or IP within 60 days, new signup attempts from that source are blocked and a clear support-contact message is shown. Lower match counts simply flag the row for an admin to review — your signup still completes.

This data is stored only in signup_fingerprints, is used exclusively for fraud prevention, is never sold or shared, and is automatically purged after 12 months. If you believe you've been incorrectly blocked, contact support and we'll reset the flag.

9. Legal Bases for Processing

We process personal data only where a GDPR Article 6 legal basis applies:

  • Contract (Art. 6(1)(b)) — to create your account, provide the Service, and process your subscription.
  • Legitimate interests (Art. 6(1)(f)) — account security, anomaly detection, and signup anti-abuse / one-account-per-person enforcement (sections 2 and 8). We have weighed these interests against your rights and freedoms; you may object under Article 21.
  • Legal obligation (Art. 6(1)(c)) — to meet tax, accounting, and other statutory requirements.
  • Consent (Art. 6(1)(a)) — where we ask for it explicitly; you may withdraw consent at any time.

10. Children

The platform is intended exclusively for users aged 18 years or older, in accordance with Terms of Service section 2. We do not knowingly collect personal data from any person under the age of 18. At sign-up, every user must affirmatively confirm they are 18 or older. If we become aware that a person under 18 has created an account, we will close the account and delete the associated personal data without undue delay. If you are a parent or guardian and believe your child has provided us with personal data, please contact privacy@termimal.com.

11. Personalized Research (opt-in)

If you turn on “Personalized research” in Settings, we use your own activity on the platform (the features and instruments you interact with, recorded in our feature-usage logs) and your watchlist to tailor research insights shown only to you.

  • Legal basis: your consent (GDPR Art. 6(1)(a)). We record the date and state of your choice in our consent ledger.
  • It is OFF by default — nothing is personalized until you opt in.
  • We do not use this data for advertising, for automated decisions producing legal or similarly significant effects (Art. 22), or share it with any third party.
  • You may withdraw at any time by switching the setting off — as easy as turning it on (Art. 7(3)). Withdrawal stops personalization immediately.
  • This data is included in your data export and is deleted when you delete your account.
Termi
Termimal Support · Online
Hi, I'm Termi 👋 — Termimal's AI assistant, not a human. I can help you navigate the platform, explain features, and answer questions about plans, supported markets, and your account. I may make mistakes, so please verify anything important before relying on it. I can't give investment, tax, or legal advice. How can I help?
AI-assisted support · For account issues, email support@termimal.com