Privacy Policy
Effective Date: March 23, 2026
This Privacy Policy explains how Endstack ("we," "us," or "our") collects, uses, shares, and protects information when you use the Endstack cloud desktop platform, including the endOS web interface, desktop containers, built-in AI agent, and related services (the "Service") at endstack.com.
We designed Endstack so that your personal files, conversations, and desktop data stay within your own container — not on our servers. This policy explains exactly what we do and do not collect.
1. Information We Collect
1.1 Account Information (Stored by Endstack)
When you sign in via Google OAuth, we receive and store the following in our account database (Supabase/PostgreSQL):
- Name — your Google account display name
- Email address — your Google account email
- Profile picture URL — your Google avatar
- Authentication tokens — managed by Supabase for session management
This is the primary personal information we store outside your container.
1.2 Instance and Infrastructure Metadata (Stored by Endstack)
We store operational metadata necessary to run your desktop:
- Instance mapping — which container is assigned to your account (a unique slug and instance ID)
- Instance state — whether your desktop is running, stopped, or starting
- Team membership — if applicable, your team ID, role (admin/member), and associated plan
- Plan information — your subscription tier and feature entitlements
- Invite code redemption records — that you used a valid invite code (not the code itself long-term)
- API keys — internal service-to-service authentication keys for your instance (not your personal passwords)
1.3 Data Inside Your Container (Stored in Your Container, Not by Endstack)
Everything you create and store inside your endOS desktop lives on persistent storage attached to your container. This includes:
- Files, documents, images, code, and downloads
- AI agent conversation history and memory
- Terminal command history
- Browser data (bookmarks, history, cookies within the in-container browser)
- Application settings and preferences
- Desktop layout and customizations
- Any software you install
We do not have routine access to this data. It resides on your container's encrypted block storage. We do not index, scan, analyze, or mine this content. The Endstack Agent accesses your files only when you instruct it to.
1.4 Information We Do NOT Collect
- We do not use analytics or tracking tools (no Google Analytics, no PostHog, no Segment, etc.)
- We do not use advertising trackers or pixels
- We do not collect behavioral analytics, heatmaps, or session recordings
- We do not sell or share personal information for advertising purposes
- We do not build advertising profiles based on your activity
2. How We Use Information
| Purpose | Data Used |
|---|---|
| Provide the Service | Account info, instance metadata — to authenticate you, provision your container, and route you to your desktop |
| Maintain and operate infrastructure | Instance state, infrastructure metadata — to start/stop containers, manage persistent storage, and ensure uptime |
| Manage teams | Team membership, roles — to enforce access controls on shared desktops |
| Communicate with you | Email address — for account-related notifications, security alerts, and service updates |
| Process AI requests | Conversation messages you send to the agent (see Section 4) |
| Enforce our Terms | Account info, instance metadata — to investigate violations and protect the Service |
| Comply with law | As required by applicable legal obligations |
3. Cookies and Local Storage
3.1 Cookies We Use
| Cookie | Type | Purpose |
|---|---|---|
| Supabase session cookies | Essential | Maintain your authenticated session. Required for the Service to function. |
| Invite code cookie | Functional | Temporarily stores a pending invite code while completing the invite redemption flow. Expires after 10 minutes. |
We do not use analytics cookies, advertising cookies, or third-party tracking cookies.
3.2 Browser Local Storage
The endOS web interface uses browser local storage to cache non-sensitive UI preferences (theme, zoom level, layout settings) for a faster experience. This data stays in your browser and is not transmitted to our servers.
4. Third-Party Services and Data Sharing
4.1 AI Model Providers
When you use the built-in AI agent, your messages and related context are sent to third-party AI providers for processing:
| Provider | Data Sent | Purpose |
|---|---|---|
| OpenAI | Conversation messages, system instructions, file contents you ask the agent to read, images you ask it to analyze | Chat, reasoning, code assistance, image generation, vision |
| Exa | Search queries | Web search on your behalf |
| Morph | Code snippets and editing instructions | Code editing assistance |
Important: We set store: false on OpenAI API requests where supported, opting out of server-side data retention by the provider. However, AI providers may process your data according to their own privacy policies:
We only send data to AI providers when you actively use the AI agent. If you do not use the agent, no data is sent to these providers.
4.2 Infrastructure Providers
| Provider | Role | Data Involved |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure (compute, storage, networking) | Your container and its contents run on AWS EC2 instances with EBS storage in the us-west-2 region. AWS processes data as a sub-processor under their terms. |
| Supabase | Authentication and account database | Account info, instance metadata, team data |
| OAuth identity provider | Name, email, avatar (during sign-in flow) | |
| Vercel | Hosts our landing page and web application | Standard web request data (IP address, browser headers) for the landing site |
| Resend / Amazon SES | Email delivery | Email address and email content for transactional emails |
4.3 Data We Do NOT Share
- We do not sell your personal information to anyone
- We do not share data with data brokers
- We do not provide data to advertisers
- We do not share the contents of your container with third parties, except as described in Section 4.1 when you actively use the AI agent
5. Data Security
5.1 Infrastructure Security
- Your container runs on dedicated compute resources with encrypted block storage (AWS EBS)
- Service-to-service communication uses API key authentication and HTTPS/TLS encryption
- WebSocket connections to your desktop use short-lived, cryptographically signed JWT tickets (EdDSA)
- Container initialization drops elevated system capabilities after setup, following the principle of least privilege
- Team desktop environments provide Linux user-level isolation between team members
5.2 Network Security
- All connections to the Service are encrypted with TLS (HTTPS)
- Remote desktop streaming uses encrypted WebRTC connections
- Internal service communication is secured with API keys and restricted network access
5.3 Access Controls
- Endstack employees do not have routine access to the contents of your container
- Access to infrastructure is limited to authorized personnel for operational purposes (e.g., resolving outages or responding to support requests you initiate)
6. Data Retention
| Data Type | Retention |
|---|---|
| Account information | Retained while your account is active. Deleted upon account deletion request, subject to legal retention requirements. |
| Instance metadata | Retained while your instance exists. Cleaned up after account deletion. |
| Container contents | Retained on your persistent storage while your account is active. After account termination, container data is deleted after a reasonable grace period. |
| AI conversations | Stored locally in your container. We do not retain copies. AI providers may retain data per their own policies (we opt out where supported). |
| Server logs | Operational logs (e.g., API request metadata, error logs) may be retained for up to 90 days for debugging and security purposes. These logs do not contain the contents of your files or conversations. |
7. Your Rights
7.1 All Users
Regardless of your location, you have the right to:
- Access your personal data — your files are directly accessible in your container; account data can be requested via email
- Delete your account and associated data — contact support@endstack.com
- Export your data — your container provides standard Linux tools for file export
- Correct inaccurate account information — update your Google account, or contact us for metadata corrections
7.2 European Economic Area (EEA) / UK Residents (GDPR)
If you are located in the EEA or UK, you also have the right to:
- Restrict processing of your personal data in certain circumstances
- Object to processing based on legitimate interests
- Data portability — receive your personal data in a structured, machine-readable format
- Withdraw consent — where processing is based on consent, withdraw it at any time
- Lodge a complaint with your local data protection authority
Legal bases for processing: We process your data based on (a) performance of our contract with you (providing the Service), (b) legitimate interests (security, fraud prevention, service improvement), and (c) your consent (where applicable, such as optional features).
7.3 California Residents (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, and disclose
- Delete your personal information
- Opt out of the sale of personal information — we do not sell your personal information
- Non-discrimination — we will not discriminate against you for exercising your rights
Categories of personal information collected: Identifiers (name, email), internet activity (operational logs), and professional information (if provided). We do not collect sensitive personal information as defined under the CPRA.
To exercise any of these rights, contact us at privacy@endstack.com.
8. International Data Transfers
Your container runs on AWS infrastructure in the United States (us-west-2 region). If you are located outside the United States, your data will be transferred to and processed in the United States. We rely on standard contractual clauses and provider compliance frameworks (e.g., AWS GDPR Data Processing Addendum) to ensure adequate data protection for international transfers.
9. Children's Privacy
The Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected information from a child under 16, we will delete it promptly. If you believe a child under 16 has provided us with personal information, contact us at privacy@endstack.com.
10. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you via the email address associated with your account at least thirty (30) days before the changes take effect. The "Effective Date" at the top of this policy indicates the date of the last revision.
11. Contact Us
For questions, concerns, or requests regarding this Privacy Policy or your personal data:
- Email: privacy@endstack.com
- General support: support@endstack.com
- Website: endstack.com
If you are in the EEA and have an unresolved concern, you have the right to lodge a complaint with your local supervisory authority.