← Back to pmux.io

Privacy Policy

Effective March 1, 2026

PocketMux and pmux are products of ShiftinBits Inc. ("ShiftinBits," "we," "us," "our"). This policy describes how we handle your data.

PocketMux is designed so we can't see your data. Terminal content is encrypted end-to-end between your devices, either over a direct peer-to-peer connection or relayed through Cloudflare when a direct connection isn't possible. Either way, the data is encrypted before it leaves your device, and our server never sees the data or encryption keys.

What the server stores

The PocketMux signaling server stores the minimum needed to pair your devices:

  • Device public keys — Ed25519 public keys used to verify device identity. These are not sensitive and cannot be used to derive private keys.
  • Device names — A name you choose when setting up your device (e.g., "My MacBook").
  • Pairing relationships — Which mobile device is paired with which host. Each host pairs with exactly one mobile device.
  • Pairing codes — Temporary 6-character codes used during device pairing. These expire after 5 minutes and are deleted.

That's it. No email addresses, no passwords, no account profiles.

What we never see

The server has no access to:

  • Your terminal content, commands, or output
  • Session names, window layouts, or pane contents
  • When or how often you use your terminal
  • File contents, environment variables, or system information

This isn't a policy choice, it's an architectural guarantee. Terminal data is encrypted end-to-end before it leaves your device. The PocketMux signaling server never has the keys to decrypt it. When connections are relayed through Cloudflare's TURN servers, the data remains encrypted. The relay handles only opaque, encrypted bytes.

How connections work

When you connect to a tmux session from your phone, PocketMux attempts to establish a direct peer-to-peer connection between your devices using WebRTC DataChannels. All data is encrypted with DTLS before leaving your device.

The PocketMux signaling server's only role is connection setup, relaying the network information your devices need to find each other (SDP offers and ICE candidates). It sees connection metadata, not terminal content.

When a direct connection isn't possible (due to firewalls, NAT, or network configuration), your encrypted traffic is relayed through Cloudflare's TURN servers. This is common and expected. The DTLS encryption is maintained end-to-end. The relay server handles only opaque, encrypted bytes and cannot read your data.

In both cases, direct or relayed, your terminal data is encrypted before it leaves your device and can only be decrypted by the other paired device.

Authentication

PocketMux uses Ed25519 cryptographic keypairs for device identity. When you run pmux init or launch the mobile app for the first time, a keypair is generated on your device. Your identity is your key. There are no usernames, email addresses, passwords, or third-party login providers.

No analytics or tracking

PocketMux does not use cookies, analytics, telemetry, or third-party tracking scripts. This website uses self-hosted fonts to avoid external requests. The mobile app does not contain any analytics SDKs.

Infrastructure & third parties

PocketMux runs on Cloudflare's infrastructure:

  • Signaling server — Cloudflare Workers and Durable Objects handle device pairing and connection setup. Cloudflare provides encryption at rest and in transit.
  • TURN relay — When direct connections fail, Cloudflare's TURN servers relay your encrypted traffic. They handle encrypted bytes only and cannot decrypt your data.

Rate limiting uses IP addresses to prevent abuse. PocketMux does not log or store IP addresses, but Cloudflare may collect standard request metadata (IP addresses, timestamps, request counts) as part of their infrastructure. Cloudflare's handling of this data is governed by Cloudflare's privacy policy.

Cloudflare is the only third-party service PocketMux depends on. There are no analytics providers, ad networks, or data brokers.

Open source

The PocketMux signaling server, host agent, and shared protocol are open source under the MIT license. You don't have to take our word for any of this — you can read the code.

Deleting your data

To remove your device pairing from the server, re-pair with a new device or unpair via the CLI. There is no account to delete because there is no account — your device's keypair is your only identity, and it lives solely on your device.

Changes to this policy

If we update this policy, we'll post the revised version here with an updated effective date. Because our architecture enforces most of these guarantees, meaningful changes would require a fundamentally different system — which we have no plans to build.

Contact

Questions about this policy or privacy model? Reach us at [email protected].