Server Manager/ Help
Open Server Manager →

What Server Manager stores about you

A plain-English inventory of every piece of data we hold — your email, your server connection metadata, billing records, usage counts. What we never store: SSH passwords/keys in plaintext, chat history past your session.

Last updated May 27, 2026

This is the practical version of our Privacy Policy — plain English, no legal-speak, organized by "what is this exactly and why does Server Manager need it".

Account information

Set when you sign up.

  • Email address — used to identify your account and send authentication links
  • Name — only if you signed in with Google (populated from your Google profile); never required
  • Authentication provider — which login method you used (Google or email magic link)
  • Account created date — for our records and yours

Saved server profiles (opt-in)

When you save a connection profile so you don't have to re-enter credentials every session.

  • Alias (your label, e.g. "Prod OCI")
  • Host / IP address
  • SSH port (usually 22)
  • Username
  • Encrypted credential blob — the SSH password or private key (encrypted with AES-256-GCM, using a key derived from your passphrase via scrypt). Your passphrase is never stored — see How SSH credentials are handled for the full mechanism.

You can opt out of saving credentials and just save the alias — useful if you want a bookmark without the security exposure.

Active session data (in-memory only)

When you're connected to a server.

  • SSH session credentials — the actual password or unwrapped private key needed to talk to your server. Held only in process memory while the session is open. Never written to disk. Discarded the moment you disconnect or your session times out. This is the most security-sensitive data and it's specifically not stored.

VPS claim records

To prevent the "create a new account to drain free trial on the same server" abuse pattern.

  • Host you connected to (IP or hostname, lowercased)
  • First-claimed timestamp + last-activity timestamp

One active claim per host across all users at a time. See How we prevent abuse for the full picture.

Billing data

Handled by Stripe, with a small mirror on our side.

  • Stripe customer ID — links you to your records on Stripe's side
  • Stripe payment method ID — only if you saved a card for one-tap auto-refill; this is an ID, not a card number
  • Pass start / end dates
  • Cumulative LLM cost on the current pass — used by the in-app usage bar
  • Per-purchase consent log — timestamp, IP, user-agent, and which version of the Terms / Privacy Policy you accepted at each purchase (legal audit trail for the EU Art. 16(m) waiver)

We never see your card number. Stripe handles that end-to-end.

Usage logs

To bill correctly and detect abuse.

  • Per-LLM-call records: tokens used (input, cached input, output), the model name, the calculated cost in EUR, a session ID, an optional recipe identifier. No chat content is included.

Used to drive the usage bar on your Account page and for aggregate anonymized reporting.

Free-tier anti-abuse data

  • Free-tier grant (email + grant date + optional revocation date)
  • Observed VPS hosts linked to your grant — anonymized as just IP/hostname strings; used for the 90-day cross-account match check

File snapshots (Undo)

When Faro is about to overwrite a config file, it captures the current contents so you can Undo.

  • The shell command that triggered the snapshot
  • Each affected file path + the file's bytes as base64 (so we can put it back if you click Undo)
  • The session ID and the host name so we know where to write back

Snapshots are auto-deleted 30 days after capture by a cleanup job. They never include passwords or secrets unless your config file already contained those in plaintext — which it shouldn't (Server Manager always reads from .env / secrets-mount files, not from chat input).

What we explicitly do NOT store

  • Your chat messages with Faro after the session ends. Sessions are RAM-only by design. Close the tab → conversation is gone.
  • Your SSH passwords or private keys in plaintext. Either encrypted with a passphrase only you know, or held only in process memory for the duration of the session.
  • Card numbers, expiry dates, CVVs. Stripe handles those.
  • Your IP address for analytics / fingerprinting. We capture it once per purchase consent (legal audit trail) and never combine it with behavioral data.
  • Analytics or marketing cookies. Only the authentication session cookie is set.

Where this data physically lives

  • Database: hosted on Neon (PostgreSQL, EU region)
  • Application: hosted at our chosen infrastructure provider
  • Billing data: Stripe (Ireland EU entity for European customers; US transfers covered by Standard Contractual Clauses)
  • Email delivery: Resend (US, SCCs)
  • LLM provider: OpenAI (US, SCCs)

For the legally-binding wording, see the Privacy Policy. Anything missing or unclear, email igor.cardines@gmail.com.

Related

  • How your SSH credentials are handledSSH passwords and private keys live only in process memory while a session is open — never on disk. Saved server profiles encrypt credentials with a passphrase only you know. Server compromise leaks ciphertext only; the attacker still needs to brute-force your passphrase per server.
  • What Faro sees in your chatsYour chat messages + relevant server context (inventory output, file contents Faro reads) are sent to OpenAI to generate responses. Chat content isn't stored on our side past your session — it's in-memory only. OpenAI doesn't train on your data per their API policy.
  • Your GDPR rights & data exportUnder EU GDPR you have the right to access, correct, delete, and export your data, and to object to certain processing. How to exercise each right at Server Manager: mostly via email, with response within 30 days as required by law.
  • Deleting your accountOne-click deletion on the Account page. Account is immediately deactivated; data is soft-deleted for 30 days in case you change your mind; hard-deleted after that. Your servers on your hosting provider are untouched — Server Manager only releases its record of them.