AI Privacy and Data

Last updated: April 2026

We believe you should have full visibility into what data leaves your machine and when. This article explains exactly how RockTerm's AI features handle your data.

Which Provider

RockTerm supports two AI providers: Anthropic Claude and OpenAI GPT. You choose which one to use in Edit → Preferences → AI Assistant and supply your own API key. AI requests go directly from your machine to the provider you selected — they are never proxied through any Rock River Research server. The endpoint is api.anthropic.com for Anthropic and api.openai.com for OpenAI.

When Data Is Sent

RockTerm's AI features operate on an explicit invocation model only. Data is sent to the provider API under the following conditions:

• Only when you explicitly invoke an AI feature. No data is ever sent in the background, automatically, or on a schedule.
• No telemetry. RockTerm does not collect usage analytics, crash reports, or any form of telemetry that involves transmitting data off your machine.
• No background communication. When the AI panel is idle, RockTerm makes zero network requests to Anthropic, OpenAI, or Rock River Research.

What Is Sent

When you submit a question from the AI panel, the following data is transmitted to the provider you selected:

• Your prompt. The question or instruction you type into the AI panel.
• Terminal context (if included). If the Include terminal context checkbox is enabled, a portion of recent scrollback from the active session is attached. If you right-clicked a selection and sent it to the panel, only that selection is attached. Both forms of context are visible in the panel before you submit, and they are also recorded in the chat history right before your question so past conversations stay interpretable.

What Is NOT Sent

RockTerm is designed to protect sensitive authentication information:

• SSH passwords are never included. RockTerm strips password prompts and authentication exchanges from the context sent to the API.
• SSH private key files are never included. Key file contents are never read or transmitted as part of AI context.
• SSH key passphrases are never included. Passphrase prompts are excluded from AI context.

Important note: Hostnames, IP addresses, and other connection details that appear in your terminal output may be visible in the context sent to the API. If this is a concern for your environment, see the section on sensitive environments below.

Data Retention by the Provider

Once your data reaches the provider API, it is subject to that provider's data handling policies. For full details on how each provider stores, processes, and retains API data, refer to their privacy policies and API terms of service:

• Anthropic Privacy Policy
• OpenAI Privacy Policy and API Data Usage Policies

Rock River Research has no control over data retention once it has been transmitted to the provider API. If privacy or data retention is a concern for your environment, review the terms of whichever provider you plan to use before enabling AI features.

Sensitive Environments

If you work in a government, healthcare, financial, or other regulated environment, consider the following before enabling AI features:

• Evaluate your compliance requirements. Determine whether transmitting terminal context to a third-party API is permitted under your organization's security policies and applicable regulations (e.g., HIPAA, FedRAMP, PCI-DSS).
• AI can be disabled entirely. If AI features are not appropriate for your environment, you can leave them disabled. AI features are off by default and RockTerm functions fully without them.
• Disable for specific sessions. If you use AI features in some contexts but not others, you can disable AI on a per-session basis. This is useful when connecting to sensitive hosts where terminal output should not leave the machine.
• Consult your security team. If you are unsure whether AI features are appropriate for your use case, consult your organization's information security team before enabling them.

Local Data

All RockTerm configuration data remains on your machine:

• Settings and preferences are stored locally and are never transmitted anywhere.
• Connection profiles (hostnames, usernames, port configurations) are stored locally and are never sent to Rock River Research or any third party.
• Session logs, if enabled, are written to your local filesystem only.
• Nothing is sent to Rock River Research. RockTerm makes no network requests to Rock River Research servers under any circumstances.

← Back to Support Articles

Still need help?

If you're still experiencing issues, contact us or email info@rockriverresearch.com.