1. Overview
RudyDesk is a peer-to-peer (P2P) remote desktop application. Your privacy is our top priority. We collect minimal data and never sell or share your personal information with third parties.
2. Data We Collect
- Device ID — A randomly generated 9-digit identifier stored locally on your device. It is not linked to your personal identity.
- Connection metadata — When you connect to another device, the signaling server temporarily processes device IDs and IP addresses to establish the P2P connection. This data is not stored permanently.
- Push notification tokens — If you enable push notifications, your FCM/APNs token is stored on the server to deliver notifications. You can unsubscribe at any time.
3. Data We Do NOT Collect
- We do not record, store, or transmit screen content, keystrokes, mouse movements, or any data from your remote sessions.
- We do not collect names, email addresses, phone numbers, or any personally identifiable information.
- We do not use analytics trackers, advertising SDKs, or third-party data collection tools.
4. Peer-to-Peer Architecture
All remote desktop sessions use WebRTC for direct peer-to-peer connections. Video, audio, input, and file transfers flow directly between your devices, encrypted with DTLS-SRTP. The signaling server only facilitates the initial connection handshake — it never sees your session data.
5. Encryption
- Transport — All WebSocket connections to the signaling server use TLS (WSS).
- Sessions — All WebRTC sessions are encrypted end-to-end with DTLS-SRTP.
- Remote Shell — Shell commands use ECDH key exchange + AES-256-GCM encryption over DataChannel.
- Passwords — Permanent passwords are hashed with bcrypt on the server side.
6. Local Storage
Settings, address book, connection history, and 2FA secrets are stored locally on your device using browser localStorage (PWA) or AsyncStorage (mobile app). This data never leaves your device unless you explicitly share it.
7. Third-Party Services
- Google STUN servers — Used for NAT traversal during WebRTC connection establishment. Only your IP address is visible to these servers.
- Firebase Cloud Messaging — Used for push notifications on Android. Subject to Google's privacy policy.
- Apple Push Notification Service — Used for push notifications on iOS. Subject to Apple's privacy policy.
8. Children's Privacy
RudyDesk is not intended for use by children under 13. We do not knowingly collect information from children.
9. Data Retention
The signaling server maintains an in-memory list of connected devices. This data is purged when the server restarts or when a device disconnects. Audit logs are retained for up to 5 MB and automatically rotated.
10. Your Rights
You can delete all locally stored data by clearing your browser/app data. To remove your push notification subscription, disable notifications in the app settings.
11. Contact
For privacy-related questions, contact us at privacy@rudydesk.com.
12. Changes
We may update this policy from time to time. Changes will be posted on this page with an updated revision date.