Legal

Privacy

Last updated: May 8, 2026

The short version

Viewport is built around two privacy invariants. First, the daemon runs on your machine and is the only component that touches your code. Second, the relay and control plane handle session metadata like working directory, repo, status, and summary. Never transcripts, tool output, file contents, or secrets. Context vault bodies are encrypted at the edge. Our servers see only ciphertext.

What we collect

Session metadata. Id, machine id, working directory path, repo metadata (remote, branch, sha), status, last activity, and a short summary the daemon emits. This is what powers the sessions list and inbox.

Account data. Your email, organization name, team membership, payment info. Payments are handled by Stripe. We never store card numbers.

Audit ledger. Who decided what, and when. This is yours. Export to JSON anytime.

What we don't collect

We don’t collect prompts, agent transcripts, tool output, file contents, secrets, or environment variables. The daemon holds those locally; opening a session in the web app fetches detail from your machine on demand.

Self-hosting

On Enterprise, the relay and control plane run on your infrastructure. Our role is purely as a software vendor: we don’t see anything that flows through your self-hosted stack.

Contact

Questions about how Viewport handles your data? Email privacy@getviewport.com.