Skip to main content
taOS
Why Changelog Sign in GitHub
Install

Privacy policy

Last updated: June 2026

taOS is built around data sovereignty: the point of self-hosting is that your data lives on hardware you own. This policy covers the limited data the taos.my website itself handles for accounts and the taOSgo remote-access service. It does not cover what runs on your own taOS host, which stays on your hardware.

What we collect

When you create a taos.my account, we store:

  • Your email address, and your password stored only as a salted argon2id hash (never in plain text).
  • A username you choose, which is public as your subdomain (username.taos.my).
  • Optionally, a display name if you choose to give one, used to greet you and on receipts. You can add, change, or remove it at any time from your account page.
  • Whether you have opted in to product-update emails, and the date you opted in, so your choice is recorded. This is off unless you turn it on.
  • Your taOSgo subscription status and renewal dates, and a reference id for your Stripe customer record.
  • The taOS hosts you link to your account, identified by a random handle, so the browser relay can reach them.
  • A session identifier, stored in a secure, httponly cookie, so you stay signed in.

Separately, taOS hosts can send an anonymous version check so we can count active installs. That carries only a random identifier generated on the device, the version, and a coarse platform name. No IP addresses, no user agents, and no request logs are stored for it, and it is not linked to your account. It can be turned off in taOS settings.

What we do not collect

We do not see or store your card details: payment information goes directly to Stripe. We do not store the contents of your taOS desktop, your files, your agents' memory, or your messages; those live on your own host. We do not sell your data, and there are no advertising or cross-site tracking cookies on this site.

How we use it

Your account data is used only to operate the service: to sign you in, to run your taOSgo subscription, to send transactional email (verification and password reset), and to route the browser relay to your own host when you are off your home network. Entitlement to remote access is checked from your subscription status. Our lawful basis for this is performing our contract with you.

If, and only if, you opt in, we also send occasional product-update emails. The lawful basis for these is your consent, which you can withdraw at any time from your account page or via the unsubscribe link in the email; withdrawing it does not affect the account and billing emails, which are part of the service.

Who we share it with

  • Stripe processes payments and stores your card details under its own privacy policy. We hold only a customer reference and your subscription status.
  • Our mail server sends verification and password-reset emails from support@taos.my.
  • A self-hosted Headscale coordination server manages the private network that connects the relay to your host. It is operated by us, not a third party.
  • If website analytics are enabled, they use Umami, which is cookieless and stores no personal data.

Cookies

We use a single essential cookie: your session cookie, which keeps you signed in. It is httponly, secure, and same-site. There are no tracking or advertising cookies.

Your rights

From your account page you can, at any time:

  • Export a copy of all the data we hold about your account, as a file.
  • Delete your account and everything tied to it. Deletion also cancels any taOSgo subscription and removes your host from the network. This cannot be undone.
  • Correct your details, such as changing your username or display name.
  • Withdraw consent to product-update emails, by turning off the preference on your account page.

If you are in the UK or EU, these reflect your rights to access, portability, rectification, erasure, and to withdraw consent. You also have the right to complain to the Information Commissioner's Office (ICO). To exercise any right you cannot complete yourself, or to raise a concern, contact us below.

Retention and security

We keep your account data until you delete your account. One exception: records we need for tax and accounting, such as proof of a payment, may be kept for as long as the law requires (in the UK this is typically around six years) even after your account is closed. Passwords are hashed with argon2id, traffic is served over HTTPS, and sessions can be revoked. The anonymous install count is kept as aggregate history and is not tied to you.

Contact

Questions about your data or this policy: support@taos.my. Security reports: security@taos.my (see also security.txt).

taOS
GitHub Changelog Privacy Terms Contact

© 2026 jaylfc. Built in the UK on a very small computer.