That's right. That's one of the big security considerations we've had in mind from the start, so we've provided a lot of documentation and notices about what we do and don't track [1] and how to use Shellvault while building strong security habits. We've done our best to be upfront about privacy throughout the site.
"We've provided instructions on how to keep your servers safe in the events of a Shellvault data breach. We're not liable for compromised servers that result from not implementing these policies."
Will you accept liability for compromised servers that result from a fault in your code, service or practices when the policies you recommend are implemented in accordance with your documentation?
We don't log any SSH usage details, ever.
[1]: https://www.shellvault.io/policies/privacy-policy/