SSHWave
Legal

Privacy Policy

The short version: SSHWave collects nothing about you. The long version is below.

Last updated: 3 May 2026

The short version

SSHWave does not collect, transmit, sell, share, or otherwise process any personal data about you. There is no analytics SDK, no crash reporter, no advertising identifier, no telemetry. The only network traffic SSHWave makes is the SSH connection you ask it to make, to the server you tell it to connect to.

What information SSHWave handles

Hosts

For each SSH server you save in the app, you may store: an alias, the hostname or IP address, the port, the username, the chosen authentication method, and free-form notes. This information is stored on your device only, in Apple's SwiftData store inside the app's sandbox.

Passwords and key passphrases

If you choose to save a password or key passphrase, SSHWave stores it in the iOS Keychain. Keychain entries are encrypted by iOS using keys derived from your device passcode and protected by the Secure Enclave. By default we mark them with kSecAttrAccessibleWhenUnlockedThisDeviceOnly, which means:

  • The secret is only readable while the device is unlocked.
  • The secret never leaves the device — it is not included in iCloud, iTunes, or local encrypted backups.

Private keys

SSH private keys are stored in the Keychain. For ed25519 keys generated inside SSHWave on devices that support it, we prefer the Secure Enclave — the raw private key material never leaves Apple's hardware security chip; SSHWave only ever calls SecKeyCreateSignature against a key handle. Imported private keys (those you paste in or import from Files.app) cannot be moved into the Secure Enclave, so they live in the Keychain.

Known-host fingerprints

When you connect to a server for the first time, SSHWave records the server's host-key fingerprint in the Keychain (one entry per hostname:port). On every subsequent connection, we verify the server presents the same fingerprint; mismatches block the connection and require explicit re-confirmation.

Face ID / Touch ID

SSHWave uses Apple's LocalAuthentication framework to gate the app behind biometric unlock when you enable it. The biometric data itself never reaches SSHWave — iOS only tells us "yes" or "no".

iCloud Keychain (optional)

You can opt to store passwords and key passphrases with the iCloud Keychain attribute (kSecAttrSynchronizable) so that they sync across your other Apple devices signed into the same Apple ID. This is end-to-end encrypted by Apple; SSHWave does not see and cannot decrypt the synced data on its way through Apple's infrastructure. This setting is off by default — we will never opt you in silently.

What SSHWave does not do

  • No analytics. We do not use Firebase, Mixpanel, Amplitude, Segment, or any other product analytics SDK.
  • No crash reporting. We do not use Crashlytics, Sentry, Bugsnag, or any other crash-collection SDK at v1.0.
  • No advertising. There are no ads, no advertising identifier (IDFA) requests, and no third-party SDKs that track you across apps.
  • No telemetry. The app does not "phone home" with usage statistics, feature flags, or update checks.
  • No command logging. SSHWave does not write your shell history, the bytes typed, or the bytes received to disk anywhere outside the active session in memory.
  • No accounts. SSHWave has no user accounts, no sign-in, no email collection.

Network traffic

The only outbound traffic SSHWave makes is:

  • SSH connections to the hosts you have configured. These go directly from your device to that server, on the port you specified, using the SSH protocol. SSHWave is not a proxy and does not relay your traffic through us.
  • Apple system services (e.g. iCloud Keychain sync, App Store update checks, Face ID) initiated by iOS itself, not by SSHWave's code.

Children

SSHWave is rated 4+ but is intended for technically inclined users who manage servers. It does not collect any data, so it does not collect data about children either.

Data requests, deletion, and rights

Because SSHWave does not collect or hold any personal data on our servers (we have no servers that touch user data), there is nothing for us to export or delete on your behalf. To delete everything SSHWave has stored on your device, delete the app — iOS will remove its sandbox, including the Keychain entries scoped to its bundle identifier.

If you have any question about how a specific feature handles data, write to support@sshwave.com and we will answer.

Changes to this policy

If we ever materially change how SSHWave handles your data, we will update this page and bump the "Last updated" date above. If a change ever introduces collection of personal data (we have no plans to), we will require explicit opt-in inside the app before turning it on.

Contact

SSHWave is built and maintained in California, United States. For privacy questions, email support@sshwave.com.