Privacy Policy

Overview

DuckTerm ("the App") is an iPhone SSH client developed and operated by an independent developer. We take your privacy seriously. This policy explains what data the App accesses, how it is used, and your rights.

SSH Credentials & Private Keys

Passwords, private keys (.pem), passphrases, and any other authentication material you enter are stored exclusively in the iOS Keychain on your device. They are never transmitted to our servers, and they are never copied into iCloud unless you have explicitly enabled iCloud Keychain at the system level — in which case Apple's end-to-end encryption applies and we have no access.

Server List, Workspaces, Snippets

Saved server entries (host, port, username, tags), workspaces, snippets, and shortcuts are stored locally. If you opt in to iCloud Sync in Settings, this metadata is replicated through your personal iCloud (CloudKit) account so it appears on your other devices. Secrets (passwords, keys) are not included in iCloud Sync — those stay in the Keychain only. We operate no servers that hold this data.

SSH, Mosh, and SFTP Traffic

SSH, Mosh, and SFTP sessions connect directly from your iPhone to the host you specify. We do not proxy, decrypt, or store this traffic. If you configure a HTTP/SOCKS5 proxy or ProxyJump bastion, that hop is also user-controlled — DuckTerm only routes packets through what you configure.

Push Notifications

Optional Pro features (agent inbox, completion alerts) deliver push notifications via Apple Push Notification service (APN). Our minimal push relay forwards notification payloads to APN; the payload bodies are end-to-end opaque to us and are kept only long enough to be delivered (then dropped). We do not log, index, or analyze the contents of these notifications.

Inbox & Snapshots (On-Device)

Agent events that land in your Inbox, plus tmux snapshots captured during SSH sessions, are stored on-device only. Free tier retention is 30 days; Pro tier is unlimited. You can clear individual items or the entire Inbox at any time from Settings.

Voice Input

Voice input (Mic / Wispr) uses Apple's on-device Speech Recognition framework. Audio never leaves your device. We do not record, store, or transmit voice samples.

Crash Reporting (Sentry)

We use Sentry to collect anonymous crash reports and performance data. This helps us identify and fix bugs. Crash reports may include:

• Device model and iOS version
• App version and build number
• Stack traces from crashes
• Basic performance metrics

Crash reports do not include your SSH credentials, server list, terminal output, snippets, inbox events, or any personally identifiable information. Sensitive fields (authorization tokens, passwords) are automatically scrubbed before transmission. You can opt out of crash reporting in Settings.

No Advertising, No Tracking

DuckTerm does not include advertising SDKs, analytics trackers, or third-party data collection services beyond Sentry crash reporting (opt-out). We do not sell, share, or monetize your data in any way.

In-App Purchases

Pro tier subscriptions and the lifetime purchase are processed entirely by Apple through the App Store. We do not receive or store your payment information. Receipt validation runs through Apple's standard infrastructure.

Data Deletion

You can delete all DuckTerm data at any time by deleting the app from your iPhone. To also wipe iCloud-synced metadata across devices, sign out of iCloud Sync in Settings before deleting, or delete the DuckTerm container from iCloud Drive in iOS Settings.

Children's Privacy

DuckTerm is not directed at children under the age of 13. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date.

Contact

If you have questions about this privacy policy, contact us at duckterm@limitwatch.app.