CapySSH Privacy Policy
1. About this policy
This privacy policy explains how CapySSH handles personal data when you use the app. CapySSH is an SSH terminal and file browser client. It is designed to keep all of your data on your device. We do not collect, store, or transmit your data to any servers operated by the developer, and CapySSH has no backend of its own.
CapySSH does not integrate with any third-party services or APIs. The only network communication the app performs is a direct, encrypted SSH/SFTP connection between your device and the server(s) you configure and control. The developer is never a party to that connection and has no visibility into it.
2. Data controller
The data controller for CapySSH is:
Samuel Vella
Email: info@capyssh.com
3. What personal data do we process?
CapySSH processes only the data you enter yourself in order to connect to your own servers. All of it is stored exclusively on your device.
| Data | Source | Stored on device |
|---|---|---|
| Server connection details (hostname/IP, port, username) | Entered by you | Yes |
| SSH passwords (if you choose to save them) | Entered by you | Yes — encrypted |
| SSH private key passphrases (if you choose to save them) | Entered by you | Yes — encrypted |
| SSH private keys (imported or generated on-device) | Imported by you, or generated on-device | Yes |
| Server host key fingerprints ("known hosts") | Obtained from the server on first connection, for security verification | Yes |
| Shortcuts, quick starts, virtual key layout, app settings, recent session history | Created by you | Yes |
We do not collect:
- Your email address, phone number, or physical address
- Device identifiers (advertising ID, IMEI, install ID, etc.)
- Location data
- Usage analytics or telemetry of any kind
- Crash reports
4. How is this data collected?
- Connection details, passwords, and passphrases are typed directly into the app by you.
- SSH private keys are either imported by you from local device storage, or generated on-device when you use the app's key-generation feature. Keys never leave your device unless you explicitly export or copy them yourself.
- Host key fingerprints are received directly from the SSH server you connect to, as part of the standard SSH protocol handshake, and stored so the app can detect if a server's key changes later (protecting you against certain network attacks).
- Shortcuts, settings, and session history are created locally as you use the app.
5. Why do we process this data?
Under the UK General Data Protection Regulation (UK GDPR), we rely on the following lawful bases:
- Performance of a contract with you — storing your connection details, credentials, and keys locally is strictly necessary for the app's core function: connecting you to servers you specify. Without storing this data on your device, the app could not work.
- Consent — saving a password or passphrase is optional and requires you to explicitly opt in (via a "save password" checkbox); you can decline and re-enter credentials each time instead.
6. What happens to your data?
All data processed by CapySSH is stored locally on your device, inside Android's app-private sandboxed storage. It is never uploaded to, or accessible by, any servers run by the developer — because none exist.
Specifically:
- Passwords and key passphrases are encrypted using AES-256-GCM via Android's
EncryptedSharedPreferencesAPI, backed by the Android Keystore. They are excluded from Android device backups for security — if you restore the app on a new device, you will need to re-enter them. - SSH private keys are stored in the app's private file storage, inaccessible to other apps.
- Connection profiles, shortcuts, settings, and session history are stored in a local preferences store and are included in standard Android device backups (if you have them enabled), so they can be restored if you set up a new device.
7. Do we share your data?
No. CapySSH does not sell, trade, or share your data with any third party. There are no analytics SDKs, advertising networks, or crash-reporting services built into the app, and no third-party APIs are used.
The only place your data ever goes is directly from your device to the server address you yourself configure,
over an encrypted SSH/SFTP connection — exactly as if you had used any other SSH client, or the
ssh command line tool, to connect to that same server.
8. International data transfers
CapySSH itself does not transfer data anywhere, since it has no servers of its own. Your SSH traffic goes only to the server address you configure, which may be located anywhere in the world — that choice, and responsibility for that server, belongs to you, not the developer.
9. Security
All app data is stored within Android's application sandbox and cannot be accessed by other apps on your device. Passwords and key passphrases are additionally encrypted at rest (AES-256-GCM). SSH connections use trust-on-first-use host key verification: the app remembers each server's host key fingerprint and warns you if it ever changes unexpectedly, which can indicate a security issue with the connection.
No data is stored on developer-controlled servers, because none exist.
10. How long is your data kept?
Your data is stored on your device for as long as you keep it there. It is not retained by us independently of your device, since we never receive a copy of it.
You can delete individual items at any time — see Section 12. If you uninstall the app, all remaining CapySSH data is removed by Android automatically.
11. Your rights under UK GDPR
As a data subject under UK GDPR, you have the following rights:
- Right of access — all data held by the app is stored on your device and visible within the app itself; there is no separate copy for us to provide, since we never receive one.
- Right to rectification — you can edit any saved connection, password, or setting directly within the app at any time.
- Right to erasure — you can delete individual saved items within the app, or remove all app data at once by uninstalling. See Section 12.
- Right to data portability — most of your data is included in standard Android device backups (encrypted passwords/passphrases are deliberately excluded, for security).
- Right to object / withdraw consent — you can stop saving passwords at any time (simply leave "save password" unchecked, or clear a previously saved one), with no impact on the rest of the app's functionality.
To exercise any of these rights, or if you have questions, contact us at info@capyssh.com.
12. How to delete your data
You're always in control of your data, directly within the app:
- To delete a saved connection (including its saved password): open the connection's settings and choose delete.
- To remove a saved password or passphrase without deleting the connection: edit the connection and clear the saved credential.
- To remove everything at once: uninstall CapySSH. Android automatically deletes all of the app's local data — connection profiles, encrypted credentials, keys, and settings — as part of the standard uninstall process.
13. Children
CapySSH is not directed at children under 13. We do not knowingly process personal data from children under 13. If you believe a child under 13 has used the app, please contact us at info@capyssh.com so we can take appropriate action.
14. Changes to this policy
We may update this privacy policy from time to time. If we make material changes, we will update the effective date at the top of this page. We encourage you to review this policy periodically.
15. Contact us
If you have any questions or concerns about this privacy policy or how CapySSH handles your data: