Privacy Policy

TermRover is an SSH and tmux terminal client for iOS and Android. This policy explains what it stores on your device and the only times data leaves it: your own SSH connections, optional voice dictation, and opt-out diagnostics.

What TermRover stores on your device

• Host profiles — the hostnames, ports, usernames, and tmux preferences you enter for the servers you connect to.
• Credentials — the SSH passwords and private keys you add, held in each platform's recommended secure storage (an AES-256-GCM blob keyed by Android Keystore on Android; iOS Keychain on iOS). Your private key never leaves the device — it's used locally to sign SSH authentication challenges.
• Known server keys — the fingerprint of each server's host key, so the app can warn you if it ever changes (a sign of a possible interception).
• Local preferences — theme, font size, and your open tabs, so sessions restore between launches.

All of the above is stored locally. TermRover has no backend; none of it is uploaded to us or to any third party, and it is not included in diagnostics.

SSH connections

When you open a session, TermRover connects directly from your device to the server you specified, over the SSH protocol. The contents of that session — what you type and what the server returns — flow only between your device and that server. We are not a relay or proxy and have no visibility into this traffic.

Voice dictation (optional)

If you use the microphone button, the app records audio only while you're actively dictating and converts it to text using your platform's built-in speech recognition (Apple's Speech framework on iOS, Android's SpeechRecognizer). Depending on your device, that may run on-device or be sent by the OS to the platform provider (Apple or Google) under their privacy policy, not ours. TermRover never stores the audio or sends it to us — only the resulting text lands in the command composer for you to review.

Permissions we request

• Internet — to open SSH connections to your servers.
• Microphone — only for the optional voice dictation feature above.
• Notifications & foreground service (Android) — to keep an active session connected briefly while the app is backgrounded, with a visible notification.

Diagnostics (Firebase)

To fix bugs and understand how the app is used, TermRover sends two kinds of diagnostic data to Google's Firebase on both iOS and Android, enabled by default:

• Crash reports (Crashlytics) — the stack trace, device model, OS and app version, and coarse state like available memory when the app crashes.
• Usage analytics — aggregate app-usage events, such as which screens are opened and how often sessions start, plus device model and OS version.

Both are tied only to a random, app-generated install identifier — never your name or email — and carry no advertising ID (no Apple IDFA; Android Advertising ID collection is turned off). They never include your hosts, usernames, credentials, known-host data, command history, or terminal input/output. We don't sell or share your data, build ad profiles, or track you across apps or sites. Google processes this data on our behalf under its Firebase terms and retains it on a limited rolling basis (crash data ~90 days).

Your choice. Turn diagnostics off any time in Settings → Diagnostics ("Share crash & usage data").

Data retention and deletion

Because everything is stored locally, you're in control: delete individual host profiles in the app, or uninstall TermRover to remove all of its stored data from your device. The only off-device data is the diagnostics above; to request its deletion, contact us below.

Changes to this policy

If this policy changes, we'll update the date above and post the revised version here. If we ever add a feature that collects or transmits data not described above, we'll disclose it before it ships.

Contact

Questions about privacy? Email [email protected].