Privacy Policy

Last updated: 2 June 2026

The short version. TermRover has no accounts and stores your hosts, credentials, and settings only on your device — we never see or sell them. The exceptions are diagnostics: to fix bugs and understand which features get used, the app sends crash reports and aggregate, non-advertising usage analytics to Google's Firebase (both platforms; you can turn this off in Settings). There is no advertising and no cross-app tracking. Apart from those diagnostics and the SSH connections to the servers you configure, TermRover originates no network traffic.

TermRover is an SSH and tmux terminal client for iOS and Android. This policy explains what the app stores, what it deliberately does not collect, and the two cases where data leaves your device — connecting to your own servers, and optional voice dictation.

What TermRover stores on your device

Host profiles — the hostnames, ports, usernames, and tmux preferences you enter for the servers you connect to.
Credentials — SSH passwords and private keys you add. These are encrypted at rest using a key held in the device's hardware-backed keystore (Android Keystore / iOS Keychain) and never leave the device except as part of the SSH handshake to the host you're connecting to.
Known server keys — the fingerprint of each server's host key, so the app can warn you if it ever changes (a sign of a possible interception).
Local preferences — theme, font size, and your open tabs, so sessions restore between launches.

All of the above is stored locally. TermRover has no backend; none of it is uploaded to us or to any third party.

SSH connections

When you open a session, TermRover connects directly from your device to the server you specified, over the SSH protocol. The contents of that session — what you type and what the server returns — flow only between your device and that server. We are not a relay or proxy and have no visibility into this traffic.

Voice dictation (optional)

If you use the microphone button to dictate a command, the app records audio only while you're actively dictating, and converts it to text using your platform's built-in speech recognition (Apple's Speech framework on iOS, Android's SpeechRecognizer). Depending on your device and language settings, that recognition may run entirely on-device, or the operating system may send the audio to the platform provider (Apple or Google) for transcription. That processing is governed by your platform provider's privacy policy, not ours. TermRover itself does not store recorded audio or send it to any TermRover server, and only the resulting text is placed into the command composer for you to review before sending.

Permissions we request

Internet — to open SSH connections to your servers.
Microphone — only for the optional voice dictation feature above.
Notifications & foreground service (Android) — to keep an active session connected briefly while the app is backgrounded, with a visible notification.

Crash reporting (Firebase Crashlytics)

To find and fix crashes, TermRover uses Firebase Crashlytics, a Google service, on both iOS and Android, enabled by default. When the app crashes it sends a diagnostic report to Google: the stack trace, your device model and OS version, the app version, and coarse state at the time of the crash (e.g. available memory). These reports are tied to a random, app-generated installation identifier — not to your name, email, hosts, credentials, or terminal contents, none of which are ever included. We use this data only to diagnose stability problems. Google processes it on our behalf under its Firebase data-processing terms, and Crashlytics retains crash data for a limited period (around 90 days).

Usage analytics (Firebase Analytics)

On both iOS and Android, TermRover also uses Firebase Analytics, enabled by default, to understand how the app is used in aggregate — for example which screens are opened and how often sessions are started — so we can prioritise improvements. It records app-usage events and a Firebase-generated app-instance identifier, along with the device model and OS version. It carries no advertising identifier: on iOS we ship the without-advertising-id build of Firebase Analytics (no Apple IDFA), and on Android we turn off collection of the Android Advertising ID. The data is never used for advertising or joined with other data to track you across apps or websites, and it never includes your hosts, credentials, or terminal contents.

Your choice. On both iOS and Android, you can turn both crash reporting and usage analytics off at any time in Settings → Diagnostics ("Share crash & usage data").

No advertising or cross-app tracking

TermRover contains no advertising and no cross-app/cross-site tracking: no IDFA, no ad SDKs, no data brokers. We do not build advertising profiles, and we do not sell or share your data with third parties. The only off-device data is the first-party diagnostics described above (crash reports and usage analytics), processed by Google as our service provider.

Data retention and deletion

Because everything is stored locally, you are in control: delete individual host profiles from within the app, or uninstall TermRover to remove all of its stored data from your device. The only data held off-device is the diagnostics described above (crash reports and usage analytics), which Google retains on a limited rolling basis and which carry nothing that identifies you; to request deletion, contact us below.

Children

TermRover is a developer tool and is not directed at children under 13.

Changes to this policy

If this policy changes, we'll update the date above and post the revised version at this URL. If we ever add a feature that collects or transmits data not described here — for example, a new third-party integration — we'll disclose it before it ships.

Contact

Questions about privacy? Email [email protected].