Privacy Policy

Effective date: April 7, 2026

Introduction

ServerCC ("the App") is an iOS application for managing remote servers running Claude Code via SSH. This privacy policy describes how the App handles your data.

Bundle ID: com.lollipush.ServerCC

Data Collection

ServerCC does not track you. The App:

  • Does not collect any personal information
  • Does not share personal data with third parties
  • Does not display advertisements
  • Does not use advertising identifiers (IDFA) or cookies

The App accesses the following system APIs solely for core functionality:

  • iOS Keychain — for securely storing sensitive credentials (server passwords, SSH private keys, key passphrases, Tailscale auth keys, VNC credentials, macOS login passwords for Keychain unlock)
  • File Timestamps — for file management operations via SFTP
  • System Boot Time — for measuring connection elapsed time
  • UserDefaults — for storing app preferences locally

Anonymous Analytics

The App uses TelemetryDeck, a privacy-first analytics service, to collect anonymous usage data. This helps us understand how features are used and improve the App.

  • User identifiers are irreversibly hashed on-device before transmission — neither we nor TelemetryDeck can identify individual users
  • No personal information, IP addresses, or device fingerprints are collected
  • No advertising identifiers (IDFA) or cookies are used
  • Data collected includes only aggregate statistics: app launches, feature usage frequency, and screen views
  • No terminal input/output, server hostnames, or connection details are ever collected

TelemetryDeck is GDPR-compliant and does not require user consent under ePrivacy regulations. For more details, see TelemetryDeck's privacy policy.

Data Storage

All user data is stored locally on your device. No personal data is transmitted to our servers.

  • Server configurations and session history — stored in a local SQLite database
  • Sensitive credentials (server passwords, SSH private keys, key passphrases, Tailscale auth keys, VNC credentials, macOS login passwords for Keychain unlock) — stored in the iOS Keychain with kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly protection. These items are encrypted by iOS, never leave your device, and are not included in backups

Network Connections

The App makes network connections in the following cases:

  • Your SSH servers — direct connections to servers you configure, using credentials you provide
  • VNC servers — when using the VNC Remote Desktop feature, the App connects to VNC servers you configure, either directly, through an SSH tunnel, or via Tailscale. VNC connections carry remote desktop screen data and input events
  • Anthropic authentication — for Claude Code OAuth login, only when you choose to sign in
  • Tailscale network — if you enable the built-in Tailscale feature for a server, the App connects to your Tailscale network using the auth key you provide. This is an app-level connection that does not route any other device traffic
  • TelemetryDeck — anonymous analytics signals are sent to TelemetryDeck's servers (EU-hosted). No personal or identifiable data is included in these transmissions

All SSH connections are made directly from your device to your servers. We have no visibility into these connections or the data transmitted.

Security

Sensitive credentials — including server passwords, SSH private keys, key passphrases, Tailscale auth keys, VNC credentials, and macOS login passwords for Keychain unlock — are stored in the iOS Keychain, which provides hardware-backed encryption. These items are protected with kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly, meaning they are only accessible after the device is unlocked at least once after boot and are never transferred to other devices.

Non-sensitive data (server names, hosts, ports) is stored in a local SQLite database.

We recommend using device-level security (passcode, Face ID, or Touch ID) to protect your data. The App supports Ed25519 and RSA key formats for SSH authentication, including passphrase-protected keys.

Website Feedback Form

This section applies to the feedback form on this website (servercc.app/feedback), which is separate from the iOS app described above. The App itself does not collect or transmit this data — the form is submitted directly from your browser to our website. If you choose to use it:

  • Submitting feedback is entirely voluntary and initiated by you
  • We store the message you write, and an email address only if you choose to provide one, in a Cloudflare D1 database
  • We also store non-identifying context the app may pass in the link (app version, OS version, language) and a coarse country code from Cloudflare, used only to triage and prevent spam. We do not store your IP address or any device or user identifier
  • The form is protected by Cloudflare Turnstile to prevent automated abuse
  • We use this information solely to fix issues and improve the App, and never sell it or share it with third parties

Children's Privacy

The App is not directed at children under the age of 13. We do not knowingly collect any information from children.

Changes to This Policy

We may update this privacy policy from time to time. The effective date at the top of this page reflects the most recent revision.

Contact

If you have any questions about this privacy policy, please visit our contact page.