Privacy Policy

This Privacy Policy describes how Michael Wright ("we", "us", "our") handles information in relation to the mobile and desktop applications OSPREY and KESTREL (collectively, the "Apps"). The Apps are developed and distributed by Michael Wright, an independent developer based in the United Kingdom.

We take your privacy seriously. The Apps are designed around a principle of data minimisation: we collect only what is required to make the Apps work, and we give you transparent control over what leaves your device. Network diagnostic data, SSH credentials, and session information are processed on-device wherever possible and are encrypted whenever they must leave your device.

If you have any questions about this policy or how your data is handled, please contact us at support@osprey.network.

OSPREY

• Network diagnostic data — IP addresses, hostnames, ping results, traceroute hops, DNS records, and scan results. This data is processed locally on your device and is not uploaded to any server controlled by us.
• Anonymous usage analytics — aggregate counts of feature use (e.g. "ping was run"), without any identifiers tying the action to you personally. These metrics help us understand which tools to improve. You can opt out in Settings.
• Subscription data — purchase receipts and subscription status are handled via RevenueCat (see §3).
• AI assistant inputs — only the text you explicitly submit to the AI assistant (for example, a pasted error or a selected log fragment). Submission requires explicit consent on first use.
• No personal data is required to use core features of OSPREY. You can use the app without creating an account.

KESTREL

• Server connection details — hostname, port, username, and connection preferences for each server you add. Stored encrypted in the iOS Keychain or macOS Keychain, and optionally synced (end-to-end encrypted, see §4) via Supabase.
• SSH private keys — stored exclusively in the iOS Secure Enclave or macOS Keychain. Private keys never leave your device. They are not uploaded to our servers, Supabase, or any third party.
• Session metadata — connection timestamps, server nicknames, and command history (if enabled). This metadata is encrypted client-side before any sync.
• Account information — if you create a Kestrel account for cloud sync, we store your email address and a hashed password. Accounts are optional; KESTREL is fully usable without one.
• Subscription data — handled via RevenueCat (see §3).
• AI assistant inputs — only the text you explicitly submit to the AI assistant (for example, pasted terminal output). SSH keys, passwords, and server credentials are never sent to the AI assistant.

The Apps integrate with a small number of third-party services. Each is used only for a specific, disclosed purpose.

Anthropic (Claude API)

What is sent: Only the text content you explicitly submit to the AI assistant. Why: To provide AI-powered analysis, diagnosis, and suggestions. Consent: Explicit in-app opt-in is required before the AI assistant can be used for the first time. You can disable AI features at any time in Settings. Per Anthropic's API terms, the data you submit is not used to train their models. See anthropic.com/privacy.

RevenueCat

What is sent: Subscription status, purchase receipts, and an anonymous device identifier. Why: To manage subscription entitlements across platforms and restore purchases. See revenuecat.com/privacy.

Supabase (KESTREL only)

What is sent: Encrypted server configuration data and session metadata. Encryption: All data is AES-GCM encrypted on your device before it is uploaded. Supabase never has access to plaintext credentials, private keys, or command output. Why: To sync your configuration securely between your iPhone, iPad, and Mac. See supabase.com/privacy.

ip-api.com (OSPREY only)

What is sent: The IP addresses discovered during a traceroute (these are public routing IPs, not your personal data). Why: To show approximate geographic location and ASN of each network hop. No personal data is transmitted.

Cloudflare (OSPREY only)

Cloudflare's public speed test endpoint is used to measure download, upload, and latency performance. No personal data is stored by us in connection with speed tests.

• SSH private keys are stored exclusively in the iOS Secure Enclave (on iPhone/iPad) or the macOS Keychain (on Mac). Both provide hardware-level protection.
• Passwords and SSH passphrases are stored in the iOS/macOS Keychain using AES-256 encryption managed by the operating system.
• Cloud-synced data is encrypted on your device using AES-GCM with a key derived from your account password before any data leaves the device. We cannot decrypt your synced data server-side.
• We do not sell, rent, or share your data with advertisers, data brokers, or any unaffiliated third parties.
• We do not operate any advertising networks and the Apps contain no third-party advertising SDKs.

If you are located in the European Economic Area or the United Kingdom, you have the following rights:

• Right of access — to obtain a copy of the personal data we hold about you.
• Right to erasure — to request deletion of your account and any associated synced data.
• Right to rectification — to correct inaccurate data we hold about you.
• Right to data portability — to receive your data in a structured, machine-readable format.
• Right to object — to object to processing where that processing is based on legitimate interests.
• Right to restrict processing — in certain circumstances as set out under Article 18 UK GDPR.

To exercise any of these rights, email support@osprey.network. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

The Apps are not directed at children under 13 (for COPPA purposes in the United States) or under 16 (for GDPR purposes in the EU/UK). We do not knowingly collect personal data from children. If you believe a child has submitted personal data to us, please contact us and we will delete it promptly.

The AI assistant features in both Apps require explicit opt-in consent on first use. Until you consent, no data is sent to Anthropic (the Claude API provider).

What is sent to Claude when you use the AI assistant:

• In OSPREY: the network log fragment, ping/traceroute output, or error text you explicitly select and submit.
• In KESTREL: the terminal output, command text, or error message you explicitly select and submit.

What is never sent to Claude:

• SSH private keys or passphrases.
• Passwords.
• Full server credentials (hostname + username + auth method together).
• Any content that has not been explicitly selected and submitted by you.

You can disable AI features in Settings at any time. Per Anthropic's API terms, data submitted to the Claude API is not retained for training purposes and is only used to serve the API response.

We may update this policy from time to time. Material changes will be announced in-app, and the "Effective" date at the top of this page will be updated. Your continued use of the Apps after a change takes effect constitutes acceptance of the revised policy. If you do not accept a revision, you may delete the Apps and contact us to delete any synced data.

For any privacy-related question or request, email support@osprey.network. We aim to respond to all messages within 24 hours, and to formal data subject requests within 30 days as required by law.

App-specific addenda: OSPREY · KESTREL.