Skip to main content
engineer.suite
Home/KESTREL — Privacy Addendum

KESTREL — Privacy Addendum

KESTREL-specific details that supplement the master Privacy Policy.

Effective 20 April 2026

This addendum extends the master Privacy Policy. Where this addendum differs from the master policy, the master policy governs unless a KESTREL-specific provision is more protective of your data.

1. Scope

KESTREL is an SSH server management suite for iOS and macOS. It includes an SSH terminal, server dashboard, SFTP file manager, command library, service monitor, multi-server actions, key manager, AI assistant, and end-to-end encrypted cloud sync. This addendum covers data processing specific to those features.

2. SSH private key handling

SSH private keys in KESTREL are stored exclusively in the iOS Secure Enclave (on iPhone and iPad) or the macOS Keychain (on Mac). We have no mechanism, even in principle, to extract them. Private keys are not included in cloud sync, not sent to the AI assistant, not logged, and not transmitted to any server we operate.

When KESTREL needs to authenticate an SSH connection, it delegates the cryptographic operation to the Secure Enclave or Keychain via Apple's platform APIs.

3. End-to-end encrypted cloud sync

If you enable cloud sync, KESTREL encrypts the following data on your device using AES-GCM before uploading it to Supabase:

  • Server configurations (hostname, port, username, display name, preferences).
  • Saved commands and command library metadata.
  • Non-secret session metadata (last-connected timestamps, grouping tags).

The encryption key is derived from your account password via Argon2id and never leaves your device. Supabase stores only ciphertext. Neither we nor Supabase can decrypt your synced data server-side.

Cloud sync is optional. KESTREL is fully functional without an account.

4. Terminal output and command history

Terminal output is ephemeral and displayed only on your device. Command history, if enabled, is stored locally on-device and (if sync is on) is encrypted client-side before upload. We have no access to the contents of your SSH sessions.

5. AI assistant (KESTREL)

The KESTREL AI assistant is disabled until you explicitly enable it. When enabled, only the specific terminal output, stack trace, or error message you select and submit is sent to Anthropic's Claude API. The following are never sent:

  • SSH private keys or passphrases.
  • Passwords.
  • The combination of a server's hostname, username, and authentication credentials.
  • Your server's IP address unless it is part of the output you chose to submit.

6. Your server security

KESTREL provides SSH access to servers you control. We recommend using SSH key authentication with a passphrase, rotating keys periodically, and following your platform's best-practice hardening guidance. KESTREL supports jump hosts, restricted key usage, and host key verification by default.

OSPREY and KESTREL are independent products not affiliated with or endorsed by Apple Inc. App Store is a trademark of Apple Inc.

Questions? Email support@osprey.network.