Privacy Policy

abalso AI ssh · Last updated: 30 June 2026

1. Who we are

Controller responsible for data processing in connection with the App:
abalso · Eduard Mehrtens
Email: info@abalso.de

Core principle: Your SSH keys and passwords stay on your device, encrypted. We do not collect, see or transmit them. The App is designed so that you keep control of your secrets.

2. Data processed on your device only (not sent to us)

SSH credentials — private keys, passwords, passphrases and host data are stored encrypted in the macOS keychain (via the operating system's secure storage). They never leave your device in plain text and are never transmitted to us.
Optional sync — if you enable synchronization, your data is encrypted on your device (end-to-end) before it leaves and is sent only to the destination you choose (your own server/storage). We have no access to it.

3. AI features

When you use the built-in AI model, your prompt and a redacted excerpt of the terminal context are sent to our AI server, which forwards the request to the upstream language-model provider to generate a response. Before sending, the App scrubs detectable secrets (private keys, API tokens, user:pass@host, password=/token= patterns). Redaction is heuristic and cannot be guaranteed to be complete — please avoid pasting sensitive data into AI prompts.

Local model (Ollama): nothing leaves your Mac.
Your own provider key (BYOK): requests go directly to the provider you chose (e.g. Anthropic, OpenAI) under that provider's privacy policy.

4. Account, subscription & device data

Email (optional): if you provide an email, we use it to identify/contact your account and to send a confirmation link.
Device identifier: a generated identifier for your installation, used to manage your account and device limits.
Subscription: purchases are processed by Apple. We receive the validation result (active / trial / expired) needed to enable the built-in AI model. We do not receive your payment details.

5. Server logs

Our servers process minimal technical data required to operate the service (e.g. IP address, timestamp, token usage) for security, abuse prevention and quota enforcement.

6. Legal bases (GDPR)

Processing is based on the performance of a contract (Art. 6(1)(b) GDPR) for providing the App and subscription, on your consent (Art. 6(1)(a) GDPR) where applicable (e.g. email), and on our legitimate interests (Art. 6(1)(f) GDPR) in operating and securing the service.

7. Recipients

Apple — payment processing and subscription management.
Upstream AI provider — to generate responses for the built-in model.

We do not sell your data.

8. Retention

We retain account and usage data for as long as your account exists and as required to provide the service and meet legal obligations, then delete or anonymize it.

9. Your rights

Subject to applicable law, you have the right to access, rectify, erase, restrict and port your data, and to object to processing. You also have the right to lodge a complaint with a supervisory authority. To exercise your rights, contact us at the email above.

10. International transfers

Where data is processed outside the EU/EEA (e.g. by an upstream AI provider), we rely on appropriate safeguards such as the EU Standard Contractual Clauses where required.

11. Changes

We may update this Privacy Policy from time to time. The current version is published at this URL.