Privacy Policy.

Helm ("we," "our," "the app") is a premium iOS application that lets your iPhone control a Mac on your local network over SSH. We are committed to protecting your privacy and being transparent about the data we handle. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

Information we collect.

1.1 — Connection credentials

To open an SSH session with your Mac, Helm needs a few details that you provide directly:

• Host address. The IP address or Bonjour name of your Mac (for example, 192.168.1.42 or altan-macbook.local).
• SSH username. The account name you use on the Mac.
• SSH password. Stored only in iOS Keychain on your device. We never see it. We never transmit it to our servers — because we do not run any servers that handle your credentials.
• Pinned host fingerprint. The SHA-256 fingerprint of your Mac's SSH public key, recorded on first connection so a different machine on the network cannot pose as yours.

1.2 — On-device preferences

The following settings are stored only on your device using Apple's UserDefaults and are never transmitted to us:

• Trackpad sensitivity
• Theme (System, Light, Dark)
• Language preference (English, Türkçe, Français, Italiano, Deutsch, Español)
• Saved Mac list (host names, addresses, usernames — not passwords)
• Dashboard tab order & haptic feedback preferences

1.3 — Helm Pro purchase status

Whether you have unlocked Helm Pro through the App Store. This is verified through Apple StoreKit 2 and stored locally; the receipt is validated against Apple's servers, not ours.

1.4 — Anonymous usage events

Helm sends a small, anonymous set of events to Firebase Analytics so we can understand which instruments are used most and where the experience needs work. Events include things like opened_trackpad, used_keyboard_shortcut, or connection_succeeded. They do not include your shell traffic, hostnames, IP addresses, passwords, or any user-identifiable content. You can opt out at any time from Settings → Privacy → Analytics.

What we do NOT collect.

Helm does not collect:

• The contents of any SSH command, response, or output
• Your Mac's hostname, IP, or local network configuration
• Your SSH password (stored locally in iOS Keychain only)
• Location data
• Contacts or address book
• Photos, camera, or microphone data — even when using the Screenshot panel, the Mac itself captures and you choose what happens next
• Health or fitness data
• Browsing history or browser tab contents
• Device advertising identifiers (IDFA)
• Crash reports beyond what you explicitly choose to share

How we use your information.

Third-party services.

Helm uses two third-party services. Both are limited in scope and do not receive your shell traffic.

4.1 — Firebase by Google

We use the following Firebase services:

• Firebase Analytics. Collects anonymous, aggregated usage events (which screens are opened, which instruments are used). We do not link these events to a personal identity. You can opt out from Settings → Privacy → Analytics in the app.
• Firebase Crashlytics (only if enabled by you). Captures crash reports so we can fix what breaks. Disabled by default unless you opt in via Settings → Privacy → Send crash reports.

Firebase Authentication, Firestore, Cloud Functions, Messaging and Ads are not used by Helm.

Firebase privacy policy: firebase.google.com/support/privacy ↗

Google privacy policy: policies.google.com/privacy ↗

4.2 — Apple services

• iOS Keychain. Stores your SSH password locally on the device, protected by the same Secure Enclave that guards Face ID and Apple Pay.
• StoreKit 2. Manages the Helm Pro one-time in-app unlock. All transactions are handled by Apple. See Apple's Privacy Policy ↗.
• Bonjour / mDNS. Apple's local network discovery service, used to find your Mac on the local network. No external network is involved.

4.3 — Helpers running on your Mac (optional)

For full trackpad and bluetooth control, Helm uses two small open-source command-line tools that you install yourself on the Mac:

• cliclick — pointer / keyboard simulation (BSD-licensed, audited).
• blueutil — bluetooth connect/disconnect (MIT-licensed, audited).

These tools run on your Mac, not on our servers. They do not collect or transmit data.

Data sharing.

We do not sell, rent, trade, or share your personal data with third parties for advertising, marketing, or any purpose other than those described in this policy.

Anonymous, aggregated usage events are processed by Firebase Analytics solely for the purpose of understanding feature usage in aggregate.

Storage & security.

• SSH session. Encrypted end-to-end between your iPhone and your Mac using the standard SSH protocol. The session never leaves your local network unless you have explicitly bridged it (e.g. via a personal VPN you control).
• Password. Stored in iOS Keychain, protected by iOS device-level encryption and Secure Enclave. Never transmitted to us.
• Host fingerprint pinning. First-connection trust on first use, then enforced on every subsequent connection. A mismatch refuses the connection.
• On-device preferences. Stored using Apple's UserDefaults framework, protected by iOS data protection.
• Confirmations for halt-states. Sleep, lock, restart, shut down, and force-quit are double-checked before the shell command is sent.

Data retention.

• On-device data. Saved Macs, preferences, and host fingerprints stay on the device until you uninstall the app or delete them manually from Settings → Devices.
• iOS Keychain entries. Removed when you uninstall the app (per iOS standard behaviour) or when you delete the saved device.
• Anonymous analytics events. Retained by Firebase per Google's standard retention windows. They contain no identifiers tied to you.
• No server-side user data. We do not run a server that holds your personal data.

Your rights.

You have the following rights regarding your data:

• Access. All saved devices, preferences, and pinned fingerprints are visible inside the app at all times.
• Correction. You can edit any saved device or preference from Settings.
• Deletion. You can remove any saved device (which removes its keychain entry and pinned fingerprint) from Settings → Devices. Uninstalling the app removes everything Helm has stored locally.
• Opt-out of analytics. Toggle off Settings → Privacy → Analytics. The toggle takes effect immediately.
• Portability. Since data lives on your device, you retain full control. If you'd like an export of your locally-saved configuration, contact us at the address below.

Children's privacy.

Helm is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information through the app, please contact us and we will take steps to delete that information.

International data transfers.

Anonymous Firebase Analytics events are processed by Google's infrastructure and may be stored in any region in which Firebase operates. By using Helm with analytics enabled, you acknowledge that those aggregated and anonymous events may be processed across borders in accordance with Google's privacy policy and applicable data protection regulations, including GDPR. Disable analytics in Settings → Privacy if you prefer that no telemetry leaves your device.

Changes to this policy.

We may update this Privacy Policy from time to time. Any changes will be reflected by updating the "Last updated" date at the top of this page. We encourage you to review this page periodically. Continued use of the app after changes constitutes acceptance of the revised policy.

Contact us.

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please reach out — the captain reads every signal flag.