SSH Workbench

Privacy Policy

Last updated: April 8, 2026

Privacy-First Design

At SSH Workbench, privacy isn't just a feature — it's the foundation of our product.

This Privacy Policy explains how SSH Workbench, operated by FUNCTIONCRAFT - FZCO ("we," "us," or "our"), collects, uses, and protects information when you use our desktop application and website. We are committed to protecting your privacy and being transparent about our data practices.

The key principle: Your server data never leaves your device. We cannot see, access, or process your SSH sessions, commands, file contents, or connection credentials.

1. Information We Collect

1.1 Information for License Management

We collect minimal information necessary to manage licenses and provide support:

  • Email address (for license delivery and support)
  • Name (optional, for personalization)
  • License key and activation status
  • Device identifiers (for license validation)
  • Payment information (processed by Paddle, not stored by us)

1.2 Information We DO NOT Collect

SSH Workbench is designed to protect your sensitive data. We do NOT collect:

  • SSH session content, commands executed, or command output
  • File contents browsed, edited, or transferred
  • Server credentials, SSH keys, or passwords
  • Server hostnames, IP addresses, or connection details
  • Tracking cookies or personally identifiable analytics data
  • Behavioral data or telemetry from the desktop app

2. How SSH Workbench Protects Your Privacy

2.1 Local-First Architecture

  • Direct SSH Connections: SSH Workbench connects directly to your servers over SSH without any intermediary servers.
  • Local Command Execution: All commands are sent from your device directly to your server. We never see or log them.
  • Secure Credential Storage: SSH passwords and private keys are encrypted using AES-256-GCM with a per-device encryption key and stored in a local database on your device. The encryption key is stored with restricted file permissions and never leaves your machine.
  • No Cloud Backend: There is no SSH Workbench cloud service that processes or stores your server data.

3. How We Use Information

The limited information we collect is used solely for:

  • License validation and management
  • Delivering software updates and release notes
  • Providing customer support when you contact us
  • Sending important service announcements
  • Processing payments through Paddle
  • Complying with legal obligations

4. Third-Party Services

We work with select third-party services to operate SSH Workbench:

ServicePurposeData Shared
PaddlePayment processing (Merchant of Record)Email, payment details, purchase history
UmamiPrivacy-focused website analytics (self-hosted)Anonymous page views (no cookies, no personal data)
DesktopCoreSoftware distribution, download analytics, and license managementEmail, license keys, device identifiers, download analytics (anonymous)
KitServeIcon delivery (website and app)Asset requests (anonymous)
TheozardOG image generation (social sharing)Page metadata (anonymous)

5. Data Storage and Security

5.1 Infrastructure

  • Website: Self-hosted
  • Your Server Data: Stored only on your local device, never transmitted to us

5.2 Security Measures

  • TLS/SSL encryption for all network communications
  • AES-256-GCM encryption for locally stored credentials
  • Secure license key generation and validation
  • Regular security updates and patches
  • Access controls and authentication for internal systems
  • No storage or logging of sensitive user data

6. Your Rights and Choices

You have control over your information:

6.1 Access and Correction

You can request access to the personal information we have about you and ask for corrections by contacting [email protected].

6.2 Deletion

You can request deletion of your account and associated data. Note that we may need to retain certain information for legal or billing purposes.

6.3 Data Portability

Your server data is already stored locally on your device — you always have full control. License information can be exported upon request.

6.4 Communication Preferences

You can opt out of non-essential communications at any time. We will always send critical service announcements and license-related information.

7. International Data Transfers

While our company is registered in the United Arab Emirates, our infrastructure spans multiple regions:

  • Website is self-hosted
  • Payment processing occurs through Paddle's international infrastructure

By using SSH Workbench, you consent to the transfer of your information to these locations. We ensure appropriate safeguards are in place for all international data transfers.

8. Legal Compliance

8.1 GDPR (European Users)

For users in the European Economic Area, we comply with GDPR requirements:

  • Lawful basis: Contract performance and legitimate interests
  • Data minimization: We collect only essential information
  • Right to access, rectification, and erasure
  • Data portability and objection rights

8.2 CCPA (California Users)

For California residents, we comply with CCPA requirements:

  • We do not sell personal information
  • Right to know what information we collect
  • Right to delete personal information
  • Right to non-discrimination for exercising privacy rights

8.3 Other Jurisdictions

We respect privacy laws worldwide and will comply with applicable data protection regulations in your jurisdiction.

9. Children's Privacy

SSH Workbench is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at [email protected].

10. Data Retention

We retain information only as long as necessary:

  • Active accounts: Information retained while license is active
  • Inactive accounts: Basic information retained for 2 years for reactivation purposes
  • Legal requirements: Some data may be retained longer if required by law
  • Your server data: Never stored by us; deleted when you uninstall the app

11. Security Incidents

In the unlikely event of a security incident affecting personal information:

  • We will notify affected users within 72 hours
  • We will provide details about what information was affected
  • We will outline steps we're taking to address the issue
  • We will provide recommendations for protective measures

Note: Since we don't store your server data or credentials, these cannot be compromised through our systems.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or for legal compliance. When we make changes:

  • We will update the "Last updated" date
  • For material changes, we will make reasonable efforts to notify you

Your continued use of SSH Workbench after changes indicates acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices:

General Support: [email protected]

Privacy & Legal: [email protected]