Security at DeepTerm
Your infrastructure access, encrypted end-to-end.
Your credentials never leave your Mac.
macOS Keychain Integration
All credentials — passwords, SSH private keys, passphrases — are stored exclusively in macOS Keychain, the same secure storage used by Safari, Mail, and other Apple apps. No passwords are ever stored in plain text. No separate password database to manage or protect.
Zero-Knowledge, Zero-Collection Architecture
DeepTerm collects no user data whatsoever. No analytics, no tracking, no usage statistics, no third-party services. All operations are entirely local. Your connection history, saved commands, and server details never leave your Mac.
End-to-End Encryption
Data encrypted before leaving your device with AES-256. Private keys are encrypted with your master password on the client side. Even DeepTerm staff cannot access your credentials. The encrypted key is stored on DeepTerm servers only for cloud vault features — without your master password, the data is unreadable.
Sandboxed Application
DeepTerm runs in a macOS sandbox, limiting its access to only what's needed. This provides an additional layer of protection against potential security vulnerabilities, following Apple's security best practices.
Industry-Standard SSH Library
Built on libssh2, the battle-tested, open-source SSH library used by thousands of applications worldwide. Support for encrypted SSH private keys with passphrase protection. Full SSH key authentication alongside password-based auth.
SOC 2 Type II Compliance
DeepTerm undergoes annual SOC 2 Type II audits. Request our latest report from the security assessment page.
Enterprise-Grade Controls
SAML SSO with 30+ identity providers, FIDO2/WebAuthn support, biometric authentication (TouchID / FaceID), PIN lock, SSH certificates, session logging, and audit trails.
Secure Infrastructure
Cloud services hosted on AWS with redundant architecture. Penetration testing performed quarterly. Responsible disclosure program in place.