How it WorksSecurityBlogPricing

Security

Macky is built on a defense-in-depth security model. Five independent layers protect your terminal sessions. No single point of failure.

Privacy by design. Zero trust. Your data stays between your devices.

01. Transport

E2E Encrypted WebRTC

All terminal data is tunneled through a DTLS-SRTP encrypted WebRTC connection. This is the same encryption standard used in secure video conferencing. Data is encrypted on your device before transmission and decrypted only on the receiving device. The network — including Macky's servers — cannot read your data.

02. Verification

Dual Layer Identity

Two independent layers protect access. First, your account identity token is validated during signaling to authorize the connection. Second, a separate Master Password — set by you, stored only on your Mac — must be entered to unlock the terminal. Even if your account is compromised, the attacker cannot access your terminal without the Master Password.

03. Authorization

Device Allow Listing

Every device that attempts to connect receives a unique device ID. Your Mac host must explicitly approve each device ID before a connection is permitted. Unapproved devices are rejected at the signaling layer, before any terminal data channel is established.

04. Privacy

Blind Signaling

Macky's server exists solely to coordinate the WebRTC handshake between your devices. It exchanges ICE candidates and SDP offers — the minimum data needed to establish a direct peer-to-peer connection. Once the connection is established, all terminal data flows directly between your Mac and iPhone. Commands, output, and session content never touch our infrastructure.

05. Data

Zero Logs Policy

We do not record, store, or have access to your terminal commands or output. There is no session recording, no command history, no output logging on our side. Your terminal activity exists only on your devices, encrypted in transit, and never persisted by Macky.

What We Cannot See

01Your terminal commands
02Your command output
03Your file contents
04Your environment variables or secrets
05Your shell history
06Your Master Password
07Any data transmitted during your session

What We Can See

Our signaling server processes the minimum data needed to establish a connection:

  • Your account identity (email, authentication token)
  • Device IDs of connecting devices
  • ICE candidates and SDP offers (WebRTC handshake data)
  • Connection timestamps and session metadata

This data is used exclusively for connection establishment and is not sold or shared with third parties.