Security

Private by architecture.

Termary is built so the sensitive parts — your code, your agents, your keys — never leave your Mac. We carry the notification, never the code.

💻

Your code never leaves your Mac

The agent is a normal CLI in a local shell on your machine. Termary never uploads your repo, your files, or your terminal history anywhere. There is no cloud IDE and no server-side copy of your work.

🔒

The agent bridge is loopback-only

The MCP server your agent drives is bound to 127.0.0.1 on an OS-random port, gated by a per-session token, and off by default. The agent’s browser and tool access stays on your machine — it is not reachable from the network.

🗝️

SSH credentials sealed in your Keychain

Saved SSH hosts live in an encrypted vault: a 256-bit key kept in the macOS Keychain (this-device-only, never iCloud-synced), sealing the data with AES-GCM. Private keys never leave ~/.ssh; we never collect passwords.

📱

Device pairing is direct, tokens are hashed

Your phone pairs straight to your Mac. The Mac stores only a SHA-256 hash of each device token (never the token itself) and checks it in constant time. On the same network, your phone talks to your Mac directly.

🎙️

Voice stays on your device

Speaking a reply to an agent uses on-device speech recognition. Your audio is transcribed locally on the phone — it is never sent to us or any third-party API.

🌐

The website never touches your Mac

Your account (sign-in + plan) is identity only. termary.com has no access to your machine, your terminals, or your agents. Entitlement is a signed token — the web can’t reach in.

What we carry — and what we don't

Termary is local-first, not air-gapped. Two things pass through a server, both minimal and both token-gated:

  • Notifications. When an agent needs you, a small alert (its status + which Mac) goes Mac → termary.com → Apple Push → your phone. The alert carries state, never your code or output.
  • Off-network reach. Away from your Wi-Fi, your phone reaches your Mac over an encrypted, one-tap secure tunnel (or your own Tailscale). It still only forwards to the loopback bridge, and still requires your device token — there is no server in the middle that can read the stream.

Everything else — your repo, your terminal, your agent, your keys — stays on your machine.

Read the privacy policy for exactly what we store when you sign in, and how to delete it.