Privacy Policy

Last updated: 10 May 2026

Drisse is a remote-control application that lets you pilot AI coding agents running on your own infrastructure. This policy describes what data the Drisse mobile app and the optional hosted relay handle, and what stays exclusively on devices you control.

TL;DR. Drisse uses a Bring-Your-Own-Server model. Your code, your prompts, your shell sessions, and your AI agent's responses all live on machines you operate. Drisse never reads them, copies them, or trains on them. The hosted relay only forwards encrypted traffic between your phone and your servers.

1. What data the mobile app collects

The Drisse iOS app stores the following locally on your device:

Cryptographic keys. A device-specific Ed25519 keypair generated on first launch, stored in iOS Keychain. The private key never leaves your device.
Server pairings. Identifiers and certificates of the agents you have paired with. Used to authenticate WebSocket connections.
UI preferences. Theme, last-opened tab, view state.
Push token. An Expo push token used to deliver approval notifications. Registered with the relay you connect to. Removable by signing out.

2. What data flows through the relay

The relay (the control-plane your agent connects to) forwards real-time messages between the mobile app and the agent. By default, this is the public relay at drisse.app; you can also self-host the relay binary.

The public relay handles the following data in transit and stores a small amount at rest:

In transit (forwarded, not inspected). Chat messages between you and your AI agent, file paths you browse, git diffs you view, terminal output, tool-approval requests/responses.
At rest (stored). Pairing records (agent ID, public key fingerprint, hostname), audit log of session-level events (session created, archived, approval granted/denied — without payload contents), push tokens, ring buffer of the last ~5000 chat events per session for offline catch-up.

The relay does not store: your source code, full file contents, your AI agent's reasoning text outside the ring buffer window, your shell history, your SSH credentials, or any data from the machines you connect to beyond what the agent explicitly streams over the active session.

3. What stays exclusively on your servers

The agent binary you install on your own machine has full access to that machine's filesystem and shell — that is the point. None of the following is ever transmitted to the relay or to Drisse:

Your full repository or its history (only diffs and files you explicitly browse from the app)
Your git credentials, SSH keys, environment variables, or secrets
Your shell command history outside the active Drisse-driven session
The contents of files outside the directories you scope to a workspace

4. Third parties

Drisse uses the following services strictly to operate the app:

Apple Push Notification service (APNs), via Expo's relay — to deliver approval-request notifications to your iPhone.
Anthropic API, when you connect Drisse to an agent that uses Claude Code — invoked by your agent on your machine, with your own API key. Drisse and the relay never see this key.
Let's Encrypt — provides the TLS certificate for drisse.app.

No analytics SDK, no advertising SDK, no crash reporting that ships data outside your device. Drisse does not sell, share, or rent any data to third parties.

5. Biometrics and local authentication

Drisse uses iOS Face ID / Touch ID to gate sensitive operations such as approving an AI tool call. Biometric data never leaves your device — Drisse only receives a yes/no result from the OS.

6. Data retention and deletion

Local data on your device is removed when you uninstall the app or sign out.
You can revoke a paired agent at any time from the Servers screen — this drops the agent's certificate on the relay and ends any active session.
Audit log entries on the relay are retained for 90 days.
The chat ring buffer keeps the last ~5000 events per session and rotates older events out automatically.
To request full deletion of any pairing or audit record associated with your agents on the public relay, email the address below.

7. Children's privacy

Drisse is a developer tool not directed at children under 13. We do not knowingly collect data from children.

8. Security

All client-relay-agent traffic is end-to-end TLS. Agent authentication is Ed25519 certificate-based, with per-device keys generated locally. Approvals are gated by iOS biometric prompts. The relay enforces per-pairing rate limits and audits sensitive actions.

9. Changes to this policy

If this policy materially changes, the new version will be published at this URL with an updated date. Continued use of Drisse after a change constitutes acceptance.

10. Contact

Questions, requests for deletion, or security disclosures: olivier@devivie.fr.