Sub-processors — SSH Manager for macOS

To deliver and operate the service, we rely on the trusted providers below. They process personal data on our behalf as processors — or, for the payment providers, act as a merchant of record under their own terms — and are bound by confidentiality and data-protection obligations. This list complements our privacy policy; we update it when our providers change.

Paddle.com Market Ltd

Merchant of record for direct purchases from our website: checkout, payment processing, billing, sales-tax/VAT handling, invoicing, and refunds.

Data shared: Name, email, billing address, payment instrument details, and transaction metadata (Paddle collects payment details directly — we never receive your full card number).
Location: United Kingdom, European Union, and United States
Transfer safeguard: Standard Contractual Clauses (per Paddle’s Data Processing Agreement)

Apple Distribution International Ltd / Apple Inc.

Merchant and distributor for Mac App Store purchases, and StoreKit transaction verification for App Store licenses.

Data shared: App Store transaction identifiers and receipt data. Apple does not disclose your name or email to us for App Store purchases.
Location: Ireland and United States
Transfer safeguard: Standard Contractual Clauses (per Apple’s data-transfer terms)

Resend (Plus Five Five, Inc.)

Transactional email delivery — magic-link sign-in, purchase/license emails, trial messages, and replies to support requests.

Data shared: Recipient email address and the full content of the email being sent.
Location: United States
Transfer safeguard: Standard Contractual Clauses

GitHub, Inc. (a Microsoft company)

OAuth sign-in for the restricted operator/admin dashboard only — not used for customer accounts.

Data shared: For administrators who sign in: GitHub user ID, username, display name, avatar URL, and verified email address.
Location: United States
Transfer safeguard: EU-US Data Privacy Framework and/or Standard Contractual Clauses

Cloudflare, Inc.

Bot/abuse protection (Turnstile) on our public contact form, and edge delivery/geolocation for the website.

Data shared: IP address and a browser challenge token.
Location: United States and global edge network
Transfer safeguard: EU-US Data Privacy Framework and/or Standard Contractual Clauses

Telegram Messenger

Internal operator alerts when a new contact-form message is received.

Data shared: The content of the contact submission, which may include the sender’s name, email, and message.
Location: Outside the EEA
Transfer safeguard: Standard Contractual Clauses / your consent in submitting the form

Linode LLC (Akamai Technologies, Inc.)

Cloud/VPS hosting for our backend, database, and website — where personal data is stored and where server logs are generated.

Data shared: All personal data described in the privacy policy, plus server access logs (including IP addresses).
Location: United States (data hosted on Akamai/Linode infrastructure)
Transfer safeguard: EU-US Data Privacy Framework and/or Standard Contractual Clauses

Country-level geolocation for pricing is derived at our own edge from a locally-stored database, so no per-request data is sent to a geolocation provider. Questions about this list? Email [email protected].