中文 English 日本語 한국어 Deutsch Français Español Português Dansk Русский

Burrow — Privacy Policy

Last updated: April 30, 2026 · Version 1.0

Overview

Burrow is an iOS / iPadOS client that lets you reach your own computers, NAS, and other devices via an frp server that you deploy yourself. Burrow is built around the principle of data minimization: it does not collect, upload, or share any personally identifiable information.

What we don't collect

We do not collect your frp server address, token, or pre-shared key (secretKey).
We do not collect your SSH usernames, passwords, or private keys.
We do not collect your command snippets, Runbooks, or parameter history.
We do not collect anything you transfer over SSH or SFTP.
We do not use any third-party analytics, advertising, crash-reporting, or tracking SDKs.
The app does not issue any HTTP/HTTPS request to us or to any third party.

Local data

Connection metadata (machine name, frps address, port, username): stored in SwiftData (a local SQLite store).
Sensitive credentials (SSH passwords, private keys, frp secretKey, frp token): stored in the iOS Keychain with the kSecAttrAccessibleAfterFirstUnlock protection class.
Command snippets and Runbooks: stored in SwiftData.
Parameter history (e.g. recently used PIDs or file paths): stored in UserDefaults.

None of this data passes through any server of ours (we don't run any). When you uninstall the app, iOS automatically removes the SwiftData and UserDefaults stores; the Keychain items are also removed with the app.

Network communication

The app's only network connections are:

to the frp server (frps) you configure — established by the embedded frpc client; and
to your own devices over SSH / SFTP, tunneled through that frp connection.

The app contacts no other endpoint: no telemetry pings, no analytics, no advertising callbacks.

Permissions

The app only requests the following system permissions when you tap the relevant feature; unused features prompt for nothing:

File access (system file picker): shown when you actively tap "SFTP Upload"; we read only the single file you select and release its security scope as soon as the upload completes.
System share sheet: shown after an SFTP download, so you can decide whether to save the file to Files, Photos, or another app.

The app does not request access to Photos, Location, Contacts, Calendar, Health, or similar permissions. It has no Background Modes and no NetworkExtension (no VPN).

Third-party code

The app uses the following open-source libraries. All run locally on the device with no network callbacks of their own:

Citadel — SSH / SFTP client (Swift)
fatedier/frp — frp client (Go, embedded via gomobile)
SwiftNIO — networking primitives (Apple)
swift-crypto — cryptography (Apple)

Children's privacy

Burrow is aimed at developers, sysadmins, and NAS users with some technical background. It is not directed at children, and we do not knowingly collect any information from children under 13.

Changes

If this policy ever changes, we will update this page and revise the "Last updated" date at the top. We recommend checking back periodically.

Contact

For privacy-related questions, please email: freezing.myfriend@gmail.com