Privacy Server Control

Privacy Policy for Server Control

Effective Date: July 2, 2026
Last Updated: July 2, 2026

At Damians Lab (accessible via damianslab.gr), we prioritize the absolute security, confidentiality, and privacy of our users. This Privacy Policy governs the Server Control mobile application (the "App") and explains our data processing practices.


1. Executive Summary: Standalone Direct Architecture

Unlike cloud-managed server administration tools, Server Control operates as a standalone client.

  • Direct SSH Connections: The App establishes a direct encrypted secure shell (SSH) connection from your mobile device directly to your target Virtual Private Servers (VPS) or Dedicated hosts.

  • No Intermediate Proxies: There are no middle-man servers, proxy backends, or cloud services controlled by Damians Lab. All server commands, scripts, credentials, and telemetry metrics remain strictly between your mobile device and your remote server.


2. Zero-Analytics & Zero-Telemetry Policy

To guarantee total operational confidentiality for system administrators, developers, and DevOps engineers, Server Control enforces a strict Zero-Telemetry Policy:

  • No Analytics SDKs: The App does not contain any third-party analytics or usage-tracking software (such as Firebase Analytics, Google Analytics, Mixpanel, or Flurry).

  • No Telemetry Tracking: We do not collect, monitor, or transmit any data regarding how you use the App, what features you access, or how often you connect.

  • No Crash Reporters: There are no cloud-based automated crash reporters. Any app crashes or execution exceptions are handled and displayed purely on-device. Your SSH execution logs never leave your physical handset.


3. Hardware-Backed Encryption of Credentials

Any passwords or SSH private keys (PEM format) you configure in the App are treated as highly confidential:

  • Android Keystore Encryption: Credentials are encrypted immediately upon entry using AES/GCM/NoPadding cryptography with a master key stored in the Android Keystore System.

  • On-Device Storage Only: The encrypted strings are stored locally in the App’s isolated Room SQLite database.

  • Hardware Protection: The cryptographic keys are guarded by the physical device's secure hardware (Trusted Execution Environment (TEE) or StrongBox, if available), meaning they cannot be extracted or decrypted even if the host SQLite database file is accessed.


4. SSH Host Key Verification (MitM Protection)

The App features an active Trust on First Use (TOFU) verification mechanism:

  • Upon your first successful handshake with a remote node, the server's unique cryptographic public host key is cached locally.

  • On all future connections, the App compares the server's host key. If a mismatch is detected (indicating a potential Man-in-the-Middle (MitM) attack), the App instantly drops the connection and raises an alert, keeping your credentials secure from eavesdropping on public networks.


5. Device Permissions and Sourcing

To operate, the App requests the following minimal permissions, used exclusively on-device:

  • Internet Permission (android.permission.INTERNET): Used solely to establish direct SSH sockets with your VPS hosts.

  • Biometric Auth Permission (android.permission.USE_BIOMETRIC): Used purely locally to query your device's fingerprint or face unlock hardware on app startup to authorize workspace decryption. Biometric data is managed by the OS and never accessed by the App.

  • Notification Permission (android.permission.POST_NOTIFICATIONS): Used to post alerts in the background if your configured server nodes trigger resource spike warnings.


6. Complete User Data Deletion Control

We comply fully with Google Play’s Data Deletion Policy:

  • Factory Reset Feature: You have complete, instant control over all your data. Inside the App’s Settings -> Danger Zone, we provide a Factory Reset & Clear All Data button.

  • Immediate Purge: Clicking this button permanently clears all configured server nodes, database tables, presets, alerts, and system cache (including host keys) from your device. This process cannot be undone.


7. Contact Us

If you have any questions or feedback regarding this Privacy Policy, please contact us at:

Damians Lab
Website: damianslab.gr
Email: info@damianslab.gr