Octopus Privacy Policy
This Privacy Policy explains how Octopus handles information when you use the current app experience, including Codex app-server and SSH connections, chat sessions, approvals, voice input, image and file attachments, workspace and automation views, notifications, purchases, diagnostics, and support.
Important Notes
Octopus is a client for environments you connect. Prompts, messages, approvals, attachment metadata, workspace lists, task history, and automation details are exchanged with the Mac, server, or Codex app-server endpoint that you choose to connect. Octopus does not need to operate its own AI model training pipeline to provide the core app experience.
Sensitive connection details are handled locally where possible. Saved server profiles, preferred working directories, thread caches, and lightweight workspace caches may be stored on your device. SSH passwords, private keys, passphrases, and trusted host fingerprints are intended to be stored in the iOS Keychain or equivalent protected local storage.
Only use Octopus with servers and workspaces you are authorized to access. Content you send through Octopus may be processed by your connected Codex runtime, model provider, shell, repository tools, MCP servers, or other services configured in that environment.
We do not request App Tracking Transparency permission, and the current app does not use IDFA-based ad tracking for cross-app advertising.
1. App Scope
Octopus is an iPhone companion for continuing Codex sessions from mobile. It helps you connect to a Codex app-server or SSH-accessible machine, browse servers, sessions, threads, projects, and automations, send prompts and attachments, review model output, respond to approval cards, and return to a running thread from Live Activity or notification surfaces.
2. Features and Processing Overview
| Feature | Main Input | Purpose | How It Is Processed |
|---|---|---|---|
| Server Connection Setup | Display name, WebSocket URL, SSH host, port, username, password, private key, passphrase, working directory | Connect Octopus to your Mac, server, or Codex app-server | Stored locally when you choose to remember the server; credentials are intended for protected local storage |
| SSH Host Fingerprint Trust | Host fingerprint and user confirmation | Help prevent accidental trust of an unexpected SSH host | Stored locally after you approve the host |
| Chat and Codex Turns | Prompts, thread identifiers, selected model settings, approval choices, structured replies | Start, resume, and continue Codex sessions from iPhone | Sent to the connected server/runtime you choose; cached locally where needed for UI continuity |
| Images and File Attachments | Selected photos, camera captures, files, filenames, sizes, and attachment metadata | Add context to a Codex turn | Prepared on-device, then sent to the connected server/runtime when you submit the message |
| Voice Input | Microphone audio and speech transcript | Convert your speech into a prompt before sending | Uses Apple microphone and speech recognition technologies; the resulting text may be sent to your connected runtime |
| Sessions, Workspaces, and Automations | Thread IDs, titles, project paths, workspace lists, automation names, schedules, prompts, run history, status summaries | Show recent work, active status, pending approvals, and automation history | Loaded from your connected server and cached locally for faster browsing |
| Notifications and Deep Links | Thread ID, server ID, task status, pending approval state, completion status, URL such as /chat?sessionID=... |
Return you to the correct thread from system surfaces | Handled by iOS notification and Live Activity mechanisms; payloads are kept as small as practical |
| Purchases and Subscriptions | Purchase status, paywall and product data, subscription entitlement state | Unlock paid features when enabled | Handled through Apple in-app purchase infrastructure and Adapty SDK services |
| Diagnostics and Crash Reporting | Crash logs, app version, device and OS diagnostics, non-IDFA analytics events | Improve reliability and understand feature health | May be processed by Firebase Crashlytics and Firebase Analytics without IDFA support |
| Support Contact | Email content you choose to send | Respond to issues, feedback, or privacy requests | Handled by your email provider and our support inbox |
3. Information We Process
3.1 Connection and Server Information
- Server display names, hostnames, ports, WebSocket URLs, transport mode, and preferred working directories.
- SSH usernames, passwords, private keys, and passphrases when you choose SSH authentication.
- Trusted SSH host fingerprints after you approve a first connection.
- Connection status, error summaries, app-server compatibility hints, and retry state.
3.2 Chat, Thread, Workspace, and Automation Information
- Prompts and text you type, dictate, or submit as structured user input.
- Thread identifiers, titles, project paths, model selections, sandbox or approval mode metadata, status labels, and token counters returned by the connected runtime.
- Assistant responses, tool call summaries, approval cards, command/file-change permission requests, and your approval decisions.
- Workspace lists, recent-session derived project lists, automation prompts, schedules, run history, final messages, and related status summaries.
3.3 Attachments, Camera, Photos, Files, Microphone, and Speech
- Images and files you explicitly select or capture for a message.
- Attachment previews, temporary prepared files, filenames, file sizes, and related metadata needed to send the attachment.
- Microphone audio used for voice input and speech transcripts produced from that audio.
- Photo library or camera access only when you choose an image or capture flow that requires it.
3.4 Local Settings, Caches, Purchases, and Technical Data
- Preferences such as theme, font, remembered server choices, connection form values, and local onboarding state.
- Local SQLite or similar caches for server profiles, recent sessions, conversation history windows, workspace catalogs, and thread state.
- Purchase entitlement status, paywall/product metadata, and subscription state when paid features are enabled.
- Technical diagnostics such as app version, OS version, crash traces, performance signals, and non-IDFA analytics events.
4. Permissions We Request
| Permission | Why We Request It | What Happens If You Decline |
|---|---|---|
| Microphone | To convert your voice into prompt text during voice input. | You can still type prompts, but voice input will not be available. |
| Speech Recognition | To transcribe spoken input into text before you submit it. | You can still type prompts, but speech-to-text features will not be available. |
| Camera | To take a photo for an attachment when you choose the camera flow. | You can still type prompts and may still attach existing files or photos, but camera capture will not be available. |
| Photo Library / Photo Picker | To let you choose images for a message or save generated images when that feature is available. | You can still type prompts, but photo-dependent attachment or save flows may be unavailable. |
| Notifications | To alert you about pending confirmations, completed tasks, and thread status changes. | You can still use the app, but you may need to reopen it manually to check status. |
5. When Data Leaves Your Device
Octopus sends information off your iPhone only when needed to complete a feature you request or when a service provider is used for app operations. The most important case is your chosen connection target.
- When you connect to a WebSocket or SSH endpoint, prompts, attachment payloads, approval decisions, and session requests are sent to that endpoint.
- Your connected Codex runtime may then send prompts, attachments, tool results, and environment context to the model provider or tools configured in that runtime.
- Voice transcription may be processed by Apple speech technologies according to Apple’s terms and system behavior.
- Crash reporting and non-IDFA analytics may be sent to Firebase services to improve reliability.
- Purchase and subscription checks may be processed by Apple and Adapty when paid features are enabled.
- If you email support, your message is processed by your email provider and delivered to our support inbox.
6. Third-Party Services and Providers
Depending on the feature you use and the environment you connect, Octopus may interact with third-party services or SDK-backed integrations such as:
- Apple services, including microphone, speech recognition, photo picker, camera, notifications, Live Activities, Keychain, and in-app purchases.
- Your connected Codex app-server, SSH host, local computer, remote server, MCP server, shell tools, repositories, and configured model providers.
- Firebase Crashlytics and Firebase Analytics without IDFA support for diagnostics and reliability.
- Adapty services for paywalls, product metadata, purchase restoration, and subscription entitlement state when enabled.
Connected runtimes and third-party providers process data under their own privacy terms once you choose to use those services or send data to those environments.
7. Storage and Retention
- Remembered server profiles, preferences, onboarding state, workspace caches, thread lists, and conversation history windows may be stored locally on your device.
- SSH credentials, private keys, passphrases, and trusted host fingerprints are intended to be kept in protected local storage such as the iOS Keychain.
- Prompt and thread content may also be stored by the connected Codex runtime, server, model provider, or repository tools according to their own configuration and policies.
- Temporary attachment files and previews may be kept locally while a message is prepared, sent, retried, or displayed, then cleaned up by the app or system.
- Diagnostic and subscription records may be retained by the relevant provider according to that provider’s retention practices.
8. Data Sharing and Disclosure
We do not sell your personal information. We share information only in these limited situations:
- With the server, runtime, model provider, tool, or destination that you choose to use through Octopus.
- With service providers needed to operate app features, such as crash reporting, subscription management, and platform purchase processing.
- When required by law, regulation, legal process, or to protect rights, safety, and the integrity of the service.
9. Tracking and Advertising
- The current app does not request App Tracking Transparency permission.
- The current app does not use IDFA-based cross-app advertising tracking.
- Firebase Analytics is configured without IDFA support in the current project setup.
- Octopus is designed around productivity, remote session continuity, approvals, and automation monitoring rather than ad targeting.
10. Your Choices
- You can choose which server, WebSocket endpoint, SSH host, workspace, model, and runtime environment to connect.
- You can choose not to remember a server, or delete saved servers and local app data where the app provides controls.
- You can deny microphone, speech recognition, camera, photo library, and notification access in iOS Settings.
- You can choose not to attach images or files, not to use voice input, and not to submit approval decisions from mobile.
- You can delete the app to remove app-sandbox data stored locally on your device. Data already sent to connected runtimes or providers must be managed in those environments.
11. Policy Updates
We may update this Privacy Policy as the app evolves. When we make material changes, we will update the "Last updated" date on this page. Your continued use of the app after an updated policy becomes effective means the updated policy will apply to future use of the app.
12. Contact
If you have questions, suggestions, or privacy-related requests about Octopus, you can contact the support team at goodaiapp@gmail.com.