Privacy Policy for HeC
Last updated: March 21, 2026
This Privacy Policy describes our policies and procedures on the collection, use, and disclosure of your information when you use HeC (Hetzner Cloud Manager) and tells you about your privacy rights and how the law protects you.
HeC is designed with privacy in mind. By default, all data stays on your device and no information is transmitted to our servers. Optional features such as push notifications require explicit opt-in and are clearly disclosed below. By using the Service, you agree to the practices described in this Privacy Policy.
By default, HeC operates entirely on your device with no server-side data collection.
- ✔️All optional features (Push Notifications, Widgets) are disabled by default
- ✔️No personal data is collected, stored, or transmitted to our servers unless you explicitly enable an optional feature
- ✔️No analytics or tracking
- ✔️No user profiling
- ✔️No advertising
Opt-in required: Before any data leaves your device, the app presents a security disclosure explaining exactly what data will be transmitted and how it will be protected. You must explicitly confirm before the feature is activated.
Your Hetzner API tokens are stored securely using iOS Keychain.
- ✔️Tokens stored in iOS Keychain (hardware-encrypted)
- ✔️Protected by Face ID or Touch ID
- ✔️By default, tokens are never transmitted to our servers and are only used for direct Hetzner API communication
- ✔️When Push Notifications are enabled, a separate, dedicated read-only token is transmitted to the HeC Watcher service (see below)
- ✔️Deleted when you remove an account
When you enable Push Notifications, the HeC Watcher service monitors your infrastructure and delivers real-time alerts. This feature is entirely optional and disabled by default.
Data transmitted to our server when enabled:
- ✔️Apple Push Notification Service (APNS) device token - required to deliver push notifications to your device
- ✔️A dedicated read-only Hetzner API token (separate from your main app token), required to poll Hetzner Cloud API on your behalf. Read-write tokens are rejected
- ✔️Watcher configurations - server IDs, datacenter names, server type names, and monitoring preferences you configure
- ✔️A project label you assign to identify your Hetzner project
Security measures:
- ✔️Only read-only API tokens are accepted. Each token is verified against the Hetzner API before being stored, and read-write tokens are rejected
- ✔️Each device can only access its own watchers. Cross-device data access is not possible
- ✔️API tokens are encrypted at rest using AES-256-GCM with per-record random nonces
- ✔️API tokens are never logged, never included in API responses, and never exposed to any third party
- ✔️All communication uses HTTPS with TLS (certificates managed by Let's Encrypt)
- ✔️Server hosted in the EU, Germany on Hetzner infrastructure (ISO 27001 certified)
- ✔️The server has passed a comprehensive security audit covering 15 security categories
- ✔️Rate limiting, input validation, and request size limits protect against abuse
- ✔️The application runs in a hardened container with no shell access and non-root execution
Data we do NOT collect through this service:
- ✔️No personal information (name, email, phone number)
- ✔️No IP addresses are stored
- ✔️No analytics, tracking, or telemetry data
- ✔️No user accounts or passwords
Data deletion:
- ✔️Deleting a watcher immediately removes it and its associated encrypted API key from our server
- ✔️Disabling Push Notifications stops all monitoring activity
- ✔️Uninstalling the app triggers automatic cleanup: when Apple reports the device token as expired, all associated data (device record, watchers, and encrypted API keys) is permanently deleted
- ✔️You can request complete data deletion at any time by contacting us
HeC communicates directly with Hetzner Cloud API to manage your resources.
- ✔️Direct HTTPS connection to api.hetzner.cloud
- ✔️All traffic encrypted with TLS
- ✔️No intermediary servers for resource management operations
- ✔️Subject to Hetzner's privacy policy
- ✔️You control what data is accessed
App preferences and cached data are stored locally on your device.
- ✔️Settings stored in UserDefaults
- ✔️Resource cache stored on device
- ✔️No cloud sync of app data
- ✔️Data stays on your device
- ✔️Cleared when app is uninstalled
HeC uses minimal third-party services for essential functionality.
- ✔️RevenueCat for subscription management
- ✔️Apple StoreKit for in-app purchases
- ✔️Apple Push Notification Service for delivering notifications (opt-in only)
- ✔️Hetzner Cloud API for resource management
- ✔️iOS Keychain for secure storage
- ✔️Face ID / Touch ID for authentication
HeC requests only the permissions necessary for operation.
- ✔️Network access for API communication
- ✔️Face ID / Touch ID for secure authentication
- ✔️Keychain access for token storage
- ✔️Push notifications (optional, requires explicit opt-in)
HeC and the HeC Watcher service are designed with GDPR compliance in mind.
- ✔️Data minimization: only strictly necessary data is collected
- ✔️Explicit consent: all optional features require clear opt-in with security disclosure
- ✔️Right to erasure: delete your data at any time through the app or by contacting us
- ✔️Data portability: all watcher configurations are accessible through the app
- ✔️Server infrastructure located in the EU (Germany)
- ✔️No data transfers outside the EU for our services
You have full control over your data in HeC.
- ✔️Delete accounts and tokens at any time
- ✔️Delete individual watchers to remove associated data from our server
- ✔️Disable Push Notifications to stop all server-side monitoring
- ✔️Clear cached data from settings
- ✔️Uninstall to remove all local data and trigger automatic server-side cleanup
- ✔️Revoke API tokens from Hetzner Console
- ✔️Request complete data deletion by contacting us