Privacy Policy

Last updated: February 2026

What AFK Does

AFK is a companion app for Claude Code. It relays session activity from your Mac to your iOS device and lets you send commands remotely. AFK acts as a bridge — it does not run AI models or process your code.

Data We Collect

• Account information: Apple ID (opaque user identifier provided by Sign in with Apple) or email address if you register with email/password.
• Device information: Device name and OS version, used to identify your enrolled devices.
• Session metadata: Project path, git branch, session status, token counts, and timestamps. This metadata helps you track your Claude Code sessions.
• Session events: Tool calls, assistant messages, and other session activity relayed from your Mac agent. When end-to-end encryption (E2EE) is enabled, event content is encrypted on-device and the server cannot read it.
• Push notification tokens: APNs device tokens for delivering notifications. These are device identifiers, not personal data.
• Subscription data: If you subscribe to AFK Pro, Apple provides us with transaction identifiers and subscription expiry dates for managing your plan. We do not receive your payment method or billing details.

End-to-End Encryption

AFK supports end-to-end encryption using Curve25519 key agreement and AES-256-GCM. When E2EE is enabled, session content is encrypted on your Mac and can only be decrypted on your iOS device. The server routes encrypted data without the ability to read it — zero-knowledge architecture.

Data We Do Not Collect

• We do not collect analytics or usage telemetry.
• We do not serve advertisements.
• We do not sell, share, or trade your data with third parties.
• We do not read your code. In E2EE mode, we cannot.

Data Retention

• Free tier: Session events are retained for 7 days, then automatically deleted.
• Pro tier: Session events are retained for 90 days.
• Account data: Retained until you request deletion.

Data Deletion

You can request deletion of your account and all associated data by emailing [email protected] or opening an issue on our GitHub repository. Upon deletion, all session data, device enrollments, and account information are permanently removed.

Third-Party Services

• Apple Push Notification service (APNs): Used to deliver push notifications to your iOS device.
• Sign in with Apple: Used for authentication. Apple provides an opaque user identifier; we do not receive your Apple ID password.
• App Store: Subscription purchases are processed by Apple. We receive transaction identifiers but not payment details.

Security

All communication between the iOS app, Mac agent, and backend server uses TLS. Authentication uses JWT tokens with short expiry. WebSocket connections require pre-authenticated tickets. Command signing uses Ed25519 with replay protection.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated through the app or on this page.

Contact

For privacy questions or data deletion requests, email [email protected] or open an issue on our GitHub repository.