Privacy Policy

Last updated: 21 April 2026

ProxmoxVue is a local-first iPad client app with an optional cloud add-on. What leaves your device depends on the mode you choose.

What stays on your device

When you add a Proxmox host, the following is stored on your device:

• The host's display name, URL, and TLS preference (SwiftData — iOS on-device storage).
• Your authentication credentials — API token, or username + password, depending on the method you chose. Stored in the iOS Keychain, accessible only to this app and only while the device is unlocked.
• For OIDC logins (e.g. Authentik, Keycloak): the session ticket and CSRF token are held in memory only — never persisted. A new browser-login is required if the session expires.

Direct mode — what leaves your device

By default ProxmoxVue communicates directly and exclusively with the Proxmox server(s) you add:

• Standard Proxmox VE REST API calls (/api2/json/...) using the credentials you configured.
• For OIDC: one browser session with your identity provider (e.g. Authentik, Keycloak) to obtain an authorization code, which is exchanged with your Proxmox server.

In direct mode, nothing is sent to any third party on our behalf.

Cloud mode — what happens when you enable it

Cloud mode is opt-in and requires two things: (1) installing proxmoxvue-agent, a small self-hosted daemon, on a Linux machine in your homelab; and (2) an active Cloud subscription. The daemon is the bridge between your Proxmox and our cloud layer. The app continues to use direct API for everything else.

What goes to Supabase (EU-hosted)

• Heartbeat: daemon liveness pings (timestamp, daemon identifier).
• Operational status snapshots: node online/offline, VM/CT state counts, storage-free totals. Never VM contents, guest data, or user activity inside guests.
• Command queue: pending iOS-to-daemon actions (e.g. "start VM 101"), delivered once and then deleted.

What never goes to Supabase

• Your Proxmox credentials (stored only in the iOS Keychain and on your daemon host).
• Your OIDC tokens.
• VM or container contents, guest data, user passwords.

Push notifications (Apple APNS)

When a relevant event occurs (node offline, failed backup, VM down, etc.) a push is delivered via Apple Push Notification Service. The payload is limited to event type and reference identifiers — never hostnames, credentials, or VM contents.

Retention

Operational data in Supabase is automatically deleted after 30 days. Push tokens are retained while you subscribe and deleted immediately on unsubscribe.

Your control

Stopping proxmoxvue-agent stops all cloud functionality immediately. The daemon runs on a host you own, auditable via SSH and your own logs. All outgoing connections go to a single endpoint (our EU-hosted Supabase project), so you can restrict its egress to just that host in your own firewall — full control over where the daemon communicates.

What we collect as a company

We keep collection minimal:

• Anonymous app telemetry via TelemetryDeck (EU-hosted): app opens, feature-usage events (e.g. "added host", "started VM"), iPad model, iOS version. Hash-based anonymization per install — no user IDs, no hostnames, no credentials, no content.
• Supabase access logs (in cloud mode only): Supabase maintains its own operational access logs per its privacy policy — those are their responsibility; we don't export or analyze them.
• App Store aggregate download statistics as provided by Apple. No personal data about you.

No advertising identifiers. No third-party marketing SDKs. No crash-reporting SDK that ships PII off-device.

Third-party services

Depending on what you enable, the app may contact:

• Your Proxmox server(s) — always, in direct mode.
• Your identity provider (Authentik, Keycloak, etc.) — only if you choose OIDC login.
• Supabase EU — only in cloud mode, via the daemon.
• Apple Push Notification Service — only if you enable cloud push.
• TelemetryDeck (EU) — anonymous app telemetry, always on.

For OIDC and your Proxmox server, those contracts are between you and the operator — not us.

Your Proxmox server

Your Proxmox server logs its own API calls. Review its logging and retention policies directly with the administrator (which may be you).

Children

ProxmoxVue is not directed at children under 13. It's a system administration tool.

Changes

If this policy changes materially, the app update notes will mention it and this page will be updated with a new "Last updated" date.

Data controller

Data controller in the sense of the GDPR:

MJ Consultancy B.V.
Paganiniplantsoen 14
2151 GH Nieuw-Vennep
Netherlands
Email: hello@proxmoxvue.app

Legal basis (GDPR)

We process personal data only on the following grounds:

• Article 6(1)(b) GDPR — performance of a contract (provision of the app and any Cloud subscription).
• Article 6(1)(f) GDPR — legitimate interest in technical stability, security, and product improvement via anonymous telemetry.

No data is processed on the basis of consent; should that change in the future, you will always be able to withdraw your consent.

Your rights (GDPR)

Under the GDPR you have the right to:

• Access your data (Art. 15 GDPR)
• Rectification of inaccurate data (Art. 16 GDPR)
• Erasure — the "right to be forgotten" (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Object to processing (Art. 21 GDPR)

You also have the right to lodge a complaint with a supervisory authority (e.g. in the Netherlands: the Dutch Data Protection Authority; in Germany the BfDI or the relevant state authority).

Security

We implement appropriate technical and organizational measures to protect your data against loss, misuse, and unauthorized access. Credentials are stored only locally in the iOS Keychain; the cloud component uses encrypted connections (HTTPS / TLS 1.2+) and EU hosting.

Contact

Questions about privacy: see the support page, or email hello@proxmoxvue.app directly.

← Back to ProxmoxVue