Legal

Privacy Statement

Last updated: July 8, 2026

The short version: Jump Hippo has no accounts, no telemetry, and no third-party tracking. Everything you create in the app — tunnel definitions, jump-host chains, credentials, and settings — stays on your own device, and the traffic you tunnel goes straight to the hosts you choose. This website sets no cookies and runs no analytics.

This statement explains how the Jump Hippo desktop application and the jumphippo.com website handle your information. Both are built and maintained by Jason Figge. The principle behind both is the same: Jump Hippo is a local-first tool, so your data belongs to you and stays with you.

1. The Jump Hippo app

Your data stays on your device

Tunnel definitions — local ports, destinations, SSH servers, jump-host chains, auth choices — along with your settings are stored in local files under your operating system's user-profile folder. None of it is uploaded to us or to any cloud service — there is no Jump Hippo account and no server that holds your configuration. You can back it up, move it, or delete it yourself at any time.

The traffic you tunnel

Jump Hippo's whole job is to bind a local port and forward its bytes over an SSH connection you configure — optionally through jump hosts you choose — to a destination you choose. That traffic goes directly from your computer, over your own SSH connection, to those destinations. It does not pass through us, and we never see, log, proxy, or store the bytes you tunnel.

Secrets and credentials

SSH passwords, private-key passphrases, and other secrets are encrypted at rest on your machine. They stay local, they are never transmitted to us, and the renderer never receives a decrypted secret — decryption happens only in the app's background process at the moment a connection is made.

SSH host keys

Jump Hippo verifies each SSH host against your known_hosts file on a trust-on-first-use basis: the first time it meets an unrecognised host it asks you to confirm the key rather than accepting it silently. This host-key material lives on your device and is used only to make and validate your own SSH connections.

Software updates

Jump Hippo can check GitHub for new releases and download them. Update checks are non-forced and user-visible — you can use “Check for Updates” yourself. That connection reaches GitHub's servers and is subject to GitHub's privacy statement. You can also ignore update prompts and download new versions manually instead.

Logs and diagnostics

The app keeps a local, rotating log of its own lifecycle and error events to help you troubleshoot — it redacts your secret values. Nothing is sent anywhere automatically. Any diagnostics export bundles recent logs and build info into a single file only if you ask it to, and it is entirely up to you whether to share that file (for example, when filing a bug report).

No telemetry

Jump Hippo contains no analytics SDKs, usage tracking, crash-reporting services, advertising, or “phone-home” beacons. The optional donation link simply opens a page in your browser; the app does not track whether you visit it or give.

2. This website

Static, cookie-free, no analytics

jumphippo.com is a static website. It sets no cookies, runs no analytics or advertising scripts, and includes no third-party tracking. Fonts are loaded from your own system, so there are no web-font CDN requests either.

Hosting

The site is hosted on GitHub Pages. As with any web host, GitHub may process standard technical information — such as your IP address and browser user-agent — in server logs in order to deliver and protect the site. We do not receive or store those logs; that processing is governed by GitHub's privacy practices, not ours.

Content loaded from GitHub

A few pages load public data directly from GitHub in your browser: the Feature Requests page lists open issues from the project's repository, and the download links point to GitHub Releases. When those load, your browser connects to GitHub, subject to GitHub's privacy statement.

Outbound links

Links to GitHub and other external sites take you to third parties that have their own privacy policies, which we don't control.

3. What we never do

4. Your data and your rights

Because we don't collect or hold personal data about you, there is nothing on our side to access, correct, export, or delete. The information the app stores lives on your own device and is fully under your control — you can view, edit, back up, or erase it at any time. If you are in a region with data-protection laws such as the GDPR or CCPA, those rights are effectively satisfied because no personal data about you ever leaves your machine for us.

5. Changes to this statement

If this statement changes, we'll update the “Last updated” date above and post the revised version here. Because the site is open source, its full history is also visible in the project's GitHub repository.

6. Contact

Questions about privacy? Open an issue on GitHub.