SecurSSH is an EU-headquartered company building a team-first SSH access platform for technical organisations that take data residency, GDPR and end-to-end encryption seriously. Founded in 2026, we host exclusively inside the European Union and design for engineering teams rather than for generalist IT buyers.
Most SSH tooling on the market either treats credentials as a convenience problem - synced plaintext blobs across devices - or buries security behind enterprise pricing that small and mid-sized teams cannot reach. SecurSSH exists to give a competent technical team a credible SSH workspace at a fair price: client-side encrypted vaults, real RBAC, a real audit log, and EU jurisdiction by default. The promise is simple: the people running the service cannot read your secrets, and your data does not leave the European Union.
The list below is intentionally limited to features available in production right now. Roadmap items - SSO SAML, SOC 2 Type II, FIDO2, session recording, mobile apps - are documented separately and never marketed as acquired.
AES-GCM encryption applied client-side with PBKDF2 100k key derivation. The server stores ciphertext only and cannot read vault content, even under operator coercion.
Separate vaults per project, customer or environment. Membership is granted per vault, so a contractor accesses one engagement without seeing the rest of the team workspace.
Admin, member and viewer roles enforced both client-side and server-side. Viewers connect without write rights on credentials; admins handle membership and audit access.
Every sensitive action - host edits, role changes, invitations, vault writes - is logged for 24 months on Team plans, indefinitely on Enterprise. Records are queryable from the team console with filters per actor, action type and date range.
All vault data, audit records and account metadata stay inside the European Union. No replication to the United States, no sub-processor outside the EEA for personal data storage.
Account holders trigger a one-click deletion that removes profile data, vault content and team membership. Article 17 is honoured by design, not by a support ticket.
Signed and notarised applications for macOS (Intel and Apple Silicon), Windows 10/11 and Linux (AppImage and .deb). Auto-updates verify signatures before installation.
SecurSSH runs exclusively on European Union infrastructure. Production workloads and backups are hosted inside the EEA, with backups encrypted at rest and retained in the same jurisdiction. The exact provider and regions are disclosed under NDA on Enterprise contracts.
Because no personal data crosses to the United States, the legal uncertainty introduced by the SCHREMS II ruling does not apply to SecurSSH customers. EU teams operate under a single, predictable legal regime.
SecurSSH is built by a small team of engineers with backgrounds in systems administration, applied cryptography and B2B SaaS. We are based in the European Union and we run the company remotely.
Founder profiles and team biographies are being finalised and will be published on this page shortly.
We publish the roadmap, including what is shipped, what is partial, and what is planned. No SOC 2 badge before the audit, no SSO marketing before the integration ships.
Hosting, processing and sub-processing inside the European Union. We design around GDPR rather than retrofitting it, and we surface data residency as a primary feature, not a footnote.
A sober technical product for technical teams. We document architecture in plain language, we acknowledge gaps, and we measure ourselves against shipped behaviour, not promises.