End-to-end encrypted team vault
AES-GCM encryption applied client-side with PBKDF2 100k key derivation. The server stores ciphertext only and cannot read vault content, even under operator coercion.
Company — founded 2026
About SecurSSH
SecurSSH is an EU-headquartered company building a team-first SSH access platform for technical organisations that take data residency, GDPR and end-to-end encryption seriously. Founded in 2026, we host exclusively inside the European Union and design for engineering teams rather than for generalist IT buyers.
100%
EU-hosted
E2E
AES-GCM encrypted
24 mo
Audit retention
2026
Founded
Our mission
A credible SSH workspace at a fair price
Most SSH tooling on the market either treats credentials as a convenience problem - synced plaintext blobs across devices - or buries security behind enterprise pricing that small and mid-sized teams cannot reach. SecurSSH exists to give a competent technical team a credible SSH workspace at a fair price: client-side encrypted vaults, real RBAC, a real audit log, and EU jurisdiction by default. The promise is simple: the people running the service cannot read your secrets, and your data does not leave the European Union.
In production today
What we ship today
The list below is intentionally limited to features available in production right now. Roadmap items - SSO SAML, SOC 2 Type II, mobile apps - are documented separately and never marketed as acquired.
Multi-vault segmentation
Separate vaults per project, customer or environment. Membership is granted per vault, so a contractor accesses one engagement without seeing the rest of the team workspace.
Three-tier RBAC
Admin, member and viewer roles enforced both client-side and server-side. Viewers connect without write rights on credentials; admins handle membership and audit access.
24-month audit log
Every sensitive action - host edits, role changes, invitations, vault writes - is logged for 24 months on Team plans, indefinitely on Enterprise. Records are queryable from the team console with filters per actor, action type and date range.
EU data residency
Your vault content is end-to-end encrypted and stored in the European Union. Audit records and account metadata are stored in the European Union as well.
GDPR right-to-erasure built-in
Account holders trigger a one-click deletion that removes profile data, vault content and team membership. Article 17 is honoured by design, not by a support ticket.
Native desktop apps
Applications for macOS (Intel and Apple Silicon), Windows 10/11 and Linux (AppImage and .deb). Signed and notarised on macOS; Windows code-signing in progress. Auto-updates verify signatures before installation.
Data residency
Where we host
European Union only
SecurSSH runs exclusively on European Union infrastructure. Production workloads and backups are hosted inside the EEA, with backups encrypted at rest and retained in the same jurisdiction. The exact provider and regions are disclosed under NDA on Enterprise contracts.
Your vault content is end-to-end encrypted and stored in the European Union. EU teams operate under a single, predictable legal regime.
The company
Who we are
SecurSSH is built by a small team of engineers with backgrounds in systems administration, applied cryptography and B2B SaaS. We are based in the European Union and we run the company remotely.
Founder profiles and team biographies are being finalised and will be published on this page shortly.
How we work
Values
Transparency
We publish the roadmap, including what is shipped, what is partial, and what is planned. No SOC 2 badge before the audit, no SSO marketing before the integration ships.
EU-first
Hosting, processing and sub-processing inside the European Union. We design around GDPR rather than retrofitting it, and we surface data residency as a primary feature, not a footnote.
No hype
A sober technical product for technical teams. We document architecture in plain language, we acknowledge gaps, and we measure ourselves against shipped behaviour, not promises.