How Scry encrypts your screen

Our relay only does introductions. It helps your two devices discover each other and connect, then it steps aside and the live session flows directly between them. One session is exactly two devices: yours and yours. No extra viewers, no server sitting in the middle of your picture.

Most sessions stay fully direct. When a strict network or firewall makes a direct path impossible, the connection can fall back to routing through our relay.

We're precise about this on purpose. Our relay handles the introductions and knows connection details: which of your devices connected to which, and when. It also verifies your account and Pro access for the paths that need it.

What it never sees is the contents of your session. Even when a strict network forces the connection to route through our relay, it only ever forwards already-encrypted packets it cannot read. The keys aren't ours, so the bytes stay sealed. We can't see your screen, your keystrokes, or your clipboard.

Classic VNC often ships with no built-in transport encryption, so reaching a machine over the internet traditionally means standing up an SSH tunnel and forwarding ports on every box. RDP exposed to the open internet is a well-known attack surface. Both put the burden of getting encryption and reachability right on you, per machine.

Scry is encrypted by default. You pair with a code and one account. There is no per-server setup, no SSH tunnel, and no port forwarding, and the encryption is part of the standard rather than something you configure. See the deeper write-up on encrypted remote desktop without VNC setup.

On the device you share from, Scry needs screen-recording access to capture the display, and accessibility/input access to let you control it from your other device. These are standard operating-system permissions you grant explicitly, and Scry only captures while a session is active.

On the device you view from, no special permissions are required beyond connecting to your account.

On locked-down networks, Stealth Mode can route your encrypted connection so it looks like ordinary secure web traffic. It disguises the connection on restrictive networks; it does not add to or change the encryption. Stealth Mode is a Pro feature and is not available in the browser viewer.

Desktop builds use signed automatic updates on macOS, Windows, and Linux. Update checks contact bravely.dev to look for newer signed builds; those checks do not transmit anything from your sessions.

Scry uses product analytics for events like onboarding completion, paywall views, purchase restore attempts, and connection success or failure. The contents of your sessions, your screen, and your clipboard are never sent to analytics.

Every client includes a Settings control to disable analytics. Required account and billing requests, such as purchase restoration or Pro access checks, continue to work even if analytics is off.

Web purchases are handled by our payments processor. Mobile purchases use the Apple App Store or Google Play billing system. We keep the minimum entitlement data required to verify your purchase and unlock Pro across your devices. Payment card details never reach our servers.

For account recovery, billing questions, or bug reports, contact Scry support.

For security-sensitive reports, email security@bravely.dev.