About
We build one thing: real iPhones in the cloud.
One engine. One product. Engineered for fidelity.
Driftstack ships iPhone Safari sessions on demand, built on real WebKit — the same engine every physical iPhone runs — with nothing quietly modified while the browser is running ("patched at runtime"), so there's nothing for detection systems to spot. Our servers and your account data live in the EU (EU-resident control plane), and the scope stays deliberately narrow: one product, two ways to use it, no land-grab.
What we're building
iPhone Safari fidelity, on demand.
Most stealth browsers fake an iPhone by patching the browser's behaviour on the fly (rewriting JavaScript at runtime). Detection systems are built to catch exactly that — the fingerprint values those tools return, like the canvas and WebGL hashes (values derived from how the browser draws an invisible test image), come out 100% unique per session: the literal opposite of a real iPhone, which returns the same hash as millions of other iPhones. Driftstack takes a different approach: we run Apple's WebKit source code, the same engine that ships on every real iPhone. Nothing is rewritten at runtime, so there's nothing for detection to find. The fingerprint your code reads is the fingerprint a real iPhone would send.
Why we exist
Stealth browsing matures.
For the last decade, the field has been an arms race of patching browsers on the fly (runtime patching) that always favoured the detector. We think the next decade looks different: real browser engines, real device profiles, transparent metering (billing you can see and check), and customer-configurable egress (SOCKS5 · WireGuard · OpenVPN): session traffic leaves for the web through an exit you control — your own proxy or VPN (what's egress?). See /trust/security-overview for the security posture. Driftstack ships that future for iPhone Safari first, because that's the device that matters most for commerce, ticketing, and account workflows.
Posture
Things you'll notice.
Run from the EU (EU-resident control plane)
Compute and database run in the EU. Uploaded files (avatars, for example) sit on Cloudflare's R2 storage, which can replicate outside the EU. Session execution and a few processors (the Mac fleet, the optional AI agent, the live-view stream) transfer to the US under Standard Contractual Clauses + the EU-US Data Privacy Framework — no undisclosed flows. Standard Contractual Clauses are the EU's standard legal contract for sending data abroad, and nothing is transferred that isn't disclosed. The per-vendor breakdown — who runs where, doing what, on which legal basis — lives on /trust/sub-processors.
No behavioural data collection
We don't log your destination URLs, response bodies, or session content. We don't train models on your traffic. We don't sell datasets. Our coordination service (the control plane) sees only the basics about each session — its ID, when it started and stopped (session metadata) — and whether your license is valid. That's everything we touch.
Honest scope
We say no to things we can't ship well. Touch, scroll, and typing that come from real human recordings and move like a real hand — each profile keeping its own habits (the behavioural input engine, with a per-profile persona) — ship at v1.0; we'll keep saying what's live and what's roadmap, not the other way around. The recipe library is live at v1.0: save a finished agent-session as a replayable step-by-step recipe, then view, list, or delete your saved recipes. Running a saved recipe (recipe execution) lands at v1.1. SOC 2 is a future-revenue milestone, not today's marketing line.
Operating commitments
What we promise to do.
Promises matter most once you're paying for production access and can't unwind a commitment. So we publish the operating commitments every customer can hold us to, with public links to verify each one.
Per-merge security audit, on a cadence
Every meaningful slice of code merged is re-audited against the same six questions before it ships: can an API key reach more than it was granted (scope-reach)? Could a secret end up stored or logged in readable form (plaintext leakage)? Can a repeated request accidentally run twice (idempotency)? Can log entries be forged (audit-log injection)? Can one account see another's data (account-scope leakage)? Can a dashboard login be stolen (web-session-token security)? Findings with closure status published at /security . A deeper full audit ("pre-flight") runs before each new customer's first paid month — their first production billing cycle.
Disaster recovery, rehearsed before it's needed
Eleven disaster-recovery (DR) scenarios documented with concrete recovery commands — host loss (a dead server), Postgres corruption (the database), Redis loss (the cache), R2 object loss (stored files), signing-key rotation under attack (replacing a compromised key mid-incident), bad deploys, cert renewal failures (expired security certificates), Cloudflare Pages regressions (our website host breaking), and a multi-day Hetzner regional outage (our hosting provider losing a region for days). Every scenario is rehearseable on staging — our test copy of the platform — before commercial activation. How incidents get published: /trust/incidents .
30 days' warning before we change vendors — Article 28(2)
Sub-processors are the outside companies that handle customer data for us. Every change to our sub-processor list (additions, removals, region migrations) is published 30 days before it takes effect at /trust/sub-processors . If a new sub-processor doesn't meet your requirements, those 30 days are your right-of-objection window: you can object and terminate the affected portion of service.
If we ever shut down, you keep the software (source escrow)
Enterprise customers and Self-hosted licensees get access to our source code — the modified WebKit engine (the WebKit fork) + the control-plane source — under a written escrow agreement: a neutral third party holds a copy. If Driftstack sunsets the cloud service, escrow releases the source so customers can continue running on their own hardware indefinitely. The FAQ "what if Driftstack goes away?" entry has the full mechanics.
Company facts
Who you're dealing with.
- Entity
- Dutch BV
- Headquarters
- Netherlands
- Focus
- One product, deliberately narrow
- Funding
- Independent — customer-funded
- Sub-processors
- /trust/sub-processors
- Contact
- [email protected]
Ready when you are
Want to try it?
Start free — one profile, 20-minute sessions on real iPhone Safari, no card required. Perpetual, no expiry.