Skip to main content
DRIFTSTACK

Run many accounts, safely apart.

You run more than one account because the work demands it — client accounts at an agency, regional storefronts, seller profiles. The hard part isn't running them. It's keeping them apart.

One shared fingerprint is all it takes.

Most services don't link accounts by name or email — they link them by device. Every browser exposes a fingerprint: what a website can measure about a visitor — screen, fonts, graphics quirks, dozens of small signals that add up to "this is the same machine again." Sign into ten accounts from one browser and the service quietly knows those ten accounts share a device.

That's why bans cascade. One account trips a rule, the device gets flagged, and every account that ever touched that device goes down with it — including the ones that never put a foot wrong. Separate Chrome profiles, incognito windows, a spreadsheet of logins: none of it changes what the site can measure.

One account, one phone.

A Driftstack profile is a persistent identity that lets each account look like its own physical phone — every session, every time.

Each account gets its own phone

Persistent profiles: separate cookies, storage, history, and device identity per profile

Identities that hold up

The hidden 'device photos' sites take to spot fakes (canvas + WebGL hashes) match millions of real iPhones — not a new unique value per session like every other API

Its own corner of the world

Bring your own proxy or VPN, attached per profile — language and clock settings follow the exit's location

It even moves like a person

Taps, swipes and keystrokes generated from patterns of real human movement, consistent per profile

The desktop app is built for exactly this workday: keep 10 to 200 logged-in profiles saved and ready, open the ones you need as live sessions, and switch between them like browser tabs (your plan sets how many run at the same time). Organize the fleet in folders, tag profiles by client, launch with one click, and pop any account out into its own floating device window. No code anywhere in the loop.

This is what the Manual ladder is for.

A person clicking → Manual. It's priced on one number: how many sessions you keep open at the same time.

See Manual pricing →

Start free first — one profile, 20-minute sessions, no card required.

One honest line before you build on us: Driftstack keeps accounts apart; staying inside each service's rules stays your call. The boundary is written down in plain words in the Acceptable Use Policy — read it before you sign up if you're unsure.

Before you ask — asked and answered.

Architecture + sessions

Are these real iPhones or emulated?

Neither — and that's the point. Driftstack runs the same browser code Apple ships on the iPhone: our own build of Apple's WebKit + Safari source code (the same C++ program code that runs on iOS), running on Apple's M-series Macs (macOS, Apple Silicon). Macs and iPhones share the same Apple chip family, so the engine is identical to a physical iPhone's — the same JavaScript engine (JavaScriptCore), the same page-rendering engine (WebCore), the same building blocks a fingerprint is made from, and, crucially, the same family of graphics chips. Everything a website can measure from inside a page — drawing output (canvas), 3D graphics (WebGL), audio, and the browser's own internals (navigator, prototype chain, error stacks) — matches a real iPhone bit for bit, because the same code produces it on the same chip family. The only differences sit so deep in the operating system that no website can read them from a page (kernel timings far below the web's reach), and detection that targets those is vanishingly rare in practice.

Does Driftstack work with Playwright / Selenium / Puppeteer?

Not by connecting them directly — those tools speak Chrome's remote-control protocol (CDP / WebDriver), and Driftstack deliberately offers no CDP passthrough: no Chrome DevTools Protocol WebSocket, no WebDriver endpoint. connectOverCDP(), puppeteer.connect(), and Selenium/WebDriver clients cannot attach to a session. Instead you drive sessions through the typed Driftstack SDK over structured REST actions — navigate, interact (tap / type / scroll / press), wait, capture, extract, state, search, and login. If you have an existing Playwright/Puppeteer script, you reshape it into those discrete actions rather than pointing the same client at a new endpoint. SDK quickstarts at /sdk/typescript-quickstart, /sdk/python-quickstart, /sdk/go-quickstart.

Where do my sessions actually run?

Sessions run in one EU region. Customer data in our databases — accounts, profiles, audit logs, session metadata — stays in the EU; uploaded files (avatars, for example) use Cloudflare's storage network, which can replicate outside the EU. The sub-processor list has the full breakdown with each provider's region. From EU locations, your commands typically reach our API in under 30 milliseconds, and a full round trip — your click going in, the live picture coming back — takes under 100. US and Asia-Pacific customers see proportionally longer round trips, since the sessions stay in the EU.

Acceptable use

Is X allowed? (sneaker bots / scraping / ad fraud / etc.)

The full Acceptable Use Policy is at /legal/aup — read it before signing up if you're unsure. Short version: Driftstack is built for legitimate automation — QA, accessibility testing, market research, regulated-industry compliance testing, agency multi-client management, AI-agent-driven flows. We don't allow attacks on third-party systems, fraud (ad fraud, fake-account creation, payment fraud), CSAM (child sexual abuse material) or other illegal content, large-scale scraping that breaks a site's terms of service (ToS) by getting around logins or past a site's reasonable rate limits, or operating sneaker bots / ticket bots against vendors who have publicly prohibited bot purchasing. Suspected abuse triggers an account review under the Acceptable Use Policy's escalation process; persistent violations terminate the account.

What happens if Driftstack as a business goes away?

Two protections. (1) Data portability: profiles + audit logs + session metadata can be exported as CSV/JSON from the dashboard or via the API at any time, so customers can take their data with them on any timeline. (2) Self-hosted option: Enterprise + Self-hosted licensees receive source escrow — an independent third party holds a copy of our source code. If the cloud service is ever wound down, the escrow agreement releases the browser engine (the WebKit fork) and the management software (the control-plane code) so customers can keep running everything on their own hardware indefinitely. We carry no investors and no debt, so the most likely "Driftstack goes away" scenario is a planned wind-down with months of notice, not a sudden shutoff. Self-hosted on day one is the answer for customers who can't accept any cloud-vendor risk.

Everything else is on the full FAQ.

Keep them apart. Keep them alive.

Open a real iPhone session on the free tier and watch a profile hold its identity across runs — no card required.