← Blog

Why We Build Privacy-First Software

Our rule is simple. If an app does not need your data to do its job then we do not collect it. You can check that yourself.

Every app you install is a small negotiation. It wants something from you. Most of the time the thing it wants is your data. That means your location, your contacts, your usage patterns, your email address, and a device identifier that quietly follows you from one app to the next. The negotiation is usually invisible. It hides inside a permission prompt you tap through and a privacy policy you will never read.

We build the other kind of app.

Every product in our portfolio starts from a single principle. If an app does not need your data to do its job then we do not collect that data. We do not mean that we gather it and promise to be careful. We do not mean that we anonymize it. We simply never take it in the first place. That is not a marketing line. It is an engineering decision that shapes how every app gets built. It is also something you can confirm for yourself in about thirty seconds.

What Data Not Collected Actually Means

Open any of our apps on the Mac App Store and scroll down to the App Privacy section. You will see two words. They are Data Not Collected. Apple makes every developer declare exactly what an app gathers. That label is the strictest one available. It means the app has no analytics, no tracking, no advertising identifiers, no crash reporter phoning home, and nothing at all leaving your Mac.

None of that is a sacrifice for a menu bar utility. It is simply the obvious way to build one. A brightness controller has no reason to know your IP address. A keep awake toggle has no reason to want your email. A Bitcoin ticker needs the price of Bitcoin and nothing about the person watching it. When an app is built to do one thing well the list of data it truly needs is usually empty.

How We Enforce It Rather Than Promise It

Privacy policies are promises. Promises can be broken quietly and you would never find out. So we do not rely on them. We let the operating system enforce our claims in a way we could not undo even if we wanted to.

Every app we ship runs inside the macOS App Sandbox. The sandbox is a hard boundary around what an app is allowed to touch. On top of that we give each app only the capabilities it actually uses. The most important one is the network.

If an app has no reason to reach the internet then we do not give it the network entitlement. Without that entitlement the sandbox blocks every outbound connection the app might attempt. This is not a switch we can flip from a server. It is compiled into the app and checked by macOS itself. DimBar and Steadwick both ship this way. Even if we wanted to slip out a single byte of telemetry the operating system would refuse to open the connection.

We also include a privacy manifest in every app. It declares which system capabilities the app relies on and why. We list only the ones it genuinely uses. The result is an app whose behavior matches its promises because the platform will not allow anything else.

When An App Genuinely Needs Data

Some products cannot be fully local. A weather app has to know which city to show. A price ticker has to reach a market data source. A transcription tool has to process audio. When an app genuinely needs to reach out we hold it to four rules.

  • Minimum necessary. The app asks for only what the feature needs and only while that feature is running. A weather lookup needs a location and not a contact list.
  • Never linked to you. We do not build profiles or attach identifiers. We do not connect what you do in one app to what you do in another. A request for the Bitcoin price carries the price and nothing about who asked for it.
  • Never sold. We never sell, rent, share, or trade your data. There is no data broker relationship because there is no data to broker.
  • Always transparent. Every app has its own privacy policy. It states in plain language exactly what the app touches and why.

Satova is the clearest example. It needs one thing from the internet. That one thing is the current price of Bitcoin. It reads that price from a public market data source that needs no account and receives nothing about you. The request goes out and the price comes back. The exchange leaves no trace of you anywhere.

How To Verify All Of This Yourself

You do not have to take our word for any of it. That is the entire point. Open the App Store page for one of our apps and read the App Privacy section. Read the app’s privacy policy right here on this site. And if you want the strongest proof of all then look at whether the app ships with the network entitlement. An app without that entitlement cannot connect to anything no matter what its code tries to do. We built our apps so that the strongest claim we can make is also the one you can check without trusting us at all. That claim is simple. An app collects nothing.

The Cost We Choose To Pay

Building this way is not free. Without analytics we cannot watch how a feature gets used or catch a crash the moment it happens on your machine. Without accounts we cannot sync your settings across your devices. We give those things up on purpose.

In exchange there are no servers to breach, no behavioral database to leak, and no profile of you sitting somewhere waiting to be sold. Our apps launch instantly and run offline. They cost nothing to keep private because privacy here is the absence of infrastructure rather than an expensive addition to it. When something does need fixing we would rather you tell us than take it from you in the background.

A growing number of people are tired of being the product. They are tired of every small utility wanting an account, an email, and a subscription. For those people an app that simply does its job and asks for nothing is not just refreshing. It is the whole reason to choose it.

That is how we think software should work. So that is how we build it.