Skip to main content

Privacy & security

This page is a description of Purrchiver’s actual behavior on your Mac. Every claim here is verifiable using tools you already have (Activity Monitor, Console, the macOS app inspector).

For the legal-style privacy policy, see purrchiver.app/privacy/.

What Purrchiver does NOT do

ClaimHow to verify
No network requests. Purrchiver does not have the com.apple.security.network.client entitlement at all.Right-click the .app in Finder → Show Package Contents → Contents/Resources/Purrchiver.entitlements. There is no network.client key. Confirm with: codesign -d --entitlements - /Applications/Purrchiver.app in Terminal.
No telemetry. No usage data, no analytics events, no behavioral pings, no “anonymous statistics.”Open Activity Monitor → Network tab. Purrchiver shows 0 bytes sent, 0 bytes received during normal use.
No third-party SDKs. No Firebase, no Sentry, no Mixpanel, no RevenueCat, no analytics SDK of any kind.otool -L /Applications/Purrchiver.app/Contents/MacOS/Purrchiver lists the linked frameworks. All are Apple-shipped (/System/Library/Frameworks/...) or libraries vendored inside the app bundle (@rpath/...). No third-party telemetry frameworks present.
No ads. Anywhere in the app, at any time. After every extract or compress, the only thing that happens is the progress bar transitions to “Done”.See “The post-completion rule” below for the full design statement.
No subscriptions, no in-app purchases. Purrchiver is $19.99 once on the Mac App Store, fully functional.Mac App Store listing shows no IAPs. App is fully functional immediately on install.
No “rate this app” prompt. Ever.App contains no SKStoreReviewController calls. Verifiable via strings on the binary: `strings /Applications/Purrchiver.app/Contents/MacOS/Purrchiver
No “share your archive” prompt.App has no share-sheet integration triggered post-extract or post-compress.
No automatic update checks. Mac App Store handles all updates; Purrchiver doesn’t independently check.No update-check code in the binary; no network entitlement to check anything.

What Purrchiver DOES do

ClaimHow to verify
App Sandbox enabled. Purrchiver only accesses files you explicitly grant it.Entitlements file includes com.apple.security.app-sandbox = true. macOS enforces this; Purrchiver cannot read your filesystem at large.
User-selected file access only. Purrchiver reads files via NSOpenPanel / NSSavePanel (the standard file pickers) or via files dragged onto its window/dock icon. No ~/Library browsing, no /Users scanning.Entitlements include com.apple.security.files.user-selected.read-write. No com.apple.security.files.all (which would grant unrestricted access).
Passwords are session-only. Archive passwords you type live in memory for the duration of the open archive only. They are NEVER written to Keychain, app preferences, unified logs, or anywhere on disk.security find-generic-password -s "Purrchiver" in Terminal returns “could not be found” — confirming the policy.
Sanitized log output. Username and home directory paths are scrubbed before logs are saved. File names and file contents are never captured.log show --predicate 'subsystem == "com.coreydaley.purrchiver"' --info --last 1h in Terminal shows recent Purrchiver log entries. No usernames, no full paths.
AES-256 archive encryption. The same algorithm 7-Zip and WinRAR use. Verified post-creation.See Encrypted archives for the full encryption story.

The post-completion rule

When an extract or compress operation finishes, here’s exactly what happens — and what doesn’t:

  1. The toolbar progress bar transitions to “Done.” That’s the only UI change Purrchiver itself makes. No ad banner, no interstitial, no modal, no upsell, no focus change, no window pop-up, no “rate this app” prompt, no “share to social” prompt.
  2. If you opted in to completion notifications in Settings → General (off by default): one quiet macOS notification, no sound. macOS shows it the same way whether Purrchiver is frontmost or in the background — it’s a standard system notification you control with System Settings → Notifications → Purrchiver, not a Purrchiver popup.
  3. That’s it. There is nothing else.

The contract is that an extract or compress finishes and Purrchiver gets out of the way.

Data Purrchiver stores locally

Purrchiver stores the following on your Mac, all in standard macOS locations you can inspect and delete:

WhatWhereWhy
Preferences (settings, saved presets)~/Library/Containers/com.coreydaley.purrchiver/Data/Library/Preferences/com.coreydaley.purrchiver.plistApp configuration. Plain plist; readable with plutil -p.
Local logs (sanitized)macOS Unified Logging (log show --predicate 'subsystem == "com.coreydaley.purrchiver"')Debugging. Stays on your Mac. Never sent anywhere.

Purrchiver does NOT store the archives you open or their contents. Your file paths never leave your Mac.

Purrchiver does write short start / done lines to macOS’s unified log for each extract and compress — that’s how a debug-friendly Mac app surfaces what happened when something goes wrong. The entries are local-only, redact identifying details via OSLog privacy specifiers, and are never transmitted on their own. The only way one of them leaves your Mac is if you go to Settings → Advanced → Send sanitized log to developer, preview the exact bytes, and click Send in your mail client.

Data Purrchiver sends off your Mac

None. Purrchiver has no network entitlement. There is no server. There is no API. There is no cloud component. There is no anonymous analytics. There is no opt-in telemetry. There is nothing.

This is the only privacy claim that matters. Everything else is detail.

Crash reports

Purrchiver never silently or automatically sends crash reports. It has no network entitlement and no server to talk to. The only way a crash report leaves your Mac is if you explicitly click Send inside your own mail client, after reviewing and (optionally) editing what’s being sent.

How the opt-in flow works:

  1. After a crash, Purrchiver reads the standard macOS crash log from ~/Library/Logs/DiagnosticReports/Purrchiver-...ips and sanitizes it on-device — your username and home directory path are scrubbed; filenames and file contents are never captured at any stage.
  2. If you opted in (Settings → General → Offer to send an error report when something goes wrong), Purrchiver offers to send the sanitized payload. You can also trigger this manually any time via Settings → Advanced → Send sanitized log to developer.
  3. You see a preview sheet showing exactly what would be sent. You can Cancel, Copy to Clipboard, or proceed to Send via Mail.
  4. Send via Mail opens your default mail client (Mail, Mimestream, whatever you’ve configured) with a pre-filled draft addressed to corey@purrchiver.app. Nothing has left your Mac yet. Edit it, delete it, or close it — and nothing is transmitted.
  5. The send only happens when you click Send in your mail client.

There is no third-party crash collector (no Sentry, no Crashlytics, no Firebase) and no Purrchiver-operated crash server. See Crash reports and bug-report email for the full workflow.

If you’d rather not use the in-app offer at all, you can also email a .crash file by hand:

  1. Open Console (Spotlight → Console).
  2. Pick Crash Reports in the sidebar.
  3. Find the Purrchiver entry.
  4. Right-click → Reveal in Finder.
  5. Email the .crash file to corey@purrchiver.app.

How to fully remove Purrchiver

If you uninstall:

  1. Drag Purrchiver to the Trash. (Removes the app itself.)
  2. Remove preferences and caches:
    rm -rf ~/Library/Containers/com.coreydaley.purrchiver

That’s everything. Purrchiver has no installer hooks, no LaunchAgents, no LaunchDaemons, no kernel extensions, no system framework installations. It’s just a .app bundle and the container directory above.

Marketing copy claims

The line on the homepage and footer — “No cookies. No tracking. No consent banners.” — refers to the website. The same principle applies to the app: no telemetry, no ad SDKs, no third-party tracking, no anything.

Both claims are true because they’re verifiable. The website uses Cloudflare Web Analytics (cookie-free, no PII, GDPR/CCPA compliant without consent banners — see website privacy policy). The app uses no analytics at all.

Questions?

Email corey@purrchiver.app. I’m happy to walk through any of the verification steps above, or to clarify any claim that’s unclear. Email goes directly to me, the developer — no ticketing system, no chatbot, no auto-responder.