Privacy Policy

The short version: Purrchiver doesn’t collect anything about you. No analytics, no telemetry, no tracking, no account, no cloud sync, no third-party services. The app runs entirely on your Mac. The only data that ever leaves your Mac is a crash report you explicitly choose to send via your own email client — and even then, it’s scrubbed first.

If that’s enough for you, you’re done. The rest of this page explains the specifics in case you need them.

What we don’t do

Purrchiver does NOT:

Collect personal information of any kind
Track usage, behavior, sessions, or feature engagement
Send telemetry, analytics, diagnostics, or beacons to any server
Use third-party analytics services (no Google Analytics, no Mixpanel, no Amplitude, no Firebase, no Segment, no Sentry, no anything)
Include third-party advertising SDKs of any kind
Show ads, sponsored content, affiliate links, or rewarded prompts
Sell, share, or rent any data — we have none to sell
Require an account, login, registration, or email address
Sync your archives, settings, or activity to any cloud service
Use cookies (there’s no web component in the app)
Fingerprint your device, network, or hardware

The above isn’t a “best effort” promise. The Purrchiver binary contains no analytics SDKs and no network-tracking code, period. You can verify this independently — see “Verifying these claims” near the end.

What stays on your Mac (and only on your Mac)

Some information is stored locally on your Mac so the app works correctly. None of it leaves your Mac unless you explicitly take an action that sends it.

Local-only data:

Your Purrchiver settings — Default view (single-pane / dual-pane), default compression format, default action when opening archives, file-type associations, and similar preferences. Stored in standard macOS preferences (~/Library/Containers/com.coreydaley.purrchiver/Data/Library/Preferences/).
Folder access permissions you’ve granted — When you pick a folder via “Choose Folder…” in the dual-pane file browser, macOS issues a security-scoped bookmark that Purrchiver stores locally. This is how App Sandbox works on macOS; nothing about it leaves your Mac.
Archive passwords are session-only. When you type a password to unlock an encrypted archive, it lives in the open window’s memory for the duration of that session and nothing else. Purrchiver does not write archive passwords to the macOS Keychain, to app preferences, to unified logs, or anywhere on disk. Closing the window discards the password. You can verify this in Terminal: security find-generic-password -s "Purrchiver" returns “could not be found” because there is nothing there.
Recent archives list (if implemented) — A local list of recently-opened archives may be kept for the “Recent” menu. This list is stored in preferences, never transmitted.
Application logs — Purrchiver writes diagnostic events to macOS’s unified logging system (os.log). These logs live on your Mac like any other app’s logs. They never auto-transmit. You can view them with the macOS Console app, search for subsystem:com.coreydaley.purrchiver.

The one thing that can leave your Mac (only if you explicitly choose)

Crash reports — opt-in, never automatic.

If you opted in to crash reporting during first-launch onboarding (it’s off by default), and Purrchiver crashes, you’ll be offered the opportunity to send a sanitized crash report to the developer. Two important properties of this flow:

It’s never automatic. Sending requires you to click a button after reviewing what’s being sent. If you don’t click, nothing is sent.
The report is sanitized before you see it. Your username and home directory path are scrubbed from log entries before saving. File names and file contents are never included in crash reports — only system-level crash information (stack traces, library versions, the macOS version, the Mac model).
Reports go via your own email client. Purrchiver doesn’t operate a crash-collection server. The “Send report” action opens your default mail client (Mail.app or whatever you’ve configured) with a pre-filled message addressed to corey@purrchiver.app. You can review, edit, or cancel before sending.

There is no other surface in Purrchiver that transmits data off your Mac. None.

Required Reason API usage (Apple Privacy Manifest)

Per Apple’s requirements (effective May 2024), Purrchiver declares the following Required Reason API usage in its bundled PrivacyInfo.xcprivacy file:

NSPrivacyAccessedAPICategoryFileTimestamp — reasons C617.1, DDA9.1, 0A2A.1, 3B52.1 — Purrchiver reads file modification timestamps when showing archive contents, preserving them on extract, sweeping its own cache directory, and preserving mtime into newly-created archives. Used only within the app context; never transmitted.
NSPrivacyAccessedAPICategoryDiskSpace — reason E174.1 — Purrchiver checks available disk space before extraction to warn you if an archive won’t fit. Never transmitted.
NSPrivacyAccessedAPICategoryUserDefaults — reason CA92.1 — Purrchiver reads its own preferences via NSUserDefaults. The reads are scoped to its own preference container; no other app’s preferences are accessed.

No other Required Reason APIs are used. No third-party SDKs are bundled, so no third-party Required Reason API declarations apply.

App Sandbox and macOS permissions

Purrchiver runs under Apple’s App Sandbox with these entitlements:

com.apple.security.app-sandbox — full sandbox enabled
com.apple.security.files.user-selected.read-write — read/write access only to files you’ve explicitly chosen (via Open dialog, drag-drop onto the app, or the dual-pane folder picker)

Purrchiver has NO entitlement for:

Outgoing network connections (the binary cannot make network requests)
Incoming network connections
Camera, microphone, contacts, calendar, photos, or location
Bluetooth, USB, or hardware devices
Apple Events (no scripting or controlling other apps)
Inheriting parent process privileges

If macOS prompts you for permission to access a folder, that’s the normal sandbox security check, not a data-collection attempt. Purrchiver only sees what you explicitly grant access to.

Third-party services

Purrchiver uses zero third-party services. Specifically:

No cloud storage (no iCloud, Dropbox, Google Drive, OneDrive integration)
No authentication providers (no Sign in with Apple, no OAuth)
No content delivery networks called from the app
No remote configuration services
No A/B testing infrastructure
No feature-flag services
No remote update mechanisms (Purrchiver updates only via the Mac App Store)

The app includes vendored open-source code (libarchive, UnRAR, LZMA SDK, libzstd, liblz4) plus Apple’s AppleArchive framework — these are compiled into the binary at build time. None of them make network calls from within Purrchiver.

Marketing website (purrchiver.app)

This website uses Cloudflare Web Analytics — a privacy-preserving analytics service that:

Uses no cookies
Collects no personally identifiable information
Doesn’t track you across other sites
Is GDPR/CCPA compliant without requiring a consent banner

If you’d rather not be counted in the aggregate visit statistics, blocking the static.cloudflareinsights.com domain in your browser will do that. Nothing on this website requires the analytics to function.

The website does not set any other tracking cookies, run any other analytics, or share any data with third parties.

Children’s privacy

Purrchiver is not directed at children under 13 and does not knowingly collect any information from any user, regardless of age. The “no data collection” stance applies universally.

Since Purrchiver doesn’t collect, store, or transmit any personal data, requests under GDPR, CCPA, or similar regulations (right to access, right to deletion, right to portability, etc.) are simple to fulfill: we have nothing about you to access, delete, or port.

If you’ve sent a crash report via your email client, that report exists in our support email inbox. You can request its deletion at any time by contacting corey@purrchiver.app with the subject line “Privacy: delete my crash report” and we’ll delete the relevant emails. (We don’t index or retain crash reports beyond what’s necessary to diagnose the underlying bug.)

Changes to this policy

If this policy changes, the change will be reflected here with an updated “Last updated” date below. Material changes — anything that changes what data Purrchiver collects, stores, or transmits — will also be announced in the Purrchiver release notes for the version that introduces the change.

This policy applies to the version of Purrchiver currently distributed via the Mac App Store. If you’re running a development build or a pre-release version, additional logging may be active that the production version doesn’t have; any such pre-release builds are clearly marked.

Verifying these claims

You don’t have to take our word for any of this. You can verify the no-network-traffic claim directly:

Open Activity Monitor → Network tab while using Purrchiver. Purrchiver should show 0 bytes sent and 0 bytes received throughout normal use.
Use Little Snitch or LuLu (third-party network monitors) to inspect outbound connection attempts. Purrchiver makes none.
Inspect the app’s entitlements with codesign -d --entitlements - /Applications/Purrchiver.app — there is no com.apple.security.network.client (or …network.server) entry, so the kernel refuses outbound and inbound socket connections regardless of what’s in the binary. The entitlements are the binding constraint; everything else is corroboration.

If you find any network activity coming from Purrchiver that contradicts this policy, email corey@purrchiver.app immediately and we’ll treat it as a P0 bug.

Contact

Privacy questions, concerns, or correction requests:

Email: corey@purrchiver.app
Subject line: prefix with “Privacy:” so it routes correctly
Postal contact available upon request for jurisdictions that require it

The developer is Corey Daley, operating as an individual Apple Developer (not a corporate entity). Responses are best-effort and typically arrive within a few business days.

Effective date: 2026-05-23 Last updated: 2026-05-23

This policy was written by hand to be as clear as possible. If anything here is unclear, that’s a bug — let us know.