Privacy Policy
How Dryx handles your data (short answer: it stays on your Mac).
Effective: May 4, 2026 · Last updated: May 4, 2026
The short version
Dryx is an offline-first macOS application. Your scan data, secrets metadata, and behavioral telemetry never leave your machine. We have no servers that receive your information, no analytics dashboards tracking your behavior, and no way to see what you scan. A small number of explicitly-disclosed network calls exist (Apple StoreKit, optional MCP Registry verification, Skill Shield package fetches you initiate, and webhooks you configure). Everything else is local.
- No accounts, no login, no authentication
- No telemetry, no analytics, no crash reporting
- No advertising identifiers or tracking of any kind
- Secret values are never stored — only key names and file locations
- All scan data, behavioral baselines, and findings stay in a local SQLite database on your Mac
- Optional features that write to your files (Context Shield) are user-initiated and reversible
1. What Data We Collect
Dryx does not collect personal data. The app runs entirely on your Mac and processes information locally. Here is a complete accounting of what the app reads, stores, and (in narrow disclosed cases) transmits:
| Data Type | Handling | Details |
|---|---|---|
| AI agent config files | Local only | Read from folders you explicitly grant access to. Config structure is analyzed but never transmitted. |
| Secret key names | Local only | Key names (e.g., OPENAI_API_KEY) and their file paths are stored locally. Secret values are never read, stored, or logged. |
| MCP server names | Local only | Names of configured MCP servers are stored locally. Server names (not your data) may be sent to the MCP Registry API for verification. See Section 4. |
| Scan results & findings | Local only | Stored in a SQLite database at ~/Library/Application Support/Dryx/. |
| Behavioral baseline data | Local only | Per-agent behavioral metrics across scans (capability counts, edge counts, secret counts, etc.) used to detect anomalies. Stored in the same local SQLite database. Never transmitted. |
| Drift & monitoring history | Local only | Time-series of scan snapshots and continuous-monitoring events. Stored locally. Never transmitted unless you configure a webhook (Section 4). |
| Skill Shield analysis history | Local only | Records of pre-install analyses you've run (skill name, capabilities detected, risk rating). Stored locally. Never transmitted. |
| Preferences | Local only | Appearance settings, filter states, and dismissed hints stored in UserDefaults on your Mac. |
| Skill / MCP package contents (when you initiate Skill Shield analysis) | Fetched, analyzed locally | When you paste a URL into Skill Shield, Dryx fetches that package (e.g., from GitHub, npm, ClawHub) over HTTPS for analysis. Standard HTTP request only — no user data is sent in the request beyond what your browser would send. Analysis happens locally after fetch. |
| Personal information | None | No name, email, IP address, device identifier, or location is collected. |
| Usage analytics | None | No page views, click tracking, session recording, or behavioral analytics of any kind. |
| Crash reports | None | No crash data is sent to us. If you opt in to Apple's crash reporting in System Settings, Apple may collect standard crash logs under their own privacy policy. |
| Advertising / IDFA | None | No advertising identifiers, no IDFA, no fingerprinting, no tracking pixels. |
| App tracking | None | Dryx does not request or use App Tracking Transparency permissions and does not track users across other companies' apps or websites. |
2. How We Handle Secrets
Dryx is a security tool that maps where your secrets are exposed. We take extra care with this responsibility:
- Secret values are never read or stored. The scanner identifies that a key named
OPENAI_API_KEYexists at a specific file path and line number. It does not read, parse, or retain the key's actual value. - No secret data is transmitted. Since Dryx operates offline, secret metadata never leaves your machine.
- Scan results reference key names only. Findings in the UI and in exports reference the key name and file location, never the secret itself.
3. Local Storage
Dryx stores data in the following locations on your Mac. All of these are standard macOS application storage paths and remain entirely under your control.
- SQLite database —
~/Library/Application Support/Dryx/— Contains scan history, behavioral baselines, drift records, monitoring events, Skill Shield analysis log, findings, and bookmarks. This database is the single canonical store for all Dryx-generated data. - UserDefaults — Standard macOS preferences storage — Contains appearance settings, filter states, monitoring/Context Shield enable state, and UI preferences.
- Security-scoped bookmarks — Stored by macOS to remember folders you granted access to via the system file picker (NSOpenPanel). You can revoke access at any time by removing bookmarks in the app.
- App Group container — A macOS app-group container shared between the Dryx app and the optional macOS widget. Used to share minimal posture data (score, grade, finding counts) with the widget. This data never leaves your device.
- Authority Anchor MCP server file — A local MCP server file is created in your local user directory so AI agents on your machine can query Dryx's posture data through their standard MCP protocol. The file is local-only and contains no user data — it's an executable script.
- Context Shield shadow copies (when enabled) — If you opt into Context Shield, Dryx maintains a shadow copy of each agent instruction file it has written to, so you can roll back its changes with one click. Shadow copies are local-only.
You can delete all Dryx data at any time by removing the app and its associated folders. No data persists on any external server because no data is ever sent to one (except as expressly disclosed in Section 4).
4. Network Requests & Third-Party Services
Dryx makes a small, deliberately-limited set of outbound network requests, all explicitly disclosed below. None of them transmit your scan data, secret names, or behavioral telemetry to Dryx-controlled servers (we don't operate any).
Apple StoreKit 2 (Subscriptions, App Store version)
If you purchase a Pro or Team subscription through the App Store, the transaction is handled entirely by Apple through StoreKit 2. Dryx does not process, store, or have access to your payment information, Apple ID, or billing details. Apple's handling of this data is governed by Apple's Privacy Policy.
MCP Registry API (optional, scan-time)
During a scan, Dryx may query the public MCP Registry API (registry.modelcontextprotocol.io) to verify whether detected MCP servers are known and recognized. These queries contain only the MCP server name — no user data, file paths, secret names, or machine identifiers are included.
If you prefer fully offline operation, scans will still complete successfully without this lookup; servers will simply be classified with reduced trust information.
Skill Shield package fetches (user-initiated)
When you paste a URL or package identifier into Skill Shield (for pre-install analysis), Dryx issues an HTTPS request to that URL to fetch the package contents (e.g., from GitHub, npm registry, ClawHub, MCP.so, Glama.ai, Smithery.ai). Standard HTTP request headers only — no user data, scan results, or telemetry is included. Fetched package contents are analyzed locally after download. Whatever logging the receiving registry performs is governed by that registry's privacy policy, not Dryx's.
SIEM/SOAR webhook output (user-configured, opt-in)
If — and only if — you explicitly configure a webhook URL in Settings → Integrations, Dryx will POST scan summaries and monitoring events as JSON to that URL. The endpoint is your endpoint (a SIEM, SOAR, or HTTP collector you control or that your organization controls); Dryx does not operate it. You control:
- What is sent. Privacy modes let you choose redacted output (no full file paths or key names), executive-summary output (score plus finding counts only), or full output (the same data you'd see in an export).
- Whether secret values are included. They are not. The same secret-handling rules from Section 2 apply — only key names and file locations.
- When to disable. Disable the webhook in Settings to stop transmission immediately.
Authority Anchor MCP (local-only API exposed to your AI agents)
Dryx runs a local MCP (Model Context Protocol) server that exposes read-only security-posture queries to AI agents installed on your machine (e.g., Claude Code, Cursor). This server is local-only — it never makes outbound network calls. It listens for queries from agents on your local machine.
When your AI agents query Authority Anchor MCP, the response stays inside your machine's MCP communication. Dryx does not control what happens after your agent receives the response — if your AI agent transmits its overall conversation context to its own provider (Anthropic, OpenAI, etc.), that transmission is governed by your AI agent's provider, not by Dryx.
Direct download license activation (dryx.ai version only)
If you purchase Dryx through direct download from dryx.ai (not the App Store), license activation may verify your license key with our license-server endpoint. The verification request includes only the license key and the machine's macOS version — no scan data, no personal information. App Store users do not encounter this; Apple handles licensing.
5. Folder Access Permissions
Dryx requires read access to AI agent configuration directories to perform scans. This access is granted explicitly by you through the macOS system file picker (NSOpenPanel) and stored as security-scoped bookmarks.
- Read access for scanning is the default and covers the vast majority of Dryx's use. Scanning is purely observational — no modifications.
- You choose exactly which folders to grant access to.
- You can revoke access at any time from within the app.
- On the App Store version, all file access is governed by macOS App Sandbox restrictions.
5.1 Optional features that write to your files (user opt-in)
Some optional features require Dryx to write to files on your machine. These are off by default, require explicit user opt-in, and are reversible.
- Context Shield — When you enable Context Shield in Settings, Dryx writes a marker-delimited block of security context into your AI agent's instruction file (e.g.,
~/.claude/CLAUDE.md,~/.codex/AGENTS.md,.cursorrules, equivalent for your agent). The block is bounded by clear markers so the content Dryx added can always be identified and removed. Disabling Context Shield removes the block; a Context Shield "Cleanup" action removes any orphaned blocks in known locations. - Shadow copies — To support one-click rollback if anything (Context Shield, an AI agent, or any other tool) modifies an instruction file, Dryx maintains shadow copies of those files locally. Shadow copies are local-only and never transmitted.
- Quick Fix actions — If you click a "Quick Fix" pill on a finding (for example, "rotate this exposed secret" or "remove this orphaned config"), Dryx may execute the suggested remediation, including removing or modifying files. Each Quick Fix surfaces the exact actions before you confirm; nothing runs without your explicit click.
- Removing orphaned configurations (Ghost Agent cleanup) — If you choose to clean up a detected orphaned configuration directory, Dryx will move the directory to your macOS Trash on your confirmation. This is also a user-initiated action.
None of these write actions transmit data outside your Mac. They are explicit, opt-in, surfaced in the UI, and reversible.
6. Notifications
Dryx uses local macOS notifications (via UNUserNotificationCenter) to alert you about monitoring events and scan results. These notifications are generated and delivered entirely on your device. No push notification infrastructure or external notification service is used.
7. Children's Privacy
Dryx does not collect personal information from any user, regardless of age. Since no personal data is collected, stored, or transmitted, there is no data collected from children under 13 (or any other age threshold under COPPA, GDPR-K, or equivalent regulations).
8. Data Sharing and Transfers
We do not share, sell, rent, or transfer your data to any third party. There is no user data of ours to share — Dryx has no server infrastructure that receives user information, no database of user records, and no analytics pipeline.
The outbound network requests Dryx can make are exhaustively listed in Section 4. Briefly:
- Apple StoreKit transaction verification (handled by Apple)
- Optional MCP Registry name lookups (server name only)
- Skill Shield package fetches (only when you paste a URL)
- Webhook output to your own endpoint (only when you configure one)
- Direct-download license verification (license key + macOS version only)
None of these transfer data to Dryx-controlled servers. We do not aggregate, profile, or sell anything because we do not collect anything to aggregate.
9. Data Retention
All data generated by Dryx is stored locally on your Mac and retained until you choose to delete it. You are in full control:
- Delete individual scan snapshots from within the app.
- Remove the app and its data directories to erase everything.
- There is no remote retention because there is no remote storage.
10. Security
Dryx is designed with a security-first architecture:
- App Sandbox — The Mac App Store version runs in Apple's App Sandbox with minimal entitlements (user-selected file access, app-scoped bookmarks, outbound network restricted to the disclosed endpoints in Section 4).
- Hardened Runtime — Code signing with hardened runtime enabled, preventing code injection and unauthorized library loading.
- No remote attack surface — Dryx has no server component receiving user data, so there is no remote infrastructure for attackers to compromise to access your data.
- Notarized — The direct download version is notarized by Apple, verifying it has been checked for malicious content.
- Deterministic, no-LLM architecture — Dryx's analysis engine is rule-based and deterministic. There is no LLM in the security-analysis path, so there is no opportunity for prompt injection to influence findings.
- Patent-pending — Dryx's core security mechanisms are patent-pending across seven United States provisional filings (April 16, 2026 priority date) covering multi-party consensus, policy directive injection, adversarial request resistance, behavioral baseline, orphaned configuration detection, pre-deployment blast radius, and multi-layer enforcement.
11. Subscriptions, Auto-Renewal, and Billing
Dryx offers optional paid subscriptions that unlock additional features. Free use of Dryx does not require any subscription.
App Store subscriptions (Pro & Team)
If you subscribe through the Mac App Store:
- Subscription length and price. Pro Monthly — one month at $19.00 USD. Pro Annual — one year at $149.00 USD. Team — one month at $39.00 USD per seat (billed monthly per seat). Prices may differ in non-USD currencies, regions, or as updated through App Store Connect.
- Auto-renewal. Subscriptions automatically renew at the same price and period unless auto-renewal is turned off at least 24 hours before the end of the current period.
- Payment. Your Apple ID account is charged for renewal within 24 hours prior to the end of the current period.
- Managing or canceling. Subscriptions can be managed and auto-renewal can be turned off in your Apple ID Account Settings on your device after purchase.
- Free trial behavior, if offered. Any unused portion of a free trial period is forfeited when the user purchases a subscription.
- Refunds. Refunds for App Store purchases are handled by Apple under their refund policies. Contact Apple Support to request a refund.
For Apple-issued terms governing your App Store purchase, see the Apple Media Services Terms and Conditions.
Direct-download subscriptions and Lifetime Deal (dryx.ai)
If you purchase through dryx.ai directly, the subscription or Lifetime Deal is governed by the Terms of Service at dryx.ai/terms, including refund and cancellation rules described there.
12. Children's Privacy (continued)
Dryx is intended for adult professional use (typically developers, security researchers, and IT/compliance professionals). The product is not directed at children under 13. Because the App does not collect personal information from any user, regardless of age, no information from children is collected, stored, or transmitted.
13. Changes to This Policy
If we make material changes to this privacy policy, we will update the "Last updated" date at the top of this page and, where practical, notify users through the app. Our commitment to offline-first, no-collection architecture is foundational to Dryx and is not something we intend to change.
14. Your Rights
Under GDPR, CCPA, and other privacy regulations, you have the right to access, correct, delete, and port your personal data. Because Dryx does not collect or store personal data on any server, these rights are inherently satisfied — your data is already entirely in your possession, on your machine, under your control. You can:
- View all Dryx-stored data in
~/Library/Application Support/Dryx/ - Delete individual scan snapshots from within the app
- Remove the app and all associated data directories at any time
- Disable any optional feature (Context Shield, Continuous Monitoring, Webhook Output, Authority Anchor MCP) from Settings
If you have any questions about your data or this policy, we are happy to help.
15. Contact
If you have questions or concerns about this privacy policy or Dryx's data practices, contact us at:
Email: [email protected]
Website: dryx.ai
Operator: Matthew Jackson, doing business as Dryx AI Security, Salt Lake City, Utah, United States.