Privacy Policy
How Dryx handles your data (short answer: it stays on your Mac).
Effective: May 4, 2026 · Last updated: June 28, 2026
The short version
Dryx is an offline-first macOS application. Your inspection data, secrets metadata, and behavioral telemetry never leave your machine. We have no servers that receive your information, no analytics dashboards tracking your behavior, and no way to see what you inspect. A small number of explicitly-disclosed network calls exist (Apple StoreKit, optional MCP Registry verification, Skill Shield package fetches you initiate, and webhooks you configure). Everything else is local.
The website is separate from the app. The dryx.ai website uses Plausible — privacy-friendly, cookieless analytics that records aggregate page views, referrers, and countries only, with no cookies, no personal data, no cross-site tracking or fingerprinting, and EU hosting. That's why the site needs no cookie banner. The Dryx app contains no analytics of any kind.
- No accounts, no login, no authentication
- No telemetry, analytics, or crash reporting in the app
- Website analytics are cookieless and privacy-friendly (Plausible) — no cookies, no personal data, no cross-site tracking
- No advertising identifiers or tracking of any kind
- Secret values are never stored — only key names and file locations
- All inspection data, behavioral baselines, and findings stay in a local SQLite database on your Mac
- Optional features that write to your files (Context Shield) are user-initiated and reversible
1. What Data We Collect
Dryx does not collect personal data. The app runs entirely on your Mac and processes information locally. Here is a complete accounting of what the app reads, stores, and (in narrow disclosed cases) transmits:
| Data Type | Handling | Details |
|---|---|---|
| AI agent config files | Local only | Read from folders you explicitly grant access to. Config structure is analyzed but never transmitted. |
| Secret key names | Local only | Key names (e.g., OPENAI_API_KEY) and their file paths are stored locally. Secret values are never read, stored, or logged. |
| MCP server names | Local only | Names of configured MCP servers are stored locally. Server names (not your data) may be sent to the MCP Registry API for verification. See Section 4. |
| Inspection results & findings | Local only | Stored in a SQLite database at ~/Library/Application Support/Dryx/. |
| Behavioral baseline data | Local only | Per-agent behavioral metrics across inspections (capability counts, edge counts, secret counts, etc.) used to detect anomalies. Stored in the same local SQLite database. Never transmitted. |
| Drift & monitoring history | Local only | Time-series of inspection snapshots and continuous-monitoring events. Stored locally. Never transmitted unless you configure a webhook (Section 4). |
| Skill Shield analysis history | Local only | Records of pre-install analyses you've run (skill name, capabilities detected, risk rating). Stored locally. Never transmitted. |
| Preferences | Local only | Appearance settings, filter states, and dismissed hints stored in UserDefaults on your Mac. |
| Skill / MCP package contents (when you initiate Skill Shield analysis) | Fetched, analyzed locally | When you paste a URL into Skill Shield, Dryx fetches that package (e.g., from GitHub, npm, ClawHub) over HTTPS for analysis. Standard HTTP request only — no user data is sent in the request beyond what your browser would send. Analysis happens locally after fetch. |
| Personal information | None | No name, email, IP address, device identifier, or location is collected. |
| App usage analytics | None | The Dryx app performs no usage analytics — no click tracking, session recording, or behavioral analytics of any kind. (The dryx.ai website uses cookieless, aggregate analytics — Plausible — disclosed above.) |
| Crash reports | None | No crash data is sent to us. If you opt in to Apple's crash reporting in System Settings, Apple may collect standard crash logs under their own privacy policy. |
| Advertising / IDFA | None | No advertising identifiers, no IDFA, no fingerprinting, no tracking pixels. |
| App tracking | None | Dryx does not request or use App Tracking Transparency permissions and does not track users across other companies' apps or websites. |
2. How We Handle Secrets
Dryx is a developer tool that maps where your AI-agent secrets are exposed. We take extra care with this responsibility:
- Secret values are never read or stored. Dryx identifies that a key named
OPENAI_API_KEYexists at a specific file path and line number. It does not read, parse, or retain the key's actual value. - No secret data is transmitted. Since Dryx operates offline, secret metadata never leaves your machine.
- Inspection results reference key names only. Findings in the UI and in exports reference the key name and file location, never the secret itself.
3. Local Storage
Dryx stores data in the following locations on your Mac. All of these are standard macOS application storage paths and remain entirely under your control.
- SQLite database —
~/Library/Application Support/Dryx/— Contains inspection history, behavioral baselines, drift records, monitoring events, Skill Shield analysis log, findings, and bookmarks. This database is the single canonical store for all Dryx-generated data. - UserDefaults — Standard macOS preferences storage — Contains appearance settings, filter states, monitoring/Context Shield enable state, and UI preferences.
- Security-scoped bookmarks — Stored by macOS to remember folders you granted access to via the system file picker (NSOpenPanel). You can revoke access at any time by removing bookmarks in the app.
- App Group container — A macOS app-group container shared between the Dryx app and the optional macOS widget. Used to share minimal posture data (score, grade, finding counts) with the widget. This data never leaves your device.
- Authority Anchor MCP server file — A local MCP server file is created in your local user directory so AI agents on your machine can query Dryx's posture data through their standard MCP protocol. The file is local-only and contains no user data — it's an executable script.
- Context Shield shadow copies (when enabled) — If you opt into Context Shield, Dryx maintains a shadow copy of each agent instruction file it has written to, so you can roll back its changes with one click. Shadow copies are local-only.
You can delete all Dryx data at any time by removing the app and its associated folders. No data persists on any external server because no data is ever sent to one (except as expressly disclosed in Section 4).
4. Network Requests & Third-Party Services
Dryx makes a small, deliberately-limited set of outbound network requests, all explicitly disclosed below. None of them transmit your inspection data, secret names, or behavioral telemetry to Dryx-controlled servers (we don't operate any).
Apple StoreKit 2 (Subscriptions, App Store version)
If you purchase a Pro or Team subscription through the App Store, the transaction is handled entirely by Apple through StoreKit 2. Dryx does not process, store, or have access to your payment information, Apple ID, or billing details. Apple's handling of this data is governed by Apple's Privacy Policy.
MCP Registry API (optional, inspection-time)
During an inspection, Dryx may query the public MCP Registry API (registry.modelcontextprotocol.io) to verify whether detected MCP servers are known and recognized. These queries contain only the MCP server name — no user data, file paths, secret names, or machine identifiers are included.
If you prefer to skip this lookup entirely, inspections will still complete successfully without it; servers will simply be classified with reduced trust information.
Skill Shield package fetches (user-initiated)
When you paste a URL or package identifier into Skill Shield (for pre-install analysis), Dryx issues an HTTPS request to that URL to fetch the package contents (e.g., from GitHub, npm registry, ClawHub, MCP.so, Glama.ai, Smithery.ai). Standard HTTP request headers only — no user data, inspection results, or telemetry is included. Fetched package contents are analyzed locally after download. Whatever logging the receiving registry performs is governed by that registry's privacy policy, not Dryx's.
SIEM/SOAR webhook output (user-configured, opt-in)
If — and only if — you explicitly configure a webhook URL in Settings → Integrations, Dryx will POST inspection summaries and monitoring events as JSON to that URL. The endpoint is your endpoint (a SIEM, SOAR, or HTTP collector you control or that your organization controls); Dryx does not operate it. You control:
- What is sent. Privacy modes let you choose redacted output (no full file paths or key names), executive-summary output (score plus finding counts only), or full output (the same data you'd see in an export).
- Whether secret values are included. They are not. The same secret-handling rules from Section 2 apply — only key names and file locations.
- When to disable. Disable the webhook in Settings to stop transmission immediately.
Authority Anchor MCP (local-only API exposed to your AI agents)
Dryx runs a local MCP (Model Context Protocol) server that exposes read-only security-posture queries to AI agents installed on your machine (e.g., Claude Code, Cursor). This server is local-only — it never makes outbound network calls. It listens for queries from agents on your local machine.
When your AI agents query Authority Anchor MCP, the response stays inside your machine's MCP communication. Dryx does not control what happens after your agent receives the response — if your AI agent transmits its overall conversation context to its own provider (Anthropic, OpenAI, etc.), that transmission is governed by your AI agent's provider, not by Dryx.
Direct download license activation (dryx.ai version only)
If you purchase Dryx through direct download from dryx.ai (not the App Store), license activation may verify your license key with our license-server endpoint. The verification request includes only the license key and the machine's macOS version — no inspection data, no personal information. App Store users do not encounter this; Apple handles licensing.
5. Folder Access Permissions
Dryx requires read access to AI agent configuration directories to perform inspections. This access is granted explicitly by you through the macOS system file picker (NSOpenPanel) and stored as security-scoped bookmarks.
- Read access for inspection is the default and covers the vast majority of Dryx's use. Inspection is purely observational — no modifications.
- You choose exactly which folders to grant access to.
- You can revoke access at any time from within the app.
- On the App Store version, all file access is governed by macOS App Sandbox restrictions.
5.1 Optional features that write to your files (user opt-in)
Some optional features require Dryx to write to files on your machine. These are off by default, require explicit user opt-in, and are reversible.
- Context Shield — When you enable Context Shield in Settings, Dryx writes a marker-delimited block of security context into your AI agent's instruction file (e.g.,
~/.claude/CLAUDE.md,~/.codex/AGENTS.md,.cursorrules, equivalent for your agent). The block is bounded by clear markers so the content Dryx added can always be identified and removed. Disabling Context Shield removes the block; a Context Shield "Cleanup" action removes any orphaned blocks in known locations. - Shadow copies — To support one-click rollback if anything (Context Shield, an AI agent, or any other tool) modifies an instruction file, Dryx maintains shadow copies of those files locally. Shadow copies are local-only and never transmitted.
- Quick Fix actions — If you click a "Quick Fix" pill on a finding (for example, "rotate this exposed secret" or "remove this orphaned config"), Dryx may execute the suggested remediation, including removing or modifying files. Each Quick Fix surfaces the exact actions before you confirm; nothing runs without your explicit click.
- Removing orphaned configurations (Ghost Agent cleanup) — If you choose to clean up a detected orphaned configuration directory, Dryx will move the directory to your macOS Trash on your confirmation. This is also a user-initiated action.
None of these write actions transmit data outside your Mac. They are explicit, opt-in, surfaced in the UI, and reversible.
6. Notifications
Dryx uses local macOS notifications (via UNUserNotificationCenter) to alert you about monitoring events and inspection results. These notifications are generated and delivered entirely on your device. No push notification infrastructure or external notification service is used.
7. Children's Privacy
Dryx does not collect personal information from any user, regardless of age. Since no personal data is collected, stored, or transmitted, there is no data collected from children under 13 (or any other age threshold under COPPA, GDPR-K, or equivalent regulations).
8. Data Sharing and Transfers
We do not share, sell, rent, or transfer your data to any third party. There is no app user data of ours to share — Dryx has no server infrastructure that receives your information, no database of user records, and no analytics pipeline for app usage. The dryx.ai website's cookieless visit analytics (Plausible) are aggregate and anonymous, never tied to an individual, and never sold.
The outbound network requests Dryx can make are exhaustively listed in Section 4. Briefly:
- Apple StoreKit transaction verification (handled by Apple)
- Optional MCP Registry name lookups (server name only)
- Skill Shield package fetches (only when you paste a URL)
- Webhook output to your own endpoint (only when you configure one)
- Direct-download license verification (license key + macOS version only)
None of these transfer your data to Dryx-controlled servers. We do not aggregate, profile, or sell your data.
9. Data Retention
All data generated by Dryx is stored locally on your Mac and retained until you choose to delete it. You are in full control:
- Delete individual inspection snapshots from within the app.
- Remove the app and its data directories to erase everything.
- There is no remote retention because there is no remote storage.
10. Security
Dryx is designed with a security-first architecture:
- App Sandbox — The Mac App Store version runs in Apple's App Sandbox with minimal entitlements (user-selected file access, app-scoped bookmarks, outbound network restricted to the disclosed endpoints in Section 4).
- Hardened Runtime — Code signing with hardened runtime enabled, preventing code injection and unauthorized library loading.
- No remote attack surface — Dryx has no server component receiving user data, so there is no remote infrastructure for attackers to compromise to access your data.
- Notarized — The direct download version is notarized by Apple, verifying it has been checked for malicious content.
- Deterministic, no-LLM architecture — Dryx's analysis engine is rule-based and deterministic. There is no LLM in the security-analysis path, so there is no opportunity for prompt injection to influence findings.
- Patent-pending — Dryx's core security mechanisms are patent-pending across seven United States provisional filings (April 16, 2026 priority date) covering multi-party consensus, policy directive injection, adversarial request resistance, behavioral baseline, orphaned configuration detection, pre-deployment blast radius, and multi-layer enforcement.
11. Subscriptions, Auto-Renewal, and Billing
Dryx offers optional paid plans that unlock additional features. Free use of Dryx does not require any subscription.
Mac App Store version (free)
The Mac App Store version of Dryx is free, read-only inspection. It has no paid subscriptions or in-app purchases. All paid plans (Pro, Team) and the Founding Member Lifetime are available only via direct download from dryx.ai.
Direct-download plans and Lifetime Deal (dryx.ai)
Paid plans and the Lifetime Deal are purchased through dryx.ai via a third-party payment processor acting as merchant of record, which handles billing, tax, and a customer portal for managing or canceling your subscription. Billing, refunds, and cancellation are governed by the Terms of Service at dryx.ai/terms and the Refund Policy at dryx.ai/refunds.
12. Children's Privacy (continued)
Dryx is intended for adult professional use (typically developers, security researchers, and IT/compliance professionals). The product is not directed at children under 13. Because the App does not collect personal information from any user, regardless of age, no information from children is collected, stored, or transmitted.
13. Changes to This Policy
If we make material changes to this privacy policy, we will update the "Last updated" date at the top of this page and, where practical, notify users through the app. Dryx is offline-first: your workspace never leaves your machine, and any Ecosystem Contribution is strictly opt-in. If we ever introduce an opt-in way to contribute anonymized data, it will be off by default, clearly disclosed, and never required to use Dryx.
14. Your Rights
Under GDPR, CCPA, and other privacy regulations, you have the right to access, correct, delete, and port your personal data. Because Dryx does not collect or store personal data on any server, these rights are inherently satisfied — your data is already entirely in your possession, on your machine, under your control. You can:
- View all Dryx-stored data in
~/Library/Application Support/Dryx/ - Delete individual inspection snapshots from within the app
- Remove the app and all associated data directories at any time
- Disable any optional feature (Context Shield, Continuous Monitoring, Webhook Output, Authority Anchor MCP) from Settings
If you have any questions about your data or this policy, we are happy to help.
15. Contact
If you have questions or concerns about this privacy policy or Dryx's data practices, contact us at:
Email: [email protected]
Website: dryx.ai
Operator: Dryx AI, Inc., a Utah corporation. Founder and inventor of record: Matthew Jackson. Salt Lake City, Utah, United States.