What leaves your machine

The complete endpoint inventory Last updated: June 28, 2026

Your workspace never leaves your machine. Inspection and verdicts run locally and offline. Below is every network endpoint Dryx can ever contact, and exactly what each one sends — the complete list, including the few exceptions. Admitting the exceptions is what makes "no telemetry" believable.

Every endpoint Dryx can contact

License verification — direct download

Contacts the licensing and merchant endpoint (Keygen / Paddle) to activate your purchase and check seat limits.

Sends: your license key and a device fingerprint (a hash of a hardware identifier). Receives: valid / invalid. Note: offline-signed licenses verify locally against an embedded public key — the online check is for activation and seat limits, never your data.

Update check — Sparkle

Contacts releases.dryx.ai for the signed appcast so the app can offer updates.

Sends: the app version and platform. Receives: the appcast XML, EdDSA-verified before any update is applied.

MCP Registry verification — optional, user-initiated

When you check an MCP server's trust, Dryx contacts the registry for that server's reputation data. Off unless you use it.

Sends: the server identifier you're checking. Receives: trust and reputation data for that identifier.

Skill Shield package fetch — user-initiated

Fetches the package you point it at, so it can analyze that package before you install it.

Sends: a request to the package URL you supply. Receives: the package, to analyze locally. It fetches what you point it at — nothing else.

Webhook output — Pro, user-configured

Sends findings to your own SIEM / SOAR endpoint, only if you configure one.

Sends: the findings, to the endpoint you set. Receives: nothing. Your endpoint, your data flow.

What is never sent

No Dryx-controlled server ever sees what you inspect. Dryx never sends your scan data, your secrets or secret values, your configuration contents, behavioral telemetry, or analytics. There is no analytics SDK and no phone-home in the product.

Any future Ecosystem Contribution is opt-in and anonymized — off by default, and never your raw workspace. Until you turn it on, the list above is the whole list.

A note on this website: this page is about the Dryx app. The dryx.ai website itself uses Plausible — cookieless, privacy-friendly analytics (no cookies, no personal data, no cross-site tracking); the app sends nothing of the sort. Details in the Privacy Policy.

Don't take our word for it

This page is a claim. The next one is the test you can run yourself in five minutes to confirm it — watch the outbound connections and see for yourself. See Verify it yourself.