Polycode privacy policy
This privacy policy describes how Polycode handles data when you use the Polycode native macOS application (“the App”).
Effective date: July 3, 2026.
Who we are
Polycode is published by Anthony Izzo, doing business under the trade name “Polycode” (the “Publisher”). The Publisher is responsible for the design and operation of the App.
Contact: [email protected].
EU/UK representative: At its current scale of operations, the Publisher relies on the Article 27(2)(a) GDPR (and UK GDPR) exemption for occasional, small-scale processing that does not include special categories of data and is unlikely to result in a risk to the rights and freedoms of natural persons. The Publisher has not designated an EU/UK representative on that basis. If the Publisher’s processing activities later trigger an Article 27 obligation, the Publisher will designate a representative and update this section.
Legal basis for processing
If you are located in the European Economic Area, the United Kingdom, or Switzerland, the Publisher processes diagnostics data under Article 6(1)(f) of the GDPR (and the equivalent provisions of the UK GDPR and Swiss FADP): the Publisher’s legitimate interest in maintaining, securing, and improving the App. You may object to this processing at any time by disabling diagnostics in Settings → Privacy → Diagnostics; the App ceases transmission of diagnostics events immediately when a toggle is turned off.
Where you sign up for release notifications on polycode.me, the Publisher processes your email address on the basis of your consent (Article 6(1)(a) GDPR and equivalents), which you may withdraw at any time via the unsubscribe link in any email or by contacting [email protected] — see § The polycode.me website.
The Publisher acts as a data controller only for the diagnostics streams described in this policy. The Publisher is not a controller or processor of data you transmit directly to third-party AI providers using your own credentials. PostHog and Sentry act as processors for their respective diagnostics streams under their standard data-processing terms.
Should a supervisory authority characterize the Publisher as a joint controller for the technical act of dispatching prompts to providers under your direction, the Publisher’s processing in that capacity is limited to executing your transmission instruction and is bounded by the affirmative limits stated in this policy (“Categories not listed here are not collected”). The Publisher does not retain, log, store, or proxy the bytes that flow between your Mac and any provider endpoint.
Summary in one paragraph
Polycode has no servers in your conversation path. Your prompts and your provider API keys never reach the Publisher’s infrastructure. The App stores conversations, attachments, and preferences locally on your Mac. Anonymous, opt-out diagnostics — crash reports and bucketed product-interaction events — go to two third-party processors (PostHog and Sentry). Diagnostics never include chat content, file paths, file contents, model responses, your macOS username, email address, device serial, or any account identifier as event properties sent by the App. The App does not intentionally include your IP address in diagnostics payloads; like most internet services, PostHog and Sentry may receive your IP address at the network layer when your device connects to their ingest endpoints, but the Publisher does not use IP addresses to identify you. You can turn diagnostics off and reset your anonymous diagnostics ID at any time from the App’s Settings, and you can wipe local data by deleting conversations from the sidebar or by removing the App’s local container (see Data lifecycle § Wipe).
Information the App collects
The App collects only the information described in this section. Categories not listed here are not collected.
Stored locally on your Mac (never transmitted to the Publisher)
- Conversations and exchanges. Prompts you submit, model responses, per-provider trace records, and synthesis results, stored in a local SwiftData store inside an App Group container at
~/Library/Group Containers/group.com.izzo.polycode/. - Attachments. Files you drag-drop or paste are stored locally as bytes inside the conversation. Files you reference from a project (a “scoped-file attachment”) are stored as a path handle; bytes are read fresh from disk at submit time.
- Provider credentials. API keys you add for Anthropic, OpenAI, Google, OpenAI-compatible endpoints, and cloud gateways (Vertex AI, AWS Bedrock, Azure OpenAI Service) are stored in the macOS Keychain on your Mac under per-instance entries. The App reads them at submit time to authenticate direct calls to the provider you chose. Credentials never reach the Publisher’s infrastructure.
- Preferences and UI state. Pinned models, fan-out opt-outs, tool approval defaults, project context opt-outs, appearance settings, and similar UI state are stored locally alongside the SwiftData store and in the macOS Preferences plist.
- Indexes and caches. A local FTS5 search index over your conversations, a model-metadata cache, large-result caches, approval-session caches. All ephemeral or regenerable; all on your Mac.
For full detail on what is stored locally and how to back up, restore, migrate, or wipe it, see the Data lifecycle article.
Transmitted to third-party AI providers when you submit a prompt
When you press submit, the App sends the following directly from your Mac to each provider you have configured for that fan-out, using your own credentials:
- The prompt text you typed.
- Conversation history (prior turns in the current session).
- Any attached file content (bytes for inline-content attachments; fresh-from-disk reads for scoped-file attachments).
- The project context block, if you have a project bound to the session and have not opted out (see Data lifecycle § Project context for the full content of that block).
- Per-model system prompt overrides you have configured, if any.
The Publisher does not see, log, store, or proxy this traffic. It flows directly from your Mac to the provider’s endpoint (e.g. api.anthropic.com, api.openai.com, generativelanguage.googleapis.com, your configured OpenAI-compatible endpoint, or your configured cloud-gateway endpoint).
Each provider has its own privacy practices, retention policies, and contractual terms governing what it does with the data you send through your account. The Publisher is not a party to your relationship with those providers. The Publisher’s contract is with you, for the App you installed.
Transmitted to diagnostics processors (PostHog and Sentry)
By default the App sends two streams of anonymous diagnostics:
- Product-interaction events (PostHog). A curated allowlist of events — for example: app launched, provider added, submit started, submit failed with a categorical error code, tool invocation with an approval outcome, latency bucket reached. Each event carries only bucketed or categorical data: provider kind as one of
anthropic/openai/google/openaiCompat/foundationModels, latency bucket, error category, token-count integers. Chat content, model responses, file contents, file paths, session titles, custom endpoint names, custom endpoint URLs, custom model IDs, and personal identifiers are never emitted. - Crash and performance diagnostics (Sentry). Crash stack traces, hang diagnostics, and CPU exceptions delivered by macOS’s MetricKit subsystem. A pre-send hook scrubs basic-auth URLs, API-key shapes, email addresses, and home-directory prefixes from anything that would have been transmitted. The scrubbing pipeline is designed to remove these categories on a best-effort basis; the Publisher cannot guarantee that no unforeseen pattern slips through. If you identify residual personal information in a payload you have submitted, contact [email protected] and the Publisher will work with the relevant processor to address the issue.
Neither pipeline includes your macOS username, email address, device serial, hardware identifier, or any account identifier as event properties sent by the App. The App does not include your IP address in event properties, and the Publisher does not use IP to identify you; however, PostHog and Sentry may receive IP address information at the network layer as part of handling normal HTTPS requests to their ingest endpoints.
The product-interaction pipeline uses an anonymous install UUID generated on first launch so retention can be measured. The UUID is scoped to PostHog only — it is never passed to Sentry and never appears in crash payloads. You can regenerate it at any time from Settings → Privacy → Diagnostics → Reset diagnostics ID. One caveat applies, documented in Data lifecycle § Diagnostics: PostHog’s SDK retains an internal $device_id that a reset cannot clear. Because the App runs PostHog in anonymous-only mode (no person profiles), that identifier is not used to merge pre- and post-reset events into one profile, but a reset does not erase it.
Although this policy uses the term “anonymous” for clarity throughout, the install UUID is technically a pseudonymous identifier under GDPR Recital 26 — it does not contain personal data, but it could in theory be linked back to a specific install if combined with other information. The diagnostics streams are designed so that no such linking material is collected on the App side.
Data residency: at v1.0, the release-runner configuration sends diagnostics to PostHog US (https://us.i.posthog.com) and Sentry US. Both ingest endpoints are configurable per-build and may be moved to other clouds in future releases.
App Store privacy details
For Apple’s App Store Privacy Nutrition Label disclosures, Polycode’s data collection maps to:
- Usage Data → Product Interaction. The bucketed, allowlisted product-interaction events sent to PostHog. Not linked to your identity. Not used to track you across apps or websites owned by other companies.
- Diagnostics → Crash Data, Performance Data. Crash stack traces, hang diagnostics, and CPU exceptions sent to Sentry via MetricKit. Not linked to your identity. Not used to track you.
The App does not collect, and the App Store privacy label does not declare: Contact Info, Health & Fitness, Financial Info, Location, Sensitive Info, Contacts, User Content (chat content, attachments, project files), Browsing History, Search History, Identifiers (advertising or device-level), Purchases, or any category designated as “Data Used to Track You” under Apple’s definition. The App does not implement Apple’s App Tracking Transparency framework because the App does not engage in tracking as Apple defines it.
If the App’s collection changes in a way that affects the Privacy Nutrition Label, the Publisher will update both this section and the App Store listing.
Why we collect this information (purpose)
The App’s purpose is to be a local-first, BYOK chat client. The local storage described above exists to provide the App’s core functionality (showing your conversations, finding past sessions, paying providers via your keys). The diagnostics streams exist for two narrow reasons:
- Crash diagnostics let the Publisher fix crashes and hangs that you experience. Without them, a crash on your Mac is invisible to the developer and stays unfixed.
- Product-interaction events let the Publisher learn which features are used, where users get stuck, and how reliably each provider works. They are intentionally bucketed and categorical so individual conversations cannot be reconstructed from them.
The Publisher does not sell diagnostics, does not advertise inside the App, does not run a profile of you across sessions, and does not enrich diagnostics with data from any other source.
Sharing
The Publisher does not sell your data, does not rent it, and does not share it with marketing or advertising networks.
The App transmits data only to:
- The AI providers and cloud gateways you configure, when you press submit (using your credentials, direct from your Mac). For Vertex AI instances this includes a token exchange with Google’s OAuth endpoint (
oauth2.googleapis.com) that mints short-lived access tokens from the service-account credential you supplied — part of authenticating to the gateway you configured; no conversation content is involved. - The diagnostics processors named above (PostHog and Sentry), if and only if the corresponding diagnostics toggle is on.
- The operational endpoints below, whose requests never carry conversation content, attachments, credentials, or identifiers.
Operational connections. In the course of normal operation the App also makes these network requests:
- Model-pricing metadata. The App fetches a public model-pricing catalog (the LiteLLM project’s published manifest) from
raw.githubusercontent.comso cost estimates stay current. The request carries no user data beyond what any HTTPS request exposes at the network layer. - MCP registry. Browsing the public server directory in Settings queries
registry.modelcontextprotocol.io. This happens only when you open that browser. - MCP servers you configure. Tool calls and their arguments flow to the servers you add, under your configuration and approvals — analogous to your provider relationships, and governed by each server’s own terms.
- Remote images in model responses. When a model response includes a Markdown image hosted at a remote URL, the App’s renderer fetches that URL to display it. As with any image load in a browser or mail client, the request reveals your IP address to the host serving the image.
The Publisher does not run any backend service that holds user content. There is no Polycode-operated server, no Polycode-operated database, and no Polycode account system. The App performs no update checks, license pings, or other calls to Publisher-operated infrastructure.
For completeness: certain Settings links open polycode.me (the Publisher’s static documentation website) in your default browser. That is browser navigation rather than data sharing — the App does not transmit any account or device data to polycode.me, and polycode.me does not require an account to read. The website’s own minimal data practices are described in § The polycode.me website.
Processors and changes
The Publisher engages two processors for diagnostics: PostHog (product-interaction events) and Sentry (crash and performance diagnostics). This section is the canonical list of diagnostics processors and the Publisher’s commitment regarding changes to that list.
Advance notice. If the Publisher adds or replaces a diagnostics processor, the Publisher will update this section at least thirty (30) days before the change takes effect, where feasible. Because the Publisher does not operate user accounts, the Publisher cannot send you individual notice — please check this page periodically if you rely on its contents.
Right to object. Where the GDPR or UK GDPR applies, you may object to a new or replacement diagnostics processor before its effective date by turning diagnostics off in Settings → Privacy → Diagnostics, or by emailing [email protected]. Turning diagnostics off stops future transmission to any processor; it does not delete data already received by existing processors (see § Your rights for the processor-deletion pathway).
Business transfers. If the Publisher is involved in a merger, acquisition, financing, reorganization, or sale of all or substantially all of its assets, the Publisher’s role as controller of diagnostics and any technical configuration of the App may be transferred to the acquiring entity. Because the Publisher holds no central database of user conversations, attachments, or credentials, no “database transfer” of your local content will occur as part of any such transaction. The successor entity will remain bound by this privacy policy with respect to previously collected diagnostics, and material changes will be communicated through an update to this document.
Your rights
Because the App is local-first and the Publisher holds no account data, most data-protection rights have direct in-app equivalents:
- Right to access what the App has stored on your Mac: it is a directory of regular files at
~/Library/Group Containers/group.com.izzo.polycode/. The Data lifecycle article walks through the layout. - Right to deletion. Delete an individual conversation and its attachments from the sidebar (right-click → Delete). Settings → Privacy → Clear all credentials removes every stored credential from the Keychain (provider API keys, endpoint and MCP tokens, cloud-gateway credentials, and provider sign-in (OAuth) tokens; your anonymous install identity is not removed). Deleting
~/Library/Group Containers/group.com.izzo.polycode/and~/Library/Containers/com.izzo.Polycode/removes everything the App has stored on your Mac. See Data lifecycle § Wipe. - Right to portability. Your data is already in a directory you control, stored in structured, commonly used, and machine-readable formats: SQLite (the SwiftData store and the FTS5 index live inside SQLite files), plain text (Markdown attachments, conversation export), and JSON-shaped property lists. Back the directory up, copy it, or move it as you would any folder — see Data lifecycle § Back up and § Migrate.
- Right to opt out of diagnostics. Settings → Privacy → Diagnostics. Two toggles — usage metrics and crash reports — each off-by-flip. The diagnostics anonymous ID can be regenerated from the same screen at any time.
- Right to opt out of project context injection. Per-project, under Settings → Projects.
- No automated decision-making. The Publisher does not use your data for profiling, scoring, or automated decision-making that produces legal or similarly significant effects (GDPR Article 22). The fan-out + synthesis behavior described in the data lifecycle article is per-prompt routing of your text to the providers you have authorized; it does not produce decisions about you.
For diagnostics already shipped to PostHog and Sentry, those processors’ retention and deletion policies govern what happens going forward. Resetting your diagnostics ID stops new events being associated with the prior identifier; it does not retroactively delete data already received by those processors. If you need a specific deletion request executed at PostHog or Sentry, contact us at [email protected] and we will pass the request through, to the extent those processors honor deletion for the data we can identify (for example, by anonymous diagnostics ID).
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you also have the right to lodge a complaint with your local data-protection supervisory authority.
The Publisher will respond to data-subject access requests submitted to [email protected] within thirty (30) days, or longer where applicable law permits an extension and the Publisher provides notice of that extension within the original thirty-day window. The Publisher may request reasonable information to verify your identity (or, for diagnostics records, to associate your request with an anonymous diagnostics ID) before executing the request.
United States privacy rights
If you are a resident of a US state with a comprehensive consumer privacy law in force, you may have specific rights regarding the diagnostics data described above. As of the effective date of this policy, that includes (without limitation) residents of California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MTCDPA), Iowa (ICDPA), Delaware (DPDPA), Indiana (INCDPA), Tennessee (TIPA), Nebraska (NDPA), New Hampshire (NHPA), New Jersey (NJDPA), Maryland (MODPA), Minnesota (MCDPA), Rhode Island, and Kentucky.
No sale, no sharing, no targeted advertising, no profiling. The Publisher does not sell or share (as those terms are defined in the CCPA/CPRA and analogous state statutes) personal data, has not sold or shared personal data in the preceding twelve months, does not process personal data for targeted advertising or cross-context behavioral advertising, and does not engage in profiling that produces legal or similarly significant effects. The Publisher does not collect or process sensitive personal information (as defined by the CPRA) or sensitive personal data (as defined by VCDPA / CPA / TDPSA / similar). The Publisher does not require consent for any sensitive-data processing because none occurs.
Your rights. Subject to the law that applies to your state of residence, you may exercise the right to know / right to access, the right to delete, the right to correct, the right to data portability, and the right to opt out of diagnostics, using the in-app controls described in § Your rights, or by emailing [email protected]. The Publisher will not discriminate against you for exercising these rights.
Right to appeal. If the Publisher denies a request you submit under this section, you may appeal that decision by replying to the denial email or by sending a new request to [email protected] with the word “appeal” in the subject line. The Publisher will respond to appeals within forty-five (45) days, or longer where applicable state law permits an extension and the Publisher provides notice of that extension. If your appeal is denied, you may complain to your state attorney general or, in California, the California Privacy Protection Agency.
Authorized agents. California residents (and residents of other states whose laws recognize authorized agents) may designate an agent to make a request on their behalf. The Publisher may require the agent to provide written authorization from you and may require you to verify your identity directly before executing the agent’s request.
International transfers
If you are located outside the United States, the diagnostics streams described in this policy are received and processed by PostHog and Sentry at the United States ingest endpoints named in the Diagnostics section. United States data-protection law may differ from the law of your jurisdiction. The Publisher relies on PostHog’s and Sentry’s standard contractual clauses (or equivalent transfer mechanisms) where required by applicable law.
Security
The Publisher implements appropriate technical and organizational measures to protect diagnostics streams in transit and at rest:
- In transit. All diagnostics events are transmitted over TLS 1.2 or higher to the PostHog and Sentry ingest endpoints. The App does not accept ingest endpoints over plain HTTP.
- App-side. The scrubbing pipeline described in the Diagnostics section removes the documented categories from payloads before transmission. The diagnostics allowlist is enforced in code; events outside the allowlist are not emitted.
- Processor-side. PostHog and Sentry maintain their own security programs and certifications, including SOC 2 Type II compliance for both processors as of the effective date of this policy. The Publisher does not operate independent storage or transmission infrastructure for diagnostics.
- Local data. Conversations, attachments, indexes, caches, and the UI state blob are protected by macOS sandboxing and your Mac’s authentication. Provider API keys are stored in the macOS Keychain, which is itself protected by your login keychain credentials. The Publisher does not have a remote-access mechanism to data on your Mac.
In the event of a personal-data breach affecting diagnostics streams, the Publisher will work with PostHog and Sentry to identify scope and will notify affected users without undue delay, consistent with applicable law. Where the GDPR applies, the Publisher will notify the competent supervisory authority within seventy-two (72) hours of becoming aware of the breach, in accordance with Article 33, where the breach is likely to result in a risk to the rights and freedoms of natural persons.
Retention
- Local data. Retained on your Mac for as long as you keep the App installed and choose not to delete it. Uninstalling the App via macOS’s standard flow removes the per-app sandbox; the App Group container persists until you delete it manually (see Data lifecycle § Wipe).
- Diagnostics data. Retention is governed by PostHog’s and Sentry’s standard service retention windows for the cloud regions named above. The Publisher does not retain copies of diagnostics independently of those processors.
Children
The App is not directed to children under 13 in the United States, or under 16 in jurisdictions where the GDPR applies (subject to lower member-state ages where allowed). The Publisher does not knowingly collect personal data from children under the applicable age. Because the App has no account system, the Publisher cannot verify a user’s age at install or runtime.
If you believe a child has used the App and diagnostics data was transmitted, contact [email protected] and the Publisher will pass a deletion request through to PostHog and Sentry for any data identifiable by anonymous diagnostics ID. Local data on the child’s Mac can be wiped following the steps in the Data lifecycle article.
If the Publisher obtains actual knowledge that it has collected diagnostics data from a child under the applicable age, the Publisher will pass a deletion request through to PostHog and Sentry for any data identifiable by anonymous diagnostics ID, and will work with those processors to confirm the deletion to the extent they support deletion of pseudonymous data. The Publisher does not knowingly retain such data once actual knowledge is obtained.
The polycode.me website
This policy also covers polycode.me, the Publisher’s website where this document is published. Its data practices are deliberately minimal:
- Reading the site requires no account. The site sets no tracking cookies. It uses Cloudflare Web Analytics — a cookieless, aggregate measurement service that does not profile visitors or track them across sites — and it is served through Cloudflare’s content-delivery network, which processes IP addresses at the network layer to deliver pages and mitigate abuse, as any host does.
- Release-notification signup. If you submit your email address in the site’s “Stay up to date” form, it is stored with Resend (the Publisher’s email delivery provider, acting as a processor) in an audience list, together with a flag recording whether you expressed interest in TestFlight builds. The address is used solely to send release and availability announcements. It is not sold, shared with advertisers, enriched from other sources, or used for any other purpose.
- Unsubscribe and deletion. Every announcement email includes an unsubscribe link, and unsubscribing stops future sends. To have your address deleted from the list entirely, use the unsubscribe link or email [email protected]. Addresses are retained until you unsubscribe or request deletion.
Changes to this policy
Material changes will be reflected in this document and the “Effective date” above. Because Polycode operates without user accounts, you may not receive a direct notification when this policy is updated — please check this page periodically if you rely on its contents.
Contact
Email [email protected] for privacy questions, deletion requests to PostHog or Sentry, or comments on this document.