FAQ

Sentinel is $19.99 one-time. No subscription, no renewal, no in-app purchases. Pay once and it is yours.

After purchase you receive a license key by email. Open Sentinel, paste the key when prompted, and the app activates. One license covers one Mac at a time. Your license is stored securely in the macOS Keychain. Sentinel will not ask again after the first activation.

Yes. Visit the License Transfer page, enter your email and license key, and we will send a one-time transfer link to your inbox. Clicking it on your new Mac deactivates the old one and activates the new one. You can transfer as many times as you need.

No. One license covers one active Mac at a time. If you transfer to a new Mac, the old one stops working. If you need coverage on multiple machines, purchase a separate license for each.

Sentinel requires macOS 26 Tahoe or later and an Apple M chip (M1 or later). Intel Macs are not supported.

No. Sentinel collects nothing. There are no servers, no analytics, no telemetry, no crash reports. Everything the app records stays locally on your Mac and never leaves your device. See the Privacy Policy for the full breakdown.

No. Sentinel uses passive event-driven hooks, CoreMediaIO, CoreAudio, IOKit notifications, and IOBluetooth callbacks, rather than CPU polling. It consumes negligible resources when nothing is happening.

All approved and blocked lists are stored in the macOS Keychain using data-protection encryption, not in UserDefaults or plain files. Only Sentinel can read them, and they never leave your device.

Never. Sentinel only detects when another app activates your camera or microphone. It does not capture, record, or process any audio or video. It is an access control layer, not a recording tool.

Sentinel hooks into CoreMediaIO (camera) and CoreAudio (microphone) the low-level Apple frameworks that manage all capture hardware on macOS. When any app activates either sensor, Sentinel intercepts the event in under 500ms and identifies the responsible process by PID and bundle ID.

It adds the app to your approved list and allows it immediately. From that point on, the app can access your camera or microphone silently, no prompt, no alert. You can review and revoke approvals at any time from the Camera or Microphone tabs.

It adds the app to your blocked list and kills its process immediately. The next time that app tries to access your camera or microphone, Sentinel terminates it instantly, before any audio or video can be captured. No alert is shown, no confirmation required. Approved and blocked lists are mutually exclusive.

The moment a USB device connects, Sentinel shows an approval prompt with the device name, manufacturer, and vendor/product ID. You can Approve & Remember it (connects silently from now on) or Block Always (ejected automatically every time it reconnects). Dismissed prompts ask again next time.

Sentinel force-unmounts any associated volumes and ejects the device. On every future reconnect, it is ejected automatically, silently, with no prompt. Blocking is based on the device's vendor ID and product ID, so the same make/model of device is always blocked regardless of which USB port it uses.

Yes. Open the USB tab in Sentinel, find the device in the Permissions list, and use the menu (⋯) to flip it from blocked to approved, or remove the rule entirely so it prompts again next time.

Every time a Bluetooth device connects for the first time this session, Sentinel shows a prompt with the device name and type. Choose Allow & Remember to whitelist it permanently, or Block to disconnect it immediately and block it on every future connection.

Sentinel calls the IOBluetooth disconnect API immediately. On every subsequent connection attempt, the device is disconnected automatically with no alert. Blocking is keyed to the device's Bluetooth address, so renaming the device does not bypass the block.

No. On first launch, Sentinel snapshots all currently connected Bluetooth devices and marks them as "seen." They will not trigger an approval prompt. Only devices that connect fresh after Sentinel is running will prompt for approval.

Yes. Sentinel is a menu bar app. Closing the main window does not stop monitoring, all sensors remain active, blocking and approvals still work, and alerts still appear. You can reopen the main window at any time from the menu bar icon.

Open Sentinel → go to Settings → toggle Require Touch ID to open. From that point, every time the main window opens it requires Touch ID or your Apple Watch before showing your data. Background monitoring and blocking are unaffected, the lock only applies to the UI.

When enabled, disabling any monitoring service from the menu bar requires Touch ID or your Apple Watch first. This prevents someone with brief physical access to your Mac from quietly turning off camera or mic monitoring without your authentication.

The Network tab lists every active TCP and UDP connection on your Mac, grouped by process. For each connection you can see the local port, remote IP, resolved hostname, connection state, and live traffic bytes. You can also kill any process directly. The Net Tools tab adds a LAN scanner, ping/traceroute, port scanner, and bandwidth monitor.

You can add Sentinel to your Login Items via System Settings → General → Login Items. Sentinel does not add itself automatically, you remain in control of when it runs.