// legal

Privacy Policy

Last updated: February 2026  ·  Effective immediately

// tldr

Sentinel collects zero data about you. Everything it sees stays on your Mac. There are no servers, no analytics, no accounts. Full stop.

// 01

What Sentinel Does Not Collect

Sentinel does not collect, transmit, or store any data on external servers — because there are no external servers. The app has no outbound network requests of its own.

  • No analytics or usage statistics
  • No crash reports sent anywhere
  • No app usage tracking or telemetry
  • No device identifiers or fingerprinting
  • No account creation or registration required
  • No advertising SDKs or third-party libraries

// 02

What Stays On Your Device

Everything Sentinel monitors is stored locally in a CoreData database on your Mac. This includes:

  • Camera and microphone access event logs
  • Network connection records (process, remote host, port)
  • USB and Bluetooth device connection history
  • Your whitelist and blocklist (stored in UserDefaults)
  • App Lock preference and seen-app history

None of this data ever leaves your machine. It is never uploaded, synced, or shared.

// 03

Permissions Explained

Sentinel requests certain macOS permissions to do its job. Here is exactly what each one is used for — and what it is not used for.

  • Local Network — to enumerate active TCP/UDP connections via the system network stack. Sentinel reads connection metadata only; it does not intercept packet content.
  • Microphone (monitoring) — to detect when any app activates the microphone hardware via CoreAudio. Sentinel never records audio.
  • Camera (monitoring) — to detect when any app activates the camera via CoreMediaIO. Sentinel never captures video or images.
  • Bluetooth — to list connected and newly paired Bluetooth devices. No data is read from the devices themselves.
  • Accessibility / No Sandbox — Sentinel runs without the macOS sandbox to enable low-level process inspection (identifying which app is using which sensor). This access is used exclusively for monitoring, never for control or data exfiltration.

// 04

Your Data, Your Control

You own everything Sentinel records. You can clear all event history from within the app at any time. Uninstalling Sentinel removes all stored data — there is nothing left behind on any server, because there are no servers.

The Touch ID app lock protects your threat data from other users of your Mac. Biometric data is handled entirely by macOS LocalAuthentication — Sentinel never sees or stores your fingerprint or face data.

// 05

No Third Parties

Sentinel contains zero third-party SDKs, analytics libraries, crash reporters, or advertising frameworks. The only external resources it loads are system fonts at runtime from Google Fonts (this website only — not the app). The macOS app itself makes no outbound connections.

// 06

Open Source

Sentinel is open source. You can read every line of code, verify these claims, and build it yourself. If you find something that contradicts this policy, please open an issue on GitHub.

github.com/sentinel-app/sentinel  ·  MIT License

// 07

Changes to This Policy

If this policy changes, the updated date at the top of this page will reflect it and changes will be noted in the app's release notes. Given the nature of the app — no data collection, no servers — there is very little reason for this policy to ever change.