Privacy Policy

The short version: Sidecontext doesn't collect anything. Your data stays on your Mac and in your iCloud.

No tracking, no analytics

No analytics. No crash reporting. No third-party SDKs. The app doesn't phone home.

What's stored on your Mac

• API tokens — stored in Keychain (macOS encrypted storage), sent only to the platforms you connect
• Project data — all entities, edges, notes, and lists stored in a local SwiftData database
• Folder access — bookmarks for folders you've granted access to

iCloud sync

If enabled, your data syncs across your devices via CloudKit. It's your private iCloud container — I can't see it, nobody else can. No code or file contents ever sync. API tokens stay in your local Keychain and are never synced.

Platform integrations

When you connect a platform, the app talks directly to that platform's API. No middleman server. Your token goes to the platform over HTTPS, nowhere else. Supported platforms:

• Git platforms — GitHub, GitLab, Bitbucket (repos, tech stack scanning)
• Hosting — Vercel, Railway, Hetzner (projects, deployments, servers)
• Databases — Supabase (projects, databases, edge functions)
• DNS & domains — Cloudflare, Namecheap, GoDaddy, Loopia (domains, DNS records)

Security scanning

Vulnerability checks query the public OSV.dev API with package names and versions. No source code is sent.

Domain lookups

Domain registration info is fetched via public RDAP servers. No authentication required, no personal data sent.

Git

The app runs your local git to check repo status. Read-only, except when you clone something to a folder you choose.

That's it

Sidecontext only talks to the platforms you explicitly connect, OSV.dev for vulnerability checks, public RDAP for domain lookups, and iCloud if you enable sync. Nothing else.

Questions? sidecontext@norrifran.se

Last updated January 2026