Privacy

Local by default. Network only when you ask.

SpinCat reads system metrics with first-party macOS APIs. There is no analytics, no telemetry, and no background network for system monitoring. The only outbound traffic comes from the AI usage feature you explicitly enable.

The short version

🏠

Everything stays local

CPU, GPU, memory, disk, and network are measured on-device and never leave your Mac.

🚫

No sudo or subprocess

No shelling out, no powermetrics, no PTY probing, no arbitrary subprocesses — ever.

📴

No analytics

SpinCat collects no usage data, sends no telemetry, and has no tracking of any kind.

🔐

Opt-in network

AI quota requests run only when you enable AI usage and turn on a specific provider.

What each metric uses

AreaWhat SpinCat usesWhat it avoids
CPU Mach host_processor_info tick deltas ps, process ranking
GPU IOKit IOAccelerator known utilization keys sudo, powermetrics, full IORegistry dumps
Memory host_info, host_statistics64, pressure/swap sysctl top, per-process memory
Disk Root volume capacity, IOKit storage byte counters SMART, full mount path / UUID logging
Network SystemConfiguration interface, getifaddrs counters Public IP, ping, SSID / IP logging
AI usage URLSession quota/OAuth for enabled providers, localhost callback Provider CLIs, PTY probing, arbitrary subprocesses

How credentials are stored

  • ChatGPT/Codex, Claude, and Antigravity OAuth use SpinCat-managed local credential files.
  • Copilot tokens and API keys are stored in the macOS Keychain.
  • Cursor is read through a security-scoped bookmark you approve, or another allowed local source.
  • The quota cache stores display-only snapshots — never tokens or secrets — and restores them as stale.

Sandboxed & transparent

SpinCat runs inside the App Sandbox. Entitlements are limited to a network client for optional AI quota and OAuth, plus a localhost server for OAuth callbacks. It ships with a privacy manifest and declares that it uses no non-exempt encryption.