Privacy Policy
Last updated June 2026
Sorty does not collect telemetry, analytics, or personal data. Your files stay on your Mac. When you use a cloud AI provider, only file names and metadata are sent for analysis — never file contents unless you explicitly enable Deep Scan. Your Learnings profile is encrypted with AES-256 and protected by Touch ID or Face ID.
1. Overview
Sorty ("the App") is a native macOS application published by the Sorty open-source project and licensed under the GNU General Public License v3.0. This Privacy Policy explains how the App handles information when you use it.
Sorty is built privacy-first. The App runs entirely on your device, within the macOS App Sandbox, and is designed so that the smallest amount of information necessary leaves your computer — and only when you choose a cloud-based AI provider. We do not operate any servers that process your files or personal data.
2. Data We Collect
We do not collect, transmit, or store any telemetry, usage analytics, crash reports, or personal data. There is no Sorty account, and we have no database of user information.
The following is handled locally on your device only:
- Organization History — records of operations (file paths and metadata), stored locally and not encrypted.
- Settings & preferences — stored in standard macOS UserDefaults.
- Watched Folders — stored as macOS security-scoped bookmarks so access persists across restarts.
- Exclusion rules, personas, and naming presets you create.
3. AI Providers & Your Files
Sorty is provider-agnostic. You choose which AI provider (if any) analyzes your files, and you can switch or disable providers at any time in Settings → AI Provider.
What is sent to cloud providers
When using a cloud-based provider (for example OpenAI, Anthropic, Google Gemini, Groq, OpenRouter, or GitHub Copilot):
- File names and metadata are sent for analysis so the model can suggest a folder structure.
- File contents are NOT uploaded unless you explicitly enable Deep Scan. Deep Scan uploads small content excerpts and should only be enabled for files you are comfortable analyzing remotely.
- All traffic occurs over HTTPS with TLS 1.2+.
- API keys are stored in the macOS Keychain, never logged, and never transmitted outside your chosen provider's endpoints.
For maximum privacy, use a fully on-device provider. Ollama processes everything on your machine, and Apple Foundation Models run on-device via Apple Intelligence (requires macOS 15+). With these options, no file information leaves your Mac.
When you use a third-party AI provider, that provider's own privacy policy and terms apply to the data you send. We encourage you to review the policies of your chosen provider, for example OpenAI and Anthropic.
4. Local Storage & Encryption
- The Learnings Profile — the data Sorty uses to adapt to your style — is stored with AES-256 encryption and protected by Touch ID or Face ID.
- API keys are stored in the macOS Keychain.
- Privacy Mode (enabled by default) blurs sensitive handles until you hover and hides API keys behind a manual reveal toggle — useful for screensharing or streaming.
- Privacy Path Masking redacts usernames from file paths shown in the UI and logs.
5. Network & Update Checks
- The App checks for updates by fetching version data from the GitHub Releases API over HTTPS. Update checks run on app launch (at most once per 24 hours) or manually via the menu.
- No telemetry or analytics are included in these or any other requests.
- You can disable automatic update checks in Settings → Updates → Manual only.
6. Sandboxing & Permissions
Sorty runs within the macOS App Sandbox with the following entitlements:
- User-selected file access (read/write) for folders you explicitly grant.
- Network access for AI provider APIs and update checks.
- No system-level access outside the sandbox.
You grant folder access through macOS security-scoped bookmarks. You can revoke access at any time by removing a folder from the Watched list or in macOS System Settings.
7. Third-Party Services
Sorty integrates with the following third-party components and services, each governed by their own policies:
- Sparkle Framework — handles secure in-app updates.
- AI providers — each has its own security and privacy policy (see above).
- GitHub — hosts releases and the update feed.
Releases are not code-signed with an Apple Developer certificate. You may verify integrity by building from source or checking release notes. See SECURITY.md for full details.
8. Children's Privacy
Sorty is a general-purpose developer and productivity tool and is not directed at children under 16. We do not knowingly collect personal data from anyone. The App collects no personal data regardless of age.
9. Your Rights & Controls
Because Sorty stores everything locally and collects nothing, you are always in control:
- Delete your data — use Settings → Troubleshooting → Delete All Data to wipe usage history, watched folders, and local caches.
- Reset everything— "Reset All Settings" returns you to the onboarding experience.
- Use on-device AI — choose Ollama or Apple Foundation Models to keep processing on your Mac.
- Disable Deep Scan — keep file contents from ever leaving your device.
- Disable update checks — minimize network exposure.
10. Changes to This Policy
We may update this Privacy Policy as Sorty evolves. Material changes will be reflected in the Changelog and via in-app notifications. The "Last updated" date above indicates when this policy was last revised.
11. Contact
For privacy or security questions, please use GitHub's private vulnerability reporting or open a GitHub Discussion for general questions. For security reports specifically, see SECURITY.md.
© 2026 Sorty. Released under the GPL-3.0 license. Home · Terms · Changelog