Security

By default, everything you capture stays on your Mac. Screenshots and recordings are saved to a local directory you control.

• No cloud account required to use any feature.
• No data leaves your machine unless you explicitly upload it.
• History and metadata are stored in a local database, not synced anywhere.

Snapzy does not collect usage data, crash reports, or analytics by default. We do not track what you capture, when you capture it, or how you use the app.

• No Google Analytics, Mixpanel, or similar trackers.
• No silent network pings on launch.
• No unique device identifiers collected.

Snapzy is fully open source under the BSD 3-Clause license. You can inspect the code, build it yourself, and verify that it does exactly what it claims.

• Source code: github.com/duongductrong/Snapzy
• Build reproducible with Xcode and standard macOS SDKs.
• Community contributions and security audits are welcome.

Snapzy requests the minimum set of macOS permissions required for its features:

• Screen Recording — required for all capture modes. macOS shows a yellow indicator in the menu bar when recording is active.
• Microphone — optional, only if you enable audio in screen recordings.
• Accessibility — optional, improves window detection accuracy.

You can revoke any permission at any time in System Settings → Privacy & Security.

Snapzy runs inside the macOS App Sandbox with minimal entitlements. It cannot access files outside the areas you explicitly grant, and it cannot make arbitrary network connections.

• Screen Recording — the only entitlement that broadens sandbox scope, and it is required for the app to function.
• Secure file-access bookmarks — used to remember your chosen save folder across launches without requesting full disk access.

Snapzy makes only two kinds of network connections:

• Sparkle update checks — a lightweight HTTPS call to check whether a newer version is available. No usage data is sent.
• User-initiated cloud uploads — only when you manually upload to your own S3 or R2 bucket. No data is ever sent to third-party servers.

When you configure cloud upload, your credentials are stored exclusively in the macOS Keychain. Snapzy never writes them to plain files or syncs them to iCloud.

• Optional password — you can add an extra password inside Snapzy. It is SHA-256 hashed and never stored in plaintext.
• Encrypted export / import — transfer credentials to another Mac via a manual encrypted archive protected by a passphrase you choose.

Official releases are code-signed, but they are not notarized by Apple yet. On first launch, macOS may block the app. After dragging Snapzy to /Applications, run sudo xattr -rd com.apple.quarantine /Applications/Snapzy.app to allow it. If you build from source, the app will be unsigned unless you use your own Apple Developer certificate.