Local-first · Privacy

Why our Mac apps never talk to a server

Most software asks for a small leap of faith. You open a document, and somewhere between "open" and "done" your file may have been sent off to be processed, indexed, or synced — usually for good reasons, occasionally for reasons in a privacy policy you didn't read. For a holiday photo, fine. For a contract, a medical form, a company spreadsheet, that quiet round trip is exactly the part you'd want to know about.

The TruePath apps are built the other way around. They run entirely on your Mac. No cloud, no account, no telemetry — and they keep working with the Wi-Fi off. This is a note on what that actually means, and, more usefully, how you can check it instead of trusting us.

What "runs on your Mac" means here

It's easy to say and easy to fudge, so here's the specific version. There's no sign-up, because there's no server keeping an account for you. Your files aren't uploaded, because the app does its work locally — reading a PDF, evaluating a spreadsheet, rendering a frame all happen on your own processor. Nothing phones home to count what you did. And because none of the core work depends on a network, the apps run the same on a plane as they do at your desk.

Why you shouldn't take that on faith

"We respect your privacy" is the most over-used sentence in software, and you can't audit a sentence. So we did the thing that's harder to fake: we open-sourced the engines.

The document cores behind TruePath Office and TruePath PDF are published as open-source MCP servers under the MIT license — the same code that does the parsing inside the apps. You can read exactly what they do with a file, or run one and watch that it opens no connections. When the claim is "nothing leaves your Mac," being able to read the source is worth more than any badge on a marketing page.

Two of the apps also expose that engine to AI agents over MCP, so tools like Claude or Cursor can work on your documents locally. We wrote about that for Office and PDF — and in both cases the server makes no network calls, which is the whole reason it's safe to hand your files to.

Cautious by default

Handing any app more power should be a decision you make, not a default you discover. TruePath Recorder is the clearest example: its AI control is off until you switch it on, you opt in per agent, and when it is on, the local bridge listens on 127.0.0.1 only, behind a token that's regenerated every launch. Nothing off your machine can reach it, and it can only do what the app's own buttons do. The pattern across the apps is the same — the private, local behaviour is the default, and anything with more reach is something you turn on deliberately.

The short version

Keeping everything on-device is a constraint we chose, not a feature we bolted on. It rules out some conveniences — there's no magic cross-device sync waiting in the cloud — and we think that's the right trade when the thing being kept private is your own work. If you'd rather verify than trust, the source is right there.

A couple of questions people ask

Does anything get uploaded?
No. The apps run locally — no cloud, no account, no telemetry — and work offline.

How can I verify it?
Read the open-source engines (MIT), or watch your own network while the apps run. The AI features are off by default and opt-in.

Your work stays yours.

Native Mac apps for recording, PDF, documents, and animation — built to run on your Mac, with the engines open-sourced so you can check.

Explore TruePath