Privacy Policy

Last updated: April 5, 2026

Summary

CopySafe does not collect, store, or transmit your clipboard data to any server. All data stays on your devices. Sync happens directly between your devices over your local network with end-to-end encryption.

1. Data We Do NOT Collect

  • Clipboard content (text, images, files)
  • Browsing history or app usage patterns
  • Personal information, contacts, or messages
  • Location data
  • Device identifiers for tracking purposes

2. Data Storage

All clipboard data is stored locally on your device in an SQLite database within the App's sandboxed container (iOS) or App Group container (macOS). Data is never uploaded to any cloud service by default.

Optional iCloud Sync: If enabled, clips (excluding sensitive content) may sync via your personal iCloud account using Apple's CloudKit. This data is protected by Apple's privacy and encryption policies. Sensitive clips are never sent to iCloud.

3. LAN Sync

CopySafe can sync clipboard data between your devices over your local WiFi network using Bonjour (mDNS). This sync is:

  • Direct: Data travels directly between your devices, never through our servers
  • Encrypted: All data is encrypted with AES-256-GCM
  • Authenticated: Devices are paired using SPAKE2 protocol or iCloud Keychain auto-trust
  • Anti-replay: Per-message sequence counters prevent replay attacks

4. Sensitive Data

CopySafe automatically detects sensitive content (OTP codes, API keys, credit card numbers, passwords). Sensitive clips:

  • Are marked with a visual indicator
  • Auto-expire after a configurable time (default: 5 minutes)
  • Are never sent to iCloud
  • Are automatically excluded from password manager clipboard entries (1Password, Bitwarden, KeePassXC, Dashlane, LastPass)

5. Analytics

CopySafe does not currently include any analytics or telemetry. We do not track how you use the App. If analytics are added in the future, they will be opt-in and use privacy-respecting services.

6. Third-Party Services

  • Apple App Store: iOS purchases are processed by Apple under their privacy policy
  • Paddle: macOS purchases are processed by Paddle (Merchant of Record) under their privacy policy. Paddle collects billing information necessary to process payments
  • Apple CloudKit: Optional iCloud sync uses Apple's infrastructure under their privacy policy

7. MCP Server

The MCP Server (Pro feature) runs locally on your Mac and is accessible only via localhost. It requires Bearer token authentication. No data leaves your machine through the MCP Server unless you explicitly configure external access.

8. Children's Privacy

CopySafe is not directed at children under 13. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date.

10. Contact

If you have questions about this Privacy Policy, contact us at support@copysafe.app.