Trust
Your code never
leaves your machine.
wyrm is a native, local-first desktop app. It reads and writes the repositories already on your disk — and that’s where they stay.
Your code never leaves your machine
wyrm runs on your Mac and operates directly on your local jj and git repositories. It does not upload, mirror, or sync your source code, commit contents, diffs, or history to any server. There is no “wyrm cloud,” and there never will be.
When you push or fetch, wyrm talks to whatever remote you configured — your own GitLab, GitHub, or self-hosted host — exactly like the command line would. Nothing routes through us.
No tracking
The app ships with no telemetry by default. It does not phone home to count your keystrokes, watch what you click, or report which repos you open.
The website uses Plausible — cookieless, privacy-focused analytics that collects no personal data and does no cross-site tracking. The only cookie we set is a session cookie that keeps you signed in to the account area. That’s it.
Where your data lives
If you create an account, here’s everything we store and who processes it. All primary data sits in the EU region. See our privacy page for the full processor detail.
| What’s stored | Why | Processor |
|---|---|---|
| Email address | Identifies your account; sign-in and receipts | Supabase (EU) |
| Authentication | OAuth identities and magic-link sessions | Supabase (EU) |
| Subscription & billing records | Plan status, invoices, payments | Stripe |
| Security audit log | Sign-ins and account changes, so you can spot anything unexpected | Supabase (EU) |
| Website hosting & delivery | Serves the site and account area | Cloudflare |
| Cookieless analytics | Aggregate page views, no personal data | Plausible |
| Transactional email | Magic links and account notices | Resend |
We don’t sell your data, and we don’t share it beyond the processors needed to run the service.
Account & app security
Sign in the way you already trust — OAuth with Google, GitHub, or GitLab, or a passwordless magic link to your email. There’s no password for us to leak.
The macOS app is signed with an Apple Developer ID and notarized by Apple, so Gatekeeper recognizes it as coming from us. Auto-updates are cryptographically signed: the app verifies each update’s signature before installing, so a tampered or spoofed build won’t run.
Reporting a vulnerability
Found something? Please tell us. Email security@wyrmflow.com with the details and steps to reproduce.
We support good-faith security research: if you make a genuine effort to avoid privacy violations, data destruction, and service disruption while investigating, we won’t pursue legal action against you. We aim to acknowledge reports within a few business days and will keep you posted as we work on a fix.