Legal

Privacy Policy

Last updated: May 11, 2026 · Plain language, no legalese.

The TL;DR

Cove doesn't track you, doesn't collect analytics, doesn't run any backend, doesn't sell anything to advertisers. Your sessions live entirely on your Mac, in a local database. The only network call the app ever makes is a daily check to a static XML file on this website to see if an update is available. The only personal data we ever see is the name, email, and country that Lemon Squeezy (our payment processor) passes us when you buy a license — so we can email you the license key.

What Cove (the app) stores on your Mac

Cove keeps everything in a local SwiftData database on your Mac. By default that lives under ~/Library/Application Support/com.alexbd.Cove/. Nothing is ever copied off your machine by Cove itself.

What we actually store per session:

  • Session metadata — name you chose, icon (SF Symbol), accent color, creation date, last-used date, total time you spent in it, restore count, pinned/unpinned, tags, the name of the macOS Focus Mode Shortcut you optionally linked, and a free-text description.
  • App state — for each app captured: its bundle ID (e.g., com.apple.Safari), display name, executable path, whether you marked it "essential" (never closed on switch), and an adapter-specific payload (see below for what each adapter captures).
  • Window state — for each window: frame (x, y, width, height encoded as a string), the macOS Space index, whether it was the main / minimized / fullscreen window, and the window title.
  • Tab state — for browsers: the URL and title of each tab plus its position; for Finder/Terminal: the filesystem path that was open (folder path, working directory).
  • Linked items — references to three kinds of external things you can choose to attach to a session: Reminders list IDs (resolved via EventKit), Apple Notes references (the applenotes://showNote?identifier=... URL you pasted), and Things task references (the things:///show?id=... URL you pasted). Cove never stores the contents — just the identifier needed to reopen them.
  • Switch events — a small log of session restores and auto-detect suggestions, used to make auto-detect smarter over time. Stays on your Mac.

What Cove does not store: the contents of your documents, the contents of browser tabs (only their URLs and titles), the contents of terminal output, the contents of your Reminders or Notes (only the IDs/URLs that let you reopen them), screenshots of your screen, or anything related to your typing, microphone, or camera.

What Cove sends over the network

One thing, period: an update check. Cove uses the Sparkle framework to fetch https://covemac.app/appcast.xml, a static XML file listing available versions, roughly once every 24 hours. The request includes the standard User-Agent that Sparkle sets (which contains your app version and macOS version) so we can decide whether to offer you an update. Nothing about your sessions, account, identifiers, or usage is transmitted. The file is served by Netlify and we don't read its access logs.

No analytics. No crash reporting. No telemetry. Cove contains zero third-party analytics SDKs (no Google Analytics, no Mixpanel, no PostHog, no Sentry, no Crashlytics, no Firebase). If Cove crashes, the OS may write a crash log to ~/Library/Logs/DiagnosticReports/ — that's standard macOS behavior and the file stays on your Mac unless you explicitly choose to send it to Apple or to us.

Logs. Cove writes diagnostic log lines to macOS's unified logging system (visible in Console.app) under the subsystem com.alexbd.Cove. These logs stay on your Mac and are never transmitted by Cove.

What permissions Cove asks for, and why

To capture and restore a workspace, Cove needs to read and influence the state of other apps. macOS gates this behind explicit permissions you grant once. These are the prompts you'll see:

  • Accessibility — required to read window positions, sizes, and active state via the macOS Accessibility API. Without it, Cove cannot capture where your windows are laid out.
  • Automation / Apple Events — required to send AppleScript commands to apps Cove integrates with (Safari, Chrome, Brave, Edge, Arc, Finder, Terminal, iTerm2, VS Code, Cursor, Xcode, Slack, Discord). macOS prompts you the first time Cove tries to script each app, per-app.
  • Reminders — required only if you choose to link a Reminders list to a session. Cove reads the list of your Reminders lists via Apple's EventKit so you can pick one. It does not read or modify the reminders themselves.
  • User-selected files — when you pick a file via macOS's open panel (e.g., to attach it to a session), Cove gets read/write access to that specific file only. Cove never enumerates your home folder.

Cove is not sandboxed (this is why it isn't on the Mac App Store — the App Store sandbox forbids the AppleScript automation Cove relies on to restore tabs and windows). You can revoke any of the above at any time in System Settings → Privacy & Security.

Which apps Cove interacts with, and how

Cove only "talks to" apps you actually use in a session. The integrations are:

  • Browsers (Safari, Chrome & Beta/Canary, Brave, Edge, Arc) — reads the list of open tabs (URL + title) and window positions via AppleScript; restores tabs by issuing AppleScript commands.
  • Finder — reads paths of open folder windows via AppleScript; restores them by opening the paths again.
  • Terminal & iTerm2 — reads window titles and TTYs via AppleScript, then resolves the working directory by running lsof and ps on the local TTY (no network involved). Restores by opening new tabs with a cd command.
  • VS Code, VS Code Insiders, Cursor — reads the list of recently opened workspaces by parsing each editor's local config file (~/Library/Application Support/Code/User/globalStorage/storage.json and equivalents). Cove does not open, parse, or transmit your source code.
  • Xcode — reads the set of currently open project/workspace documents via AppleScript; restores them with the open command.
  • Slack — reads the active workspace from the window title and resolves the team ID by parsing Slack's local JSON config (~/Library/Application Support/Slack/storage/*.json) so it can reopen the right workspace via the slack:// URL scheme. Cove does not read your messages.
  • Discord — reads the visible window title to identify the active server/channel; restores via the discord:// scheme when possible.
  • Reminders — reads the list of your Reminders lists via EventKit (with your consent) so you can attach one to a session.
  • Apple Notes & Things — Cove only stores the URL you paste in (applenotes://showNote?identifier=... for Notes, things:///show?id=... for Things) and reopens it on restore. It never reads the content.
  • Shortcuts — when a session has a Focus Mode shortcut linked, Cove invokes the Shortcuts app via the standard shortcuts run command to trigger your Focus Mode. Nothing else is sent or received.

For any app not in this list, Cove falls back to a generic adapter that captures the window's title and bounds via the Accessibility API and reopens the app on restore — no AppleScript, no content access.

iCloud sync

iCloud sync is not currently active in Cove. The code that initializes the local database explicitly opts out of iCloud (the line cloudKitDatabase: .none in our model container setup). Your sessions never reach Apple's CloudKit infrastructure today.

iCloud sync is a feature we may ship in a future version (it's listed as "coming soon" on the pricing page). If we do ship it, it will be:

  • Opt-in — off by default, you choose to enable it in Settings.
  • Through your private CloudKit container — Apple encrypts and syncs your data between your own Macs. Cove (the company) never sees your data; Apple does the syncing under our declared schema.
  • Reversible — you can disable sync and your local data stays intact.

We'll update this Privacy Policy and notify you when (and if) sync ships.

What this website (covemac.app) collects

Hosted on Netlify. The site is fully static — no cookies set by us, no analytics scripts, no fingerprinting, no third-party trackers. Netlify's edge infrastructure logs basic HTTP requests (IP, user agent, requested URL, timestamp) which they retain for short periods to operate the service. We don't access or analyze those logs.

If we add basic privacy-respecting analytics in the future (Plausible, Fathom, or similar), we'll update this page and call it out clearly. We will never use Google Analytics or any tracker that profiles individuals across sites.

What we receive from your purchase

When you buy a Cove license, the transaction is handled by Lemon Squeezy, which acts as the Merchant of Record. They handle payment processing (via Stripe under the hood), tax collection across jurisdictions, refund disputes, and fraud prevention.

What Lemon Squeezy passes to us: your name, email address, and country. That's it. We use this to:

  • Deliver your license key by email
  • Send you product update emails (you can opt out anytime — there's an unsubscribe link in every email)
  • Process refunds and support requests

We do not see, store, or process your payment information (credit card, billing address). That stays with Lemon Squeezy and Stripe. See Lemon Squeezy's privacy policy for what they collect.

Once license validation is wired into the app (a planned feature for the post-launch period), Cove will call Lemon Squeezy's license API to verify your key on activation. That single request contains your license key and a machine identifier — nothing else. We will update this policy when that ships.

How long we keep your data

Your purchase record and email address are kept for the lifetime of your license, plus a 7-year retention period required for tax/accounting purposes under French law. After that, they're permanently deleted.

If you request a refund, we delete your record from our active list immediately upon refund issuance, except for the tax-required retention noted above.

Your rights

Under GDPR (and similar laws in California, the UK, and elsewhere), you have the right to:

  • Request a copy of all data we hold about you
  • Have it corrected if it's wrong
  • Have it deleted (with the tax-retention caveat)
  • Withdraw consent for marketing emails (just unsubscribe — no need to email us)

To exercise any of these, just email alexandre.bonnegardedelisle@gmail.com with your purchase email. I'll respond within 14 days, usually within 48h.

If you'd like to delete the data Cove stores on your own Mac, just delete the folder ~/Library/Application Support/com.alexbd.Cove/ and trash the app. There's nothing remote to clean up.

Changes to this policy

If I make material changes, I'll update the "Last updated" date at the top, and if you've purchased a license, I'll send you an email summarizing what changed. Minor wording fixes happen silently.

Contact

Cove is operated by Alexandre Bonnegarde-Delisle, registered as a micro-entrepreneur in France (SIRET on request). For privacy questions, contact alexandre.bonnegardedelisle@gmail.com.

← Back to Cove