PTY content stays local
Terminal output is used inside the app for rendering, error detection, and optional local diagnostics.
Privacy
Tokenburner treats terminal output, screenshots, file paths, project metadata, and cost data as sensitive local data.
Terminal output is used inside the app for rendering, error detection, and optional local diagnostics.
Screenshot bytes remain on the machine unless the user deliberately shares or routes them.
Token and dollar estimates are local app data, not remote analytics. Cost history/export remain Pro-path work, not shipped public telemetry.
The MCP server binds to localhost and every cross-pane action requires a grant.
The desktop app has no analytics package or hidden phone-home path.
Sentry is optional and configured to scrub paths, hostnames, and IP addresses.
The app can activate minisign-signed license keys without phoning home. Checkout and license delivery run through separate Cloudflare Worker routes.
Outbound network
The desktop app does not ship an analytics SDK. User-initiated downloads, source links, local license activation, checkout, opt-in updater checks, and opt-in crash reports are separate, visible actions.