PTY content stays local
Terminal output is used inside the app for rendering, error detection, and optional local diagnostics.
Privacy
Your agent workstation should not watch you work.
Tokenburner treats terminal output, screenshots, file paths, project metadata, and cost data as sensitive local data.
Screenshots stay local
Screenshot bytes remain on the machine unless the user deliberately shares or routes them.
Cost data stays local
Token and dollar estimates are local app data, not remote analytics.
MCP is loopback only
The MCP server binds to localhost and every cross-pane action requires a grant.
No telemetry SDK
The desktop app has no analytics package or hidden phone-home path.
Opt-in crash reports only
Sentry is optional and configured to scrub paths, hostnames, and IP addresses.
Outbound network
Default installs do not include analytics.
The desktop app does not ship an analytics SDK. User-initiated downloads, source links, future license activation, opt-in updater checks, and opt-in crash reports are separate, visible actions.
Website visits are different from desktop telemetry. This static site
should stay free of marketing trackers and runtime third-party scripts.