Privacy Policy

Effective date: June 14, 2026

Sonar ("Sonar," "the app") is a macOS developer tool published by NYRAI LLC, a Massachusetts limited liability company. This Privacy Policy explains what data the app does and does not handle.

The short version: Sonar never sees your source code. Everything the app does happens entirely on your Mac. Your code is never uploaded, transmitted, collected, or stored anywhere off your machine.

What Sonar does

Sonar statically scans the source code of your own iOS and web projects on your computer and builds a dashboard of the external API calls, third-party SDK usage, and possible hardcoded secrets it finds. The scan is read-only — Sonar analyzes your code but never modifies it.

We never see your code

This is the core principle behind Sonar, so we want to be unmistakable about it:

100% on-device. All scanning and analysis run locally on your Mac. No part of your source code is sent to NYRAI LLC or to any third party.
No uploading or transmission. Sonar does not upload, transmit, sync, or back up your source code, project files, or scan results to any server, cloud service, or remote endpoint.
No telemetry. There is no analytics, no usage tracking, no crash reporting, no fingerprinting, and no advertising or marketing tracking of any kind.
No accounts. Sonar does not require — and does not offer — a user account, sign-in, or profile. We do not collect your name, email address, or any personal identifier through the app.

Where your data is stored

Scan results are stored only in a local SQLite database inside the app's user-data folder on your Mac. This data stays on your device and under your control. Deleting the app's data folder (or the app itself) removes this data.

When Sonar detects something that looks like a hardcoded secret (for example, an API key or token), the matched snippet is masked before it is written to the local database, and it is never transmitted off your device.

The only network connection

The app's behavior depends on how you obtained it:

Mac App Store edition: Sonar makes no network calls at all.
Gumroad / direct-download edition: The app makes exactly one kind of network request, and only when you activate your license. To confirm your purchase, Sonar sends your license key — and nothing else — to Gumroad's license-verification API. No source code, no scan results, no project data, and no personal information are ever included in this request.

That license-verification request is the only time Sonar contacts the internet, and it happens solely to validate a paid license.

Third-party data sharing

We do not sell, rent, trade, or otherwise share your data with third parties. Because your code and scan results never leave your machine, there is nothing for us to share.

When you activate a license in the Gumroad edition, your license key is processed by Gumroad solely to verify your purchase. That interaction is governed by Gumroad's own privacy practices. Sonar sends Gumroad nothing beyond the license key.

Children's privacy

Sonar is a developer tool intended for software professionals and hobbyists. It is not directed at children, and we do not knowingly collect any personal information from anyone, including children under the age of 13.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Effective date" above. Material changes will be reflected in the version distributed with the app and, where applicable, on the relevant product listing. Your continued use of Sonar after an update constitutes acceptance of the revised policy.

Contact

If you have questions about this Privacy Policy or Sonar's privacy practices, contact:

NYRAI LLC
26 Maple Way, Boylston, MA 01505
Email: [email protected]