Last updated: 17 May 2026
Nothing. Throwit runs entirely on your Mac, against servers you control. No telemetry, no analytics, no crash reporting, no remote logging. Your hostnames, SSH keys, files, and transfer history never leave your machine.
~/.throw/settings.json — your host configurations (hostnames, ports, usernames, optional paths to identity files, optional S3 credentials). Plain text by design so dotfile management works.~/Library/Containers/ai.baeum.throw/Data/.throw/settings.json.Throwit initiates network connections only to the hosts you configure. It uses the macOS Network framework for TCP reachability probes (one TCP SYN every 30 seconds per host) and the appropriate transfer protocol (SFTP via Citadel/swift-nio-ssh, FTP via Network.framework, or S3 via URLSession) for actual transfers.
Throwit does not contact ddok.ai or any third-party server during normal operation. There is no auto-update beacon.
If you configure S3 hosts, Throwit connects directly to your S3 endpoint (AWS, MinIO, Backblaze B2, Cloudflare R2, etc.) using credentials you provide. Throwit never proxies traffic through ddok.ai.
com.apple.security.app-sandbox — enabled.com.apple.security.network.client — required for transfers and reachability.com.apple.security.files.user-selected.read-write — to access files you drag in and SSH keys you explicitly pick via the system file panel.com.apple.security.files.bookmarks.app-scope — to remember the SSH identity file you selected, across launches.Throwit is a developer utility and is not directed at children under 13.
Questions or requests: [email protected].
Any change to this policy will be published on this page with a new “Last updated” date. Material changes — for example, adding any kind of telemetry — would also be announced in app release notes.