ALLYX ONE
Privacy by architecture

Your data stays on your Mac.

Every Allyx app for macOS does its work on your machine. No cloud step. No third-party AI. No ‘anonymous’ telemetry. The Mac you bought is fast enough — we lean on it.

The promise, in three lines

When you drop a file into an Allyx app, three things happen — none of them involve our servers:

  1. The work happens locally. OCR, transcription, classification, encryption, redaction — all on your CPU, GPU, or Neural Engine.
  2. The result stays on your disk. We don't hold it; we don't mirror it; we don't back it up ‘for safety’. It lands where you tell it to land.
  3. Nothing about your file leaves your Mac. Not the contents, not the filename, not ‘anonymised metrics about which features you used’.

That's the whole pitch. Everything below explains the mechanics and the proof.

The tech, in plain terms

Apple has been quietly building the on-device infrastructure for years. We compose it.

Apple Vision

On-device OCR for scanned PDFs, screenshots, and photos. Neural-Engine accelerated, multilingual, ships in macOS. Used by Scrub and Lens.

MLX

Apple's machine-learning framework, tuned for Apple Silicon. Runs embedding models, classifiers, and small language models directly on the Neural Engine. Used by Lens, Inbox Hygiene, and Scribe.

whisper.cpp

A fast, open-source port of OpenAI's Whisper that runs entirely on Apple Silicon. Used by Scribe for diarised transcription with timestamps.

Foundation Models

Apple's built-in on-device LLM. Used opportunistically for summarisation when available; every app still works without it.

The proof

‘Trust us’ isn't a privacy policy. Here's what you can verify.

A signed network manifest in every app

Every release ships with a manifest declaring every domain the app is allowed to contact, what each rule does, and which distribution channel it applies to. We sign it. We publish it. We don't change it without a release note.

A Privacy Ledger you can read

Every app exposes a Privacy Ledger pane that logs every outbound network call as it happens — when, where, why. Compare it against the manifest yourself.

Audits and a bug bounty

We invite third-party audits each quarter and publish the results. Found something off-manifest? File it — there's a bounty.

Run any Allyx app behind Little Snitch.

We claim the network manifest is the entire list. Test it. Install Little Snitch, use the app for a week, compare the connections it sees against the manifest. If you find anything off-manifest, that's a bug — file it and we'll fix it. There's a bounty.

What we give up

On-device is a trade-off. We took it intentionally. So you know what you're signing up for:

If those are deal-breakers, the apps aren't for you — and that's honest. If they read like features rather than limits, you're in the right place.

How is this different from the browser tools on this site?

Same promise, different machinery.

The 100+ browser tools on this site do the same kind of thing in your browser — PDF merging, image compression, QR generation — using Web Crypto, FFmpeg.wasm, Transformers.js, WebGPU. They're free, they're instant, they're great for one-off jobs.

The Mac apps go deeper. They integrate with Finder. They run in the background. They batch a folder of 500 files in one go. They use the Neural Engine. They live on your Dock. They keep working when your network is down.

Pick the web tool for a one-shot job in a hurry. Pick the Mac app for the work you do every week.

Browse the suite

Ten Mac apps, all on-device. The first one — Scrub — is in private beta now.

See every app Try Allyx Scrub