What Tokenomics touches, and what it doesn't.

What Tokenomics accesses

Tokenomics reads authentication credentials stored locally on your Mac by the AI tools you have installed. It never asks you to paste credentials it could have read automatically; it only asks for an API key for providers that don't have a CLI.

• Anthropic (Claude Chat · Claude Cowork · Claude Code) — OAuth token from macOS Keychain (Claude Code-credentials)
• OpenAI (ChatGPT · Codex · DALL-E · Sora) — OAuth token from ~/.codex/auth.json
• Google (Gemini · Nano Banana · Veo) — OAuth credentials from ~/.gemini/oauth_creds.json
• GitHub Copilot — OAuth token via the gh CLI
• Cursor — session token from Cursor's local config
• Stability AI, Runway, ElevenLabs — API keys you paste into Tokenomics, stored in the macOS Keychain

These credentials are read into memory as needed and are never written to disk by Tokenomics, logged, or transmitted anywhere other than to the provider endpoints below.

Network calls Tokenomics makes

Tokenomics only makes outbound API calls to the provider endpoints that own your usage data:

OpenAI and Google usage data is read from local CLI session files — no network calls are made for those providers. Midjourney, Suno, and Udio currently ship as placeholder tiles; Tokenomics does not read credentials or make network calls for them.

Update checks

Tokenomics also checks for app updates via Sparkle, which contacts:

About this website

The Tokenomics app and the marketing website at trytokenomics.com are separate things, and they have different (but both narrow) data footprints. Everything above this line is about the app. Everything in this section is about the website.

The site is hosted on Cloudflare Pages. Cloudflare provides standard server-side request analytics — visit counts, top pages, country breakdown — drawn from request headers as the page is served. There is no client-side tracking script, no cookies, no fingerprinting, no third-party SDKs loaded in the page.

We also count download requests so we can estimate how many people are using Tokenomics. When you click a download button (or run brew install rob-stout/tap/tokenomics), the request goes through trytokenomics.com/download/..., which records a single row before redirecting you to the actual .dmg file on GitHub. The row contains:

• Timestamp (UTC)
• Version requested (e.g. 2.8.7)
• Channel — web, brew, or other (a coarse bucket from the request's User-Agent; the User-Agent string itself is not stored)
• Country code (ISO-2, from Cloudflare's CF-IPCountry header)

What we do not store: IP addresses, User-Agent strings, cookies, referrers, anything that could identify you. The download counter is one anonymous row per download. Aggregates live in a Cloudflare D1 database that only the author can query.

What the Tokenomics app does NOT do

• No analytics or telemetry of any kind from inside the app
• No third-party SDKs
• No data collection, aggregation, or transmission to any server controlled by the author
• No tracking of how you use the app
• No crash reporting

Data retention

Tokenomics holds your credentials and usage data in memory while the app is running. When you quit Tokenomics, all data is discarded. Nothing is persisted to disk by Tokenomics.

Changes to this policy

If this policy changes, the updated version will be published in the GitHub repository with a new effective date. Significant changes will be noted in the release notes.

Contact

Questions about this policy: [email protected]