No analytics by default
The launch posture should remain no account, no analytics, and no crash reporting unless records say otherwise.
Launch View
Privacy
The privacy view keeps the local-first data posture visible before install.
Data collection, local storage, analytics, crash reporting, and third-party network use are visible before install.
Launch Surface
Local-first needs a visible data promise.
The privacy surface must stay concrete enough for a user to decide whether installing a direct Mac app is safe.
Local storage
Name local preferences and library state that may live on the user's Mac.
Third parties
Call out Homebrew, Sparkle/appcast, and browser requests as the relevant network surfaces.
Great Artists Steal
Borrow the trust packet, not the costume.
Make every product, procurement, proof, legal, support, status, and release surface visible before launch.
Surface
Make Privacy visible from the public site and the native app before a reviewer has to ask.
Source
Back the view with org privacy policy plus app privacy receipts, then project the same record into site and app.
Requirement
Data collection, local storage, analytics, crash reporting, and third-party network use are visible before install.
Launch Packet
Every buyer question gets a visible surface.
Vapor Wares launch views are shared records projected into the public site and native app. The site is not allowed to know more than the app, and the app is not allowed to hide launch trust state.
Home
Pass Desk
partial
Product catalog
Catalog
partial
App detail
Ware detail
partial
Feature pages
Feature inspector
partial
Pricing
Plan and use-event inspector
partial
Docs
Documentation links
partial
Changelog
Release history
partial
Customers
Curators and collaborators
partial
Security
Trust settings
partial
Status
System status
partial
Terms
Settings legal pane
partial
Privacy
Settings privacy pane
partial
Imprint
Publisher identity pane
partial
Support
Help and diagnostics
partial