Skip to main content
Continuum is a local-first tool. The vast majority of its data never leaves your Mac. This page enumerates every egress path in a default install. The full privacy documentation is at docs/privacy.md.

What leaves your machine

There are exactly five categories of network egress from a default Continuum install.
When the Cloudflare relay path is used (secure-cloud pairing mode), the Mac daemon and paired iPhone exchange frames through a Cloudflare relay Worker.The Worker sees:
  • Opaque XChaCha20-Poly1305 encrypted bytes — it cannot decrypt them.
  • A short header: protocol version, sender role (mac or ios), envelope type.
  • TCP/TLS metadata: source IP, timing, byte counts.
  • The session ID presented at WebSocket open.
The Worker does NOT see chat messages, code diffs, plan text, approval decisions, or anything else inside the envelope. The symmetric key is derived inside your devices; the Worker never holds it.When using local/Tailscale transport instead, no relay is involved.
When the Mac sends a plan-approval push notification to the iPhone, it goes through a Cloudflare APNS gateway Worker that holds the operator’s Apple .p8 signing key.The gateway sees:
  • The SHA-256 hash of the iPhone’s APNS device token (the raw token is hashed before any storage or log write).
  • The byte size of the encrypted payload.
  • Push delivery metadata: Apple’s response status, the apns-id UUID, timestamp.
The gateway does NOT see the notification body. The body is sealed with the per-pairing symmetric key; only your iPhone can decrypt it. The raw device token is never persisted; only its hash is stored.
Continuum ships a pricing snapshot at apple/ClawdmeterShared/Sources/ClawdmeterShared/Analytics/pricing.json. Refreshing it (./tools/refresh-pricing.sh) fetches the latest pricing data from LiteLLM’s public GitHub URL. This is a one-way read-only HTTPS request with no body and no unique identifier beyond a standard User-Agent and your IP.A weekly GitHub Action automates this refresh in the repo. Users who never run refresh-pricing.sh locally never make this request.
Continuum integrates five provider runtimes as child processes. Each runtime owns its own network egress. Continuum does not proxy or inspect their traffic.
ProviderEgress owner
claude CLIAnthropic
codexOpenAI
opencode serveYour configured OpenRouter / Anthropic / OpenAI upstream
cursor-agentAnysphere
agy (Antigravity)Google
Each provider has its own privacy policy. Uninstalling a provider CLI removes its egress entirely without affecting Continuum.
The Mac app uses Sparkle to check the GitHub Pages appcast at https://darshanbathija.github.io/Continuum/updates/appcast.xml. This transmits your IP and standard HTTPS metadata.It does NOT transmit any device identifier, install ID, session token, chat content, or repo paths. You can disable automatic checks in Settings → Updates, or firewall the Pages URL.

What stays local

The following data is on your Mac and crosses no network boundary Continuum controls:
  • Chat transcripts. Live and historical content lives in per-session JSONL files under ~/.claude/projects/, ~/.codex/, ~/.local/share/opencode/, and analogues. Continuum parses them for display and analytics but does not exfiltrate them.
  • Code diffs. The diff workbench reads from local git checkouts.
  • Repo paths and worktrees. All local. Repo identity normalization runs on-device.
  • Session metadata. Session IDs, model selections, terminal pane IDs, archive flags — all local in sessions.json.
  • Usage rollups. The analytics cache at ~/Library/Application Support/Clawdmeter/analytics-cache.json is local.
  • Keychain entries. Per-provider tokens and Continuum’s pairing bearers live in your macOS Keychain.

No Continuum telemetry

Continuum has no telemetry, no analytics events, no crash reporters, no tracking SDKs, and no account system. There are no cookies, no localStorage, and no third-party trackers. The app is native macOS/iOS/watchOS with no embedded analytics web views.

Deleting your data

Your data is local files. To remove it:
LocationContents
~/Library/Application Support/Clawdmeter/Analytics cache, session registry, pairing state, attachments staging, outbox, workspace store
~/.clawdmeter/Audit logs, autopilot trust list
~/.claude/projects/Claude JSONL transcripts (shared with Claude Code; deleting affects Claude Code too)
~/.codex/sessions/Codex JSONL transcripts (shared with Codex CLI)
Uninstalling the Mac app removes Continuum.app. Delete the above directories manually to remove all associated data. The relay operator holds audit metadata (hashed identifiers, byte counts) for up to 90 days by KV TTL.

GDPR / CCPA

Continuum holds no named user records on any server. The relay and APNS gateway operators hold only the metadata enumerated above (hashed tokens, byte sizes, IP-level metadata). Right to deletion for local data is exercised by deleting the files listed above. Session orchestration history can be deleted per-session from within the app.