Overseer

Privacy, Security & macOS Permissions

Learn how Overseer protects your privacy while monitoring system metrics, uses macOS security features, and gives you full control over your data

Macos
Last updated: February 16, 2026

Privacy, Security & macOS Permissions

Welcome to the Overseer privacy and security guide. This comprehensive resource explains how Overseer protects your system monitoring data while leveraging macOS security features to ensure your privacy remains intact. Understanding these features is essential for trusting that your system metrics stay private and secure.

The Privacy-First Promise

Overseer is built on a fundamental principle: your system data belongs to you. Unlike many monitoring tools, Overseer is designed with privacy as a core feature, not an afterthought.

What We Never Do

  • Never send system metrics to external servers
  • Never collect usage telemetry or analytics
  • Never require cloud accounts or subscriptions
  • Never track what applications you use or websites you visit
  • Never share your monitoring data with third parties

What We Always Do

  • Always keep monitoring data local on your Mac
  • Always request explicit permission before accessing system data
  • Always explain why each permission is needed
  • Always give you control over what gets monitored
  • Always use macOS-native security features

macOS Permission System: Your Gatekeeper

Why Permissions Matter

macOS requires explicit user permission for sensitive system access. This isn't a limitation—it's a feature that protects your privacy.

Essential Monitoring Permissions

System Monitoring Permission

Location: System Settings → Privacy & Security → System Monitoring
Required for: CPU, memory, GPU, and process metrics
Why needed: macOS prevents apps from monitoring system performance without explicit consent
What Overseer accesses: Real-time resource usage, process information, performance counters
What Overseer cannot access: Application content, personal files, browsing history

Files and Folders Permission

Location: System Settings → Privacy & Security → Files and Folders
Required for: Disk usage monitoring, I/O performance tracking, SMART status
Why needed: To monitor storage health without accessing personal files
What Overseer accesses: Disk capacity, read/write speeds, storage health metrics
What Overseer cannot access: File contents, documents, photos, personal data

Network Permission

Location: System Settings → Privacy & Security → Network
Required for: Network traffic monitoring, bandwidth usage tracking
Why needed: To measure network activity without inspecting content
What Overseer accesses: Bytes sent/received, connection status, interface information
What Overseer cannot access: Website URLs, email content, messages, encrypted data

Optional Permissions

Accessibility Access

Location: System Settings → Privacy & Security → Accessibility
Provides: Enhanced process monitoring and detailed application insights
Can be declined: Basic process monitoring works without this permission
Best for: Developers who need detailed application resource tracking

Screen Recording

Location: System Settings → Privacy & Security → Screen Recording
Not required for Overseer's core functionality
Only needed if: Using screenshot-based monitoring features (not currently implemented)

Data Handling: Local-Only Processing

Where Your Data Lives

Your Mac's Sensors → Overseer (Memory) → Visualizations → (Optional) Local Storage
                                     ↳ No Internet Connection

Memory Processing

  • Real-time metrics: Processed in RAM, never written to disk
  • Temporary storage: Cleared when Overseer quits
  • No persistent logs unless explicitly enabled by you

Historical Data Storage

  • Optional feature: Must be explicitly enabled in Preferences
  • Encrypted storage: Uses macOS data protection APIs
  • User-controlled retention: Set your own data retention period
  • Location: ~/Library/Application Support/Overseer/ (encrypted by FileVault)

Export Security

  • User-initiated only: Data never exports automatically
  • Format control: Choose CSV, JSON, or PDF
  • Destination control: You choose where exports are saved
  • No cloud upload: Exports stay on your local storage

Keychain Integration: Secure Storage

What Gets Stored in Keychain

While Overseer minimizes stored data, some information benefits from secure storage:

| Stored Item | Purpose | Security Level | |-------------|---------|----------------| | Dashboard layouts | Restore your preferred monitoring setup | 🔒 Medium | | Alert configurations | Remember your notification preferences | 🔒 Medium | | Export settings | Save frequently used export locations | 🔒 Low | | License information | Verify App Store purchase (if applicable) | 🔒 High |

What Never Gets Stored

  • ❌ System metric history (unless explicitly enabled)
  • ❌ Process names or application usage patterns
  • ❌ Network destinations or connection details
  • ❌ Personal identifiers or user information

Keychain Security Features

  1. AES-256 Encryption: All Keychain data encrypted at rest
  2. App Sandboxing: Overseer only accesses its own Keychain items
  3. User Isolation: Your data never accessible to other users
  4. Automatic Locking: Keychain locks when Mac sleeps

Privacy Controls in Overseer

Granular Monitoring Controls

Metric-Level Toggles

Enable/disable monitoring for specific system components:

  • CPU Monitoring: Per-core usage, temperature, frequency
  • Memory Monitoring: Usage, pressure, swap
  • Disk Monitoring: I/O, capacity, SMART status
  • Network Monitoring: Bandwidth, connections, traffic
  • GPU Monitoring: Utilization, memory, temperature
  • Battery Monitoring: Health, cycles, power source

Privacy-Preserving Defaults

  • Process names: Shown by default, can be disabled
  • Network interfaces: Monitored but content never inspected
  • Temperature sensors: Hardware-level only, no personal inference

Data Retention Settings

Historical Data

  • Off by default: No persistent logging
  • Configurable retention: 1 day to 90 days
  • Automatic cleanup: Old data automatically deleted
  • Export and forget: Manual exports don't affect retention

Real-time Monitoring

  • No history kept unless explicitly enabled
  • Circular buffers: Oldest data discarded first
  • Memory-only: Not written to disk during normal operation

Notification Privacy

Alert Content

  • Minimal information: "CPU usage above threshold" not "While using Chrome..."
  • No application names unless Accessibility permission granted
  • No personal context: Alerts reference system state, not user activity

Delivery Security

  • macOS Notification Center: Uses Apple's secure delivery system
  • No remote notifications: All alerts generated locally
  • No tracking: Notification interactions not monitored

Security Architecture

App Sandboxing

Overseer runs in macOS App Sandbox with these restrictions:

Allowed Operations

  • Read system performance counters (with permission)
  • Display notifications via Notification Center
  • Store preferences in designated containers
  • Render visualizations using Metal/GPU

Restricted Operations

  • Cannot access user documents without explicit permission
  • Cannot make network connections (except for updates if enabled)
  • Cannot read other applications' data
  • Cannot modify system files or settings

Code Signing and Notarization

  • Apple Notarized: Verified by Apple for security
  • Hardened Runtime: Protects against code injection
  • Library Validation: Only Apple-signed libraries loaded
  • Secure Updates: Cryptographic verification of updates

Memory Protection

  • Address Space Layout Randomization (ASLR)
  • Execute Never (XN) memory protection
  • Stack smashing protection
  • Automatic reference counting for memory safety

Best Practices for Privacy-Conscious Monitoring

Initial Setup Recommendations

  1. Start minimal: Enable only the metrics you need
  2. Review permissions: Understand what each permission allows
  3. Test alerts: Configure with conservative thresholds
  4. Check exports: Verify data before sharing

Ongoing Privacy Maintenance

Weekly

  • Review active monitoring metrics
  • Check for macOS permission changes
  • Verify export locations are secure

Monthly

  • Audit historical data retention
  • Review alert configurations
  • Check for application updates

Quarterly

  • Review all granted permissions in System Settings
  • Consider resetting monitoring preferences
  • Evaluate if all monitored metrics are still needed

Sharing Metrics Safely

What's Safe to Share

  • Aggregate performance trends (without timestamps)
  • Hardware specifications and capabilities
  • Anonymized benchmark results
  • System configuration recommendations

What to Keep Private

  • Specific process usage patterns
  • Exact timestamps of system activity
  • Personal application usage
  • Network connection details

Advanced Privacy Features

Custom Privacy Rules

Process Filtering

  • Exclude specific applications from monitoring
  • Group similar processes for anonymization
  • Set privacy levels per application category

Data Obfuscation

  • Add statistical noise to metrics (optional)
  • Round values to prevent fingerprinting
  • Aggregate similar time periods

Privacy-Preserving Diagnostics

When contacting support (optional and user-initiated):

  1. Manual selection: Choose what diagnostic data to include
  2. Automatic sanitization: Remove personal identifiers
  3. Temporary collection: Data deleted after support session
  4. No mandatory reporting: Always opt-in, never automatic

Research Mode (Optional)

For users contributing to performance research:

  • Differential privacy: Mathematical privacy guarantees
  • Local aggregation: Data processed on device first
  • Contribution limits: Maximum data per time period
  • Transparent opt-out: One-click disabling

Troubleshooting Privacy Concerns

Common Questions

"Why does Overseer need so many permissions?"

Each permission corresponds to specific monitoring capabilities:

  • System Monitoring: CPU, memory, process metrics
  • Files and Folders: Disk usage and health
  • Network: Bandwidth and connection monitoring
  • Accessibility: Detailed application insights (optional)

"Can I verify Overseer isn't sending data?"

Yes, multiple verification methods:

  1. Network monitoring: Use Little Snitch or macOS firewall
  2. Console logs: Check for network activity
  3. Packet inspection: Use Wireshark to monitor traffic
  4. Firewall rules: Block Overseer and verify functionality

"How do I completely remove my data?"

Three-level removal:

  1. Delete application: Trash Overseer.app
  2. Remove preferences: Delete ~/Library/Preferences/com.overseer.Overseer.plist
  3. Clear all data: Delete ~/Library/Application Support/Overseer/

Permission Issues

"Overseer shows limited metrics"

  1. Check System Settings → Privacy & Security
  2. Verify all required permissions are granted
  3. Restart Overseer after permission changes
  4. Check Console.app for permission errors

"Permission requests keep appearing"

  1. macOS may reset permissions after updates
  2. Keychain may need repair (use Keychain Access First Aid)
  3. Try removing and re-adding Overseer in permission settings

Data Management Issues

"Historical data not saving"

  1. Check if historical data is enabled in Preferences
  2. Verify sufficient disk space
  3. Check FileVault encryption status
  4. Review Console.app for storage errors

"Cannot export metrics"

  1. Verify write permissions for destination
  2. Check disk space availability
  3. Try different export format (CSV vs JSON)
  4. Export smaller time ranges for testing

Transparency and Verification

Open Source Components

Overseer uses these verified open-source libraries:

  • Charts rendering: Custom SwiftUI components
  • Statistics calculation: Apple's Accelerate framework
  • Data compression: Apple's Compression framework
  • Cryptography: Apple's CryptoKit framework

Third-Party Audits

  • Code security: Annual static analysis
  • Privacy review: Biannual data flow audit
  • Penetration testing: Annual security assessment
  • Compliance verification: For applicable standards

Independent Verification

Security researchers can:

  1. Network analysis: Monitor all outbound connections
  2. Disk inspection: Analyze all stored data
  3. Memory analysis: Examine runtime behavior
  4. Permission audit: Verify permission usage

Compliance and Standards

Privacy Standards

Overseer is designed to help you comply with:

GDPR (General Data Protection Regulation)

  • Data minimization: Only essential metrics collected
  • Purpose limitation: Monitoring only, no secondary uses
  • Storage limitation: User-controlled retention periods
  • Right to erasure: Complete data removal capability

CCPA (California Consumer Privacy Act)

  • Opt-out rights: Disable monitoring at any time
  • Data access: Export all stored data
  • Deletion: Remove all personal information
  • Non-discrimination: Full functionality regardless of privacy choices

Security Standards

Technical Measures

  • Encryption at rest: FileVault integration
  • Encryption in transit: Not applicable (no data transit)
  • Access controls: macOS permission system
  • Audit logging: Optional and user-controlled

Organizational Measures

  • Privacy by design: Built into architecture
  • Default privacy: Most private settings by default
  • Transparency: Clear documentation of data practices
  • User control: Granular privacy settings

Getting Help with Privacy Concerns

Immediate Actions

If you have privacy concerns:

  1. Disable monitoring: Turn off metrics in Preferences
  2. Review permissions: Check System Settings
  3. Clear data: Delete application support folder
  4. Monitor network: Use firewall to verify no connections

Privacy Consultation

For specific privacy questions:

  • Email: privacy@overseer.com
  • Response time: 48 hours for privacy inquiries
  • Documentation: Always check this guide first
  • Updates: Subscribe to privacy policy changes

Reporting Issues

If you discover a potential privacy issue:

  1. Document evidence: Screenshots, logs, network captures
  2. Minimize exposure: Disable affected features
  3. Contact immediately: security@overseer.com
  4. Follow up: We commit to 24-hour acknowledgment

Future Privacy Enhancements

Planned Features

Enhanced User Control

  • Temporal privacy: Disable monitoring during specific hours
  • Location-based rules: Change monitoring based on network
  • Application-aware privacy: Automatic rules per application

Advanced Privacy Technologies

  • Homomorphic encryption: Process encrypted metrics
  • Federated learning: Aggregate insights without raw data
  • Zero-knowledge proofs: Verify trends without sharing data

Transparency Tools

  • Privacy dashboard: Visualize all data collection
  • Export analysis: Review what data would be shared
  • Permission simulator: Test privacy configurations

Commitment to Privacy

Overseer's privacy principles:

  1. User sovereignty: You control your data
  2. Transparency: Clear explanations of all operations
  3. Minimization: Collect only what's necessary
  4. Security: Protect what we must collect
  5. Improvement: Continuously enhance privacy features

Your privacy is not a feature—it's the foundation. Overseer is built from the ground up to respect your right to monitor your system without compromising your privacy. Every design decision, from permission requests to data storage, is made with your privacy as the priority.

Remember: Good privacy practices work best when they're simple, clear, and under your control. Overseer gives you the tools to understand exactly what's being monitored and why, with the assurance that your system data never leaves your Mac without your explicit permission.

Last updated: February 2025

Back to categoryBack to Documentation

Was this helpful?

Help us improve this documentation by providing feedback.

Report IssueContact SupportEdit this page