Legal · LogStitch by Ryware

Privacy Policy

Ryware LLC · Utah, USA
Effective May 21, 2026

LogStitch runs on your Mac. Your AWS log data, your Jira and GitHub data, and your credentials stay on your Mac. The only Ryware-operated server is a small OAuth proxy used briefly during sign-in. We don't track you, we don't sell anything, and we don't run analytics.

01

Who we are

LogStitch is a macOS application developed by Ryware LLC, a Utah limited liability company ("Ryware," "we," "us," "our"). This Privacy Policy explains how we handle information in connection with the LogStitch application and the related services we operate.

02

What stays on your device

LogStitch is designed so that the data it works with stays on your Mac. The following is processed and stored locally and is never transmitted to Ryware:

  • Your AWS credentials, stored in the macOS Keychain with hardware-backed Data Protection (kSecAttrAccessibleWhenUnlocked, kSecUseDataProtectionKeychain).
  • AWS CloudWatch log data, fetched by the app directly from your AWS account into a local SQLite database on your Mac.
  • Your Jira and GitHub data, including issues, pull requests, commits, comments, and project lists. The app calls Atlassian's and GitHub's APIs directly from your Mac using tokens stored in your Keychain. These requests do not pass through any Ryware infrastructure.
  • OAuth access and refresh tokens for Jira and GitHub, stored in the macOS Keychain.
03

The OAuth proxy

To let you connect LogStitch to Jira or GitHub without exposing OAuth client secrets inside the downloadable app binary — where they could be extracted and used to impersonate LogStitch to phish other users — Ryware operates a thin server-side component at auth.logstitch.app, running on AWS Lambda behind Amazon CloudFront.

When you initiate a connection or refresh an existing one, the proxy receives a short-lived authorization code or refresh token from your Mac, attaches the corresponding LogStitch OAuth client secret (kept in AWS Systems Manager Parameter Store and never bundled with the app), forwards the request to Atlassian or GitHub, and returns the resulting tokens to your Mac, where they are stored in your Keychain.

What the proxy logs

For each request, the proxy writes a structured operational log entry to AWS CloudWatch containing only: timestamp, HTTP method, request path (for example /jira/token), HTTP status code, request duration in milliseconds, the AWS request ID, and any error message returned by Atlassian or GitHub if the upstream request fails.

What the proxy does not log

The proxy does not log request bodies, response bodies, authorization codes, refresh tokens, access tokens, your name, your email address, your Jira or GitHub account identifiers, or any other field that could identify you. Your IP address is received only momentarily at the CloudFront edge for TLS routing; CloudFront access logging is disabled, so this IP address is not recorded.

Retention

Operational logs are retained in CloudWatch for 30 days and are then automatically deleted.

Sub-processor and AWS services

The proxy runs on Amazon Web Services and uses Lambda, CloudFront, CloudWatch, Systems Manager Parameter Store, and Certificate Manager. AWS handles this infrastructure as our sub-processor under the AWS Data Processing Addendum. The infrastructure is hosted in the United States.

Apart from this OAuth proxy and the optional Feedback feature described below, LogStitch makes no outbound network requests to any Ryware-operated server.

04

Local MCP server

LogStitch includes an optional Model Context Protocol (MCP) server. When you enable it, other applications running on the same Mac can query your local LogStitch database. The MCP server binds only to the loopback interface (127.0.0.1) and accepts connections only from processes already running on your computer. It does not accept connections from the network and does not transmit any data off your device.

05

Feedback (optional)

LogStitch may offer a "Submit Feedback" feature. If you use it and voluntarily provide contact information (such as an email address) along with your message, that information is transmitted to Ryware and stored in a database we operate.

We use this information for one purpose only: to respond to your feedback. We do not use it for marketing, we do not sell it, and we do not share it with third parties. You can ask us to delete your feedback and contact information at any time using the email below. If you submit feedback without contact information, we have no way to identify you.

06

What we don't do

LogStitch does not include analytics, telemetry, advertising identifiers, crash reporting, or any third-party tracking SDKs. Apart from the OAuth proxy (used only during initial connection and subsequent token refreshes) and the optional Feedback feature, the app makes no outbound network requests to any Ryware-operated server. We do not sell your personal information. We do not share it with advertisers. We do not use it to build advertising profiles or to train artificial intelligence models. We do not engage in cross-context behavioral advertising.

07

Children

LogStitch is a tool for software engineers. It is not directed to children under 13, and we do not knowingly collect personal information from children.

08

Security

We use commercially reasonable measures to protect the limited information we do handle, including TLS encryption for all data in transit, hardware-backed Keychain protection for credentials and tokens on your Mac, and access controls on our AWS infrastructure. No system is perfectly secure, but because LogStitch is designed to keep your source-control data, issue-tracker data, AWS credentials, and AWS log data on your own device, our attack surface is intentionally small.

09

Your rights

Depending on where you live, you may have legal rights regarding personal information, including rights to access, correct, or delete information we hold about you. Because the only personal information we collect is the optional contact information you provide through the Feedback feature, most rights have limited practical application. To exercise any right, email privacy@ryware.net and we will respond in accordance with applicable law.

10

California residents

Under the California Consumer Privacy Act (CCPA/CPRA), California residents have rights to know, delete, correct, and opt out of the sale or sharing of personal information. Ryware does not "sell" or "share" personal information as those terms are defined by California law.

11

EEA, UK, and Switzerland

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and the UK GDPR apply to our processing of your personal data.

Controller

Ryware LLC is the controller of the personal data described in this policy. You can contact us at privacy@ryware.net.

Categories of personal data and legal bases

  • Optional feedback contact information. Processed on the basis of your consent (Art. 6(1)(a) GDPR), provided when you voluntarily submit it. You may withdraw consent at any time by emailing us.
  • Operational proxy logs. The non-identifying metadata described in section 03 is processed on the basis of our legitimate interests (Art. 6(1)(f) GDPR) in operating, debugging, and securing the OAuth proxy. We have determined that, given the minimal nature of this metadata (no IP addresses, no user identifiers, no token data), this processing does not override your rights and freedoms.

International transfers

Ryware is established in the United States, and the OAuth proxy and feedback database are hosted in the United States on AWS infrastructure. Where personal data is transferred from the EEA, the UK, or Switzerland to the United States, we rely on the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum, as incorporated in the AWS Data Processing Addendum, to provide appropriate safeguards.

Your rights

Subject to applicable law, you have the right to: access your personal data; have inaccurate data corrected; have your data erased; restrict or object to processing; receive your data in a portable format; withdraw consent where processing is based on consent; and lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, email privacy@ryware.net. We may need to verify your identity before responding.

Retention

We retain feedback contact information until you ask us to delete it, or until it is no longer needed to respond to your inquiry, whichever is shorter. Operational proxy logs are deleted automatically after 30 days.

12

Changes to this policy

If we make material changes to this Privacy Policy, we will update the effective date above and, where appropriate, provide additional notice within the application.

13

Contact

Questions, requests, or concerns? Email privacy@ryware.net.

Ryware LLC
Utah, United States