Privacy Policy

Last updated: May 23, 2026

Claude Safari Connector collects none of your data, has no analytics or telemetry, and makes no outbound network calls of its own. It is a local bridge: Safari → the app → your local Claude Code or Claude Desktop client (over stdio). Nothing else, nowhere else.

What is and isn’t collected

The connector forwards what you ask Claude to see in Safari, to Claude, and to nowhere else. There is no account, no identifier, no phone-home mechanism of any kind. The only thing written to disk is the MCP server registration in the Claude config file you explicitly selected at first launch — and a sandboxed bookmark to re-open that file without re-prompting.

What the app accesses, and when

Nothing is collected proactively. Each item below is gated by an explicit tool call from Claude:

  • Open tabs — URL, title, and tab ID of every tab in your current Safari profile. Accessed on tabs_context calls.
  • Page content — rendered HTML, text, and attributes of the active page. Accessed on read_page, get_page_text, find, and javascript_tool calls.
  • Console outputconsole.log / warn / error from the active page after the content script attaches. Stored per-tab in a bounded ring buffer in the extension’s background page; cleared when the tab closes.
  • Network activity — page-initiated fetch and XMLHttpRequest calls (URL, method, status, truncated body). Not intercepted: navigation, image/CSS/font loads, WebSocket, EventSource. Same ring-buffer pattern as console messages.
  • Screenshots — visible-viewport pixels of the current tab, captured only during an explicit computer.screenshot call or an active gif_creator recording. Nothing is captured passively.
  • Synthetic input — mouse and keyboard events sent to the active page on computer calls. The connector synthesizes these; it does not observe them.

Redaction

Credential-bearing HTTP headers — Authorization, Cookie, Set-Cookie, X-API-Key, and similar — are replaced with <redacted> in the network drain before buffering. URL query parameters whose names match common credential conventions (api_key, access_token, token, secret, password, auth) receive the same treatment.

Redaction is best-effort. It is not a substitute for closing sensitive tabs before asking Claude to read them.

Permissions are scoped

The Apple Events permission granted to this app is scoped to Safari only. The connector cannot drive Mail, Notes, your password manager, or any other application. The Accessibility permission is used solely to send trusted keyboard and mouse input to Safari.

You stay in control

You retain direct, immediate control at every level:

  • Close sensitive tabs before invoking the connector. tabs_context returns every open tab in your current Safari profile, including tabs Claude did not open.
  • Revoke Accessibility permission in System Settings → Privacy & Security → Accessibility. Keyboard tools (type, key) will return permission_denied; mouse actions fall back to JS synthetic events.
  • Revoke Apple Events permission for Safari in System Settings → Privacy & Security → Automation.
  • Disable the Safari extension in Safari → Settings → Extensions to halt all tab, DOM, console, and network access immediately.
  • Quit the app to close the local connection entirely. Subsequent tool calls from Claude will fail immediately.

Questions

Privacy questions: craig@rungie.com