Privacy

last updated 2026-05-08

The short version: mdz does not collect, transmit, or store any of your data. Everything stays on your machine.

The app

The mdz desktop app makes no outbound network calls. There is no analytics, no error reporting, no automatic update check, no remote config fetch. The only data the app reads is the folder you point it at, plus a local settings file at ~/Library/Application Support/sh.mdz.mdz/settings.toml (macOS).

You can verify this:

• Block mdz at the firewall — it will function identically.
• The source is at github.com/CharlesWong/mdz; grep it for http:// or https:// — only image URLs in user content are fetched, and only when you open a doc that contains them.

External resource fetches happen for two narrow reasons:

• Image src URLs in your markdown. If a doc contains ![alt](https://example.com/foo.png), the WebView fetches that image directly, the same way any browser does. We don't proxy or log this.
• Future: notarization update check. Once mdz is notarized (planned for 0.2), macOS itself may verify the app's notarization ticket on first launch — that's a system-level call, not something mdz code initiates.

This site

The mdz.sh marketing site is a static HTML file served via Cloudflare. Cloudflare logs IP addresses as part of its standard request handling (see Cloudflare's privacy policy). We don't run analytics, install cookies, or use trackers.

If we ever change this

If a future version of mdz adds anything that touches the network, this page will say so explicitly, in plain English, before that version ships.