WAVEDRIVE

Privacy & Security

Privacy Overview

WaveDrive is designed with a minimal data footprint. Only the data needed to sync your files is ever transmitted — no analytics, no telemetry, and no access to any file content beyond what you explicitly configure.

What's Stored Locally

  • Sync folder configurations — Folder name, type, mode, and extension list. Stored in SwiftData on-device.
  • Security-scoped bookmarks — macOS bookmarks that allow WaveDrive to access your chosen folders without re-prompting. Stored in the macOS Keychain.
  • Bearer token — Your WavePlan authentication token. Stored in the macOS Keychain, never written to disk in plain text.
  • Activity log — Sync history including file names and timestamps. Retained locally for 30 days; never uploaded to WavePlan.
  • App preferences — Launch at Login, notification settings, DAW configuration. Stored in UserDefaults, not synced to any server.

What's Transmitted

  • File content — Only files in your configured sync folders, only with matching extensions. Transmitted over HTTPS to WavePlan.
  • File metadata — Name, size, modification date, and folder type. Used by WavePlan to organise your library.
  • Device identity — A device name and type (wavedrive) used to identify this installation in WavePlan's Device Linking system.

What's Never Transmitted

WaveDrive does not collect analytics, crash telemetry, or usage statistics. Your DAW process names, local file paths, and activity log are never sent to WavePlan or any third party.

Privacy & Security

Keychain Storage

WaveDrive stores all sensitive credentials and folder access permissions in the macOS Keychain — the same secure, encrypted credential store used by Safari and iCloud.

Nothing sensitive is ever written to UserDefaults, a plist file, or the SQLite database. The Keychain is the only place credentials live.

What's Stored in the Keychain

Bearer Token

Your WavePlan authentication token, issued during Device Link. Used to authenticate all API requests. Rotated automatically on expiry.

Service: au.com.themixbus.WaveDrive · Account: bearer-token

Security-Scoped Bookmarks

One bookmark per sync folder. Bookmarks grant WaveDrive persistent access to your chosen directories without re-prompting for permission across restarts.

Service: au.com.themixbus.WaveDrive · Account: folder-bookmark-<id>

Keychain Access

WaveDrive's Keychain items are stored with kSecAttrAccessibleAfterFirstUnlock access, meaning they are available after your Mac has been unlocked once after a restart. This allows WaveDrive to sync at login without requiring your Keychain password.

You can inspect and remove WaveDrive's Keychain entries at any time using the macOS Keychain Access app. Removing the bearer token will require re-linking your device. Removing a bookmark will require re-granting folder access in WaveDrive Preferences.

Environment Isolation

WaveDrive's Keychain entries use a service identifier scoped to the build environment. The production app uses au.com.themixbus.WaveDrive and the LocalDev build uses au.com.themixbus.WaveDrive.dev, ensuring credentials are never shared between environments.