Privacy Policy

What we collect

Burnbar runs entirely on your Mac. The only data that would ever leave your machine is a small daily usage rollup you upload to the leaderboard after you opt in. The public leaderboard is rolling out soon. This is the upload model it will use once live — each uploaded row contains exactly these four fields and nothing else, and the server rejects any extra key:

date

The calendar day a usage total belongs to (YYYY-MM-DD).

provider

Which CLI the usage came from — only "claude" or "codex".

tokens

A single aggregate token count for that day and provider.

cost_usd

The estimated US-dollar cost for that day and provider.

Because the leaderboard is public, each row is tied to your GitHub account. This identity is not part of the uploaded row — the upload is authenticated with your GitHub token, and the server reads your public identity from it:

github_id / github_login

Your public GitHub numeric id and username. Not part of the uploaded row — the upload is authenticated with your GitHub token and the server reads these from it to label your row on the public leaderboard.

The leaderboard supports two providers only — Claude Code and OpenAI Codex. No other tool is read or uploaded.

What we never collect

The following are never read, never stored, and never uploaded. This is enforced in code: Burnbar parses only token counts, models, and timestamps from local CLI logs, and the leaderboard server validates every upload against a strict four-field allowlist before it is saved.

• Prompt and response content

  Never. We skip message.content / message.text, first_user_message, preview, title, and history.jsonl entirely. The text of what you ask or what the models reply is never read, stored, or uploaded.

• Filesystem and repository identifiers

  Never. We never upload cwd (working directory), git_branch, git_origin_url, git_sha, project directory names, or rollout paths.

• Machine identifiers

  Never. Cross-device totals are reconciled on your Mac before upload, so per-machine ids never leave your device and never reach the leaderboard.

• Raw model names

  Never. The upload carries a single per-provider token total, not which specific model (for example a dated Opus or Sonnet build) produced it.

• Browser data

  Never. Burnbar does not read browser cookies, Local Storage, IndexedDB, or any browser-managed secrets. This is the core reason Burnbar exists.

• Third-party Keychain items

  Never. Burnbar uses the macOS Keychain only for its own GitHub token (service ids prefixed xyz.andybowu.Burnbar). It never touches any other app's Keychain items.

Retention

Opt out, hide, or delete your data

You are in control from inside the Burnbar app. Nothing is uploaded until you choose to join the leaderboard.

• Opt out

  Turn off the leaderboard in Settings. Burnbar stops uploading and your existing data falls under the 90-day opted-out purge.

• Hide

  Stay opted in but mark yourself hidden to disappear from the public ranking while keeping your own history.

• Delete everything

  Use the delete control in Settings to wipe your account and every usage row immediately, regardless of age or opt-in status.