Security
100% offline.
Nothing uploaded. Ever.
This page describes exactly what CODEXT reads, writes, and transmits on your machine. No vague commitments — concrete specifics. Read this before trusting us with your source code.
Claims
What we guarantee
Each of these is architecturally enforced — not a policy promise, not a terms-of-service clause.
Your files never leave your machine
CODEXT reads your project files from the local filesystem. It processes them in memory, constructs the output structure, and writes the .txt file to a location you specify — all locally. At no point does any file content touch a network socket.
Zero telemetry. Zero analytics.
There is no analytics SDK in CODEXT. No Sentry, no Mixpanel, no Amplitude, no custom event tracking. If CODEXT crashes, nothing is reported. If you use it 100 times a day, we don't know that. We intentionally built it this way.
License validation is a hash ping, not a data transfer
When you activate a Pro license, CODEXT sends a lightweight validation request containing only a hash of your license key. No machine identifier, no username, no hardware fingerprint. The response is a valid/invalid boolean. That's the entire exchange.
GitHub token stored in your OS keychain only
If you connect a GitHub account, CODEXT stores your OAuth token in the operating system keychain (Windows Credential Manager on Windows, Keychain Access on macOS). The token is never written to disk in plaintext, never transmitted to our servers, and never logged.
Cloned repos land in your system temp folder
When you use the GitHub clone feature, CODEXT runs a shallow clone into your OS temp directory (e.g., C:\Users\you\AppData\Local\Temp on Windows). After bundling, you can delete it manually or let your OS clean it on restart. CODEXT does not retain the clone.
No background processes. No startup items.
CODEXT does not install a system service, a launch agent, a scheduled task, or any startup hook. When you close it, it is completely gone from memory. Nothing runs in the background between sessions.
File access
What CODEXT reads
These are the only filesystem locations CODEXT accesses. All access is local.
| Location | Why |
|---|---|
| Your project directory | To build the file tree and read source files for bundling. Read-only. Only runs when you initiate a bundle. |
| .gitignore files | To apply your existing exclusion rules automatically. Parsed locally, never transmitted. |
| OS keychain (optional) | To store and retrieve your GitHub OAuth token. Write on connect, read on launch. Never plaintext on disk. |
What CODEXT writes
Everything written stays on your machine, in locations you control.
| Location | What and why |
|---|---|
| App config directory | Settings (theme preference, excluded paths, size cap). Stored in your OS app data folder. Example: %APPDATA%\codext on Windows. |
| License token file | Encrypted license token written after activation. Stored in app config directory. Validated locally on launch. |
| Your chosen output path | The bundled .txt file. Written wherever you tell CODEXT to write it. That's the entire output. |
| System temp folder (optional) | Shallow GitHub clones. Written only when you explicitly clone. Deleted when you clean temp or manually. |
Network access: two cases only
CODEXT makes exactly two types of outbound network requests, and both are optional:
1. License activation — A single POST containing a hash of your license key. No file data. No machine fingerprint. Response: valid or invalid. That's it.
2. GitHub clone (optional) — A standard git clone operation, authenticated with your local token. No data goes to our servers. The clone goes to your temp folder.
If you never activate Pro and never use GitHub Connect, CODEXT makes zero network requests.
1. License activation — A single POST containing a hash of your license key. No file data. No machine fingerprint. Response: valid or invalid. That's it.
2. GitHub clone (optional) — A standard git clone operation, authenticated with your local token. No data goes to our servers. The clone goes to your temp folder.
If you never activate Pro and never use GitHub Connect, CODEXT makes zero network requests.
Still have questions?
Email us at hello@codext.tech. We'll answer specific security questions directly.
We welcome scrutiny. We built this to earn trust, not request it.