Privacy Policy - WhereInMenu
Last updated: 11 April 2026
WhereInMenu (“the App”) is developed by Data Consulting Services. This Privacy Policy explains what data can be collected, under which conditions, and how to disable it.
Our Privacy Commitment
WhereInMenu is designed with privacy as a core principle. The core functionality of the app runs entirely offline, and any data that is transmitted is opt-in, anonymous, and limited to what’s necessary to improve stability and usability.
When you install WhereInMenu, no data is transmitted by default. The app only communicates with the network in the following cases:
- Opt-in anonymous analytics and crash reporting — off by default, enabled by you in Settings → Privacy.
- Automatic update check — a small request to
dataconsultingservices.netto ask whether a newer version exists. This can be disabled in Settings → Updates.
No account, sign-in, email, or identifier is ever required.
What Is Collected When You Opt In to Analytics
If you enable “Share anonymous usage data” in Settings, WhereInMenu sends a small number of anonymous events to help us understand how the app is used and fix bugs faster.
What we send
- App launch event — app version, macOS version, locale
- Hotkey activation event — bundle identifier of the active application (e.g.
com.apple.Safari) - Search execution event — number of results returned, query length only (never the query text)
- Menu activation event — rank position of the chosen result, whether it had a keyboard shortcut, bundle identifier of the active application
- Settings change event — which setting was changed (not the value)
- Crash and error reports — stack trace, exception type, app version, macOS version
What we do NOT send, ever
- The text you type into the search field
- The names or contents of menu items
- File paths, documents, screen contents, or clipboard
- Your name, email, IP address, or any account identifier
- Any advertising identifier or device fingerprint
Who processes the data
| Processor | Purpose | Region | Privacy Policy |
|---|---|---|---|
| Aptabase (Aptabase OÜ) | Anonymous product analytics | EU | aptabase.com/legal/privacy |
| Sentry (Functional Software Inc. / Sentry GmbH) | Crash and error reporting | EU (de.sentry.io) | sentry.io/privacy |
Both SDKs are configured to disable PII collection (no IP addresses, no user identifiers, no device fingerprints).
How to disable
Open Settings from the menu bar icon → Privacy → turn off “Share anonymous usage data”. The SDKs stop transmitting immediately. No data previously sent can be un-sent, but nothing new will be reported.
Automatic Update Check
WhereInMenu can check once every 24 hours whether a newer version is available. This is a single GET request to:
https://dataconsultingservices.net/apps/whereinmenu/latest.json
No data is sent in this request beyond the standard HTTP metadata (your IP address is visible to the web server, as with any website visit). This is independent of the analytics opt-in and can be disabled separately in Settings → Updates → Automatically check for updates.
Server logs on dataconsultingservices.net follow the standard Data Consulting Services website retention policy and are not linked to any analytics data.
Data That Stays on Your Device
WhereInMenu stores the following data locally using Apple’s UserDefaults system. This data never leaves your device unless you send it to us via a crash report:
Usage History
A count of how often you execute specific menu items per application, used to rank frequent items higher in search. You can reset this at any time from Settings → Data → Reset Usage History.
App Settings
Your chosen activation shortcut, theme, launch-at-login setting, privacy opt-in state, and last-update-check timestamp.
Permissions We Request
Accessibility Access (Required)
WhereInMenu requires macOS Accessibility permission to function. This permission allows the app to:
- Read the menu bar of the currently active application to display searchable menu items
- Execute menu actions when you select an item from the search results
Important details about Accessibility access:
- The app only reads menu bar structure (menu titles, keyboard shortcuts, enabled state)
- The app does not monitor keystrokes beyond detecting the activation shortcut
- The app does not read screen contents, window contents, or any text you type
- The app does not interact with applications beyond reading their menu bar
- Access is limited to the currently active application’s menus
Input Monitoring
WhereInMenu uses a system event tap to detect double-tap of modifier keys (Command or Option) for the global activation shortcut. This monitors only modifier key press/release events and does not capture any typed characters or other input.
Legal Basis (GDPR)
For users in the European Economic Area, the legal basis for processing is:
- Your explicit consent (Art. 6(1)(a) GDPR) for analytics and crash reporting. Consent is freely given, specific, and revocable at any time from Settings.
- Legitimate interest (Art. 6(1)(f) GDPR) for the automatic version check, limited to the minimum data required to deliver a “new version available” notification.
Data Retention
- Aptabase: anonymous events are retained according to Aptabase’s retention policy.
- Sentry: error reports are retained for 90 days by default.
- Local device data: retained until you reset it or uninstall the app.
Your Rights
Because no personally identifying information is collected, we are unable to look up or export “your” data — it is anonymous. You can, however, at any time:
- Turn off data collection in Settings → Privacy
- Delete the app to remove all locally stored data
- Contact us to request that data associated with a specific install be deleted from our processors
Children’s Privacy
WhereInMenu is not directed at children and does not knowingly collect any data from children.
Security
- Local data is stored in the app’s container and protected by standard macOS permissions
- Network transmissions (analytics, crash reports, update checks) use HTTPS/TLS
- Accessibility access is controlled by macOS system permissions
- The app is signed with a Developer ID certificate and notarized by Apple
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by:
- Updating the “Last Updated” date at the top
- Posting the new policy on this page
- Announcing material changes in the app’s release notes
Contact Us
If you have questions about this Privacy Policy or WhereInMenu:
Email: apps@dataconsultingservices.net
Website: https://dataconsultingservices.net/apps/whereinmenu/
Summary
| Question | Answer |
|---|---|
| Do you collect my data by default? | No — analytics is opt-in, off by default |
| Does the app go online without my consent? | Only for the update check (can be disabled) |
| Where are analytics and crash reports hosted? | EU (Aptabase EU, Sentry de.sentry.io) |
| Is my search query text ever sent? | No, never — only the character count |
| Is my IP address collected? | No — PII is disabled in both SDKs |
| Where is usage history stored? | On your device only |
| Do you sell my data? | No |
| Can I disable data collection? | Yes, anytime in Settings → Privacy |
| Do you show ads? | No |
WhereInMenu — Find it. Run it. Done. Privacy by default. Analytics by consent.