Privacy Policy

Effective: March 15, 2026 Version 1.0+

The short version: Reachable does not collect, store, or transmit any personal information. The only network activity is checking whether your internet works. All data stays on your Mac.

What data Reachable collects

None. No user accounts, no sign-in, no analytics, no telemetry. The information below describes exactly what the app does on your device.

Network requests

Reachable makes exactly three types of outbound network requests. Nothing else.

1. Connectivity check

What: A periodic HTTP HEAD request to a configurable address (default: 1.1.1.1, Cloudflare DNS) to check if your internet is working.

Sent: A minimal HTTP HEAD request. No identifying information, no device identifiers, no user data.

Received: An HTTP status code. Reachable reads only whether the request succeeded.

Who: By default, Cloudflare. You can change the target in Settings to any address you prefer.

2. Public IP lookup

What: A GET request to an external service when the popover is opened, to display your public IP address. The result is cached locally and shared with the desktop widget so it can display your IP without making its own request. The cached IP is cleared when the app quits.

Sent: A standard GET request with an empty User-Agent header. No app name, version, or device identifiers are included.

Received: Your public IP address as plain text. Reachable reads only the IP address.

Who: Reachable tries these services in order, stopping at the first successful response. When "Prefer IPv6" is enabled in Settings, IPv6-specific endpoints are tried first.

ipify (api.ipify.org / api64.ipify.org for IPv6) — privacy policy
Amazon Web Services (checkip.amazonaws.com) — privacy policy
Cloudflare (1.1.1.1/cdn-cgi/trace, [2606:4700:4700::1111]/cdn-cgi/trace for IPv6, and one.one.one.one/cdn-cgi/trace as last resort) — privacy policy

3. Captive portal detection (beta)

What: When your Mac is connected to Wi-Fi but has no internet, Reachable sends an HTTP GET request to one.one.one.one (Cloudflare) to detect whether a captive portal (hotel/airport login page) is blocking the connection.

Sent: A standard HTTP GET request. No identifying information, no device identifiers, no user data.

Received: An HTTP redirect or response. Reachable reads only the redirect destination to determine if a captive portal is present.

When: Only while your connection is in the "No Internet" state. If no captive portal is detected, a follow-up HTTPS check is made to your configured ping target to confirm the connection status.

Who: Cloudflare (one.one.one.one). This is the same provider used for the regular connectivity check.

What Reachable does NOT do

Does not contact any Reachable-operated server, ever
Does not send analytics, crash reports, or telemetry to anyone
Does not include any third-party SDKs, advertising frameworks, or tracking libraries
Does not make any network request not described above

Data stored on your device

Reachable stores two categories of data locally. Neither is transmitted anywhere.

Outage history

When connectivity changes, Reachable records the event locally: start time, end time, duration, and outage type. This data lives in a sandboxed database on your Mac. It never leaves your device unless you export it via PDF or CSV.

You can delete all history from within the app and configure retention from 7 days to indefinitely.

Settings

Your preferences are stored in local macOS user defaults. They are not synced to iCloud or any other service.

Permissions

Reachable operates under Apple's App Sandbox with two permissions:

Network (required) — outbound connections for the three request types described above
Location (optional) — used exclusively to read your WiFi network name (SSID) via macOS system APIs. On macOS 14+, Apple requires Location permission for SSID access. No location coordinates are read, stored, or transmitted. If you deny this, everything works the same — the WiFi name row is simply hidden.

The app has no access to your contacts, calendar, microphone, or camera. File access is limited to locations you explicitly choose when exporting PDF or CSV reports.

GDPR

Reachable does not process any personal data as defined by the GDPR. There is no data controller relationship, no data processing agreement required, and no lawful basis for processing needed, because no personal data is processed.

Network requests do transmit your IP address to the receiving service (ipify, Amazon Web Services, or Cloudflare) as an inherent consequence of making any internet request. Each service is the data controller for that data under their own privacy policy.

CCPA

Reachable does not sell or share personal information. Reachable does not collect personal information as defined by the CCPA. Because no personal information is collected, there is nothing to access, delete, or correct.

Children's privacy

Reachable does not knowingly collect information from anyone, including children under 13. Because the app collects no data at all, it presents no privacy risk to users of any age.

Third-party services

Reachable communicates with the following third-party services:

Cloudflare — default connectivity check target (1.1.1.1), captive portal detection (one.one.one.one), and fallback IP lookup (1.1.1.1/cdn-cgi/trace, [2606:4700:4700::1111]/cdn-cgi/trace, one.one.one.one/cdn-cgi/trace)
ipify — primary public IP lookup (api.ipify.org, api64.ipify.org)
Amazon Web Services — fallback public IP lookup (checkip.amazonaws.com)

If you change your ping target in Settings, that address receives your connectivity checks instead of Cloudflare.

Reachable is distributed through the Mac App Store. Apple's privacy practices govern the purchase and download process.

Changes to this policy

If we make material changes, we will update the date at the top. We will not use any change to begin collecting data that was not previously collected.