Privacy
Short version: Noxen the app does not collect anything about your homelab. The marketing website (this one) uses Google Analytics to count page views. That's it.
Noxen the application
Noxen is a Mac-native scanner that runs on your machine. It never transmits your host inventory, scan findings, SSH keys, credentials, or any data about the boxes you scan to any server we control. The only outbound network traffic from the app is:
- Feed poll: once per 24 h Noxen GETs
https://feed.noxen.app/manifest.jsonand the referenced signed CVE snapshot. This request contains no identifying information beyond a standard User-Agent string. - Auto-update check: once per 24 h Sparkle GETs
https://noxen.app/appcast.xml. - License activation (optional): if you activate a paid licence, the key is validated via Lemon Squeezy's API. Lemon Squeezy's privacy policy covers that exchange.
- SSH / TCP / HTTP traffic to your hosts: initiated by you, aimed at machines you enrol. Nothing leaves your network.
Scan data storage
Host catalogs, inventories, scans, and findings live in SwiftData on your Mac. If you enable iCloud sync, they also sync via Apple's CloudKit private database — encrypted in transit and at rest, visible only to your own Apple account. We never see this data.
SSH credentials (passwords, private keys, passphrases) live in the macOS Keychain and are never synced via CloudKit.
This website (noxen.app)
We use Google Analytics 4 to count visits and understand which pages people read. This is standard GA: anonymous session IDs, coarse geolocation, referrer, user-agent. Opt out with any ad blocker or Safari's Intelligent Tracking Prevention.
We use Cloudflare for hosting (DNS, CDN, Workers, Pages). Cloudflare's privacy policy applies to in-flight traffic. Noxen stores no visitor PII beyond what GA collects.
No cookies are set for advertising or tracking purposes beyond GA's first-party cookie.
Contact
hello@noxen.app for any privacy question.