PortShelf is designed as a local-first macOS utility. This policy explains what information PortShelf handles, how Cloudflare and Tailscale connection data is used when you choose to share a listener, and how to contact the project.
Summary
- PortShelf does not require a PortShelf account.
- The app does not sell personal information.
- The app does not run third-party analytics or advertising SDKs.
- Local port, process, project, certificate, and diagnostic data is intended to stay on your Mac.
- Cloudflare and Tailscale sharing are used only if you choose to connect and share a listener.
Information PortShelf Handles Locally
PortShelf inspects local listening ports, process names, process identifiers, project folders, command lines, named route preferences, and local certificate settings so it can show what is running on your Mac. This information is processed locally by the app and is not sent to a PortShelf backend.
Cloudflare OAuth
If you authorize PortShelf with Cloudflare, PortShelf may receive OAuth tokens and the Cloudflare account, zone, or resource metadata allowed by the scopes shown during the Cloudflare consent flow. PortShelf uses that access only to provide Cloudflare-related features you choose to use, such as creating a Cloudflare Tunnel, DNS route, cache bypass, and optional Cloudflare Access policy for a listener you share.
OAuth tokens and tunnel tokens are stored locally by the app in macOS Keychain. Non-secret account, zone, and route metadata may be stored in local app settings. You can revoke PortShelf's Cloudflare access from your Cloudflare account at any time. Revocation prevents PortShelf from making future authenticated Cloudflare API requests unless you authorize it again.
Cloudflare Sharing
If you share a listener through Cloudflare, the chosen hostname may become reachable on the Internet through Cloudflare. If you choose Cloudflare Access, Cloudflare may process identity and access-control information for the allowlist you configure. Stopping sharing is intended to remove PortShelf-created DNS, Tunnel, cache, and Access resources for that route.
Tailscale Sharing
If you configure Tailscale sharing, PortShelf stores the OAuth client secret locally in macOS Keychain and uses the installed Tailscale CLI plus Tailscale APIs only for routes you choose to share. Private Tailscale Services are reachable according to your tailnet policy. Public Tailscale Funnel can make a selected local service reachable from the Internet only after explicit confirmation and only when your Tailscale policy allows Funnel for this Mac.
Website Data
The PortShelf website is hosted on Cloudflare Pages. Cloudflare may process standard request information such as IP address, browser metadata, and request logs to deliver the site, provide security, and operate its network. The site uses CookieYes to display and remember cookie-consent choices, which may set consent-preference cookies or similar browser storage. PortShelf does not currently add first-party analytics cookies to the website.
Diagnostics and Support
If you contact the project or open a GitHub issue, you may choose to share logs, screenshots, diagnostics, or contact details. Only share information you are comfortable including in that support request. PortShelf's diagnostic-copy feature is designed to redact common secret-looking values before copying diagnostics.
Sharing
PortShelf does not sell personal information. Information may be shared only when needed to operate services you use, comply with law, protect the app and users, or with your direction.
Retention and Deletion
Local app data remains on your Mac until you delete it, reset the app, revoke connected access, or uninstall PortShelf. Cloudflare OAuth access can be revoked from your Cloudflare account, and Tailscale OAuth clients can be revoked from your Tailscale admin console. Website hosting logs are retained by Cloudflare according to Cloudflare's own policies.
Children
PortShelf is a developer utility and is not directed to children. Do not use PortShelf if you are not old enough to use developer tools or authorize third-party services in your jurisdiction.
Changes
This policy may be updated as PortShelf changes. Material updates will be reflected by changing the effective date on this page.
Contact
For privacy questions or deletion requests, contact the project through the PortShelf GitHub repository. Do not post secrets, tokens, or sensitive personal data in public issues.
This policy is provided as practical product copy and should be reviewed by qualified counsel if you need legal advice for a specific jurisdiction or commercial use.