Overview
Summon is a macOS menu-bar meeting alert app built by ARRcade. Its privacy guarantee is simple: no personal data ever leaves your Mac for any core function. Calendar access is read-only and happens entirely on-device via Apple EventKit. Summon has no backend, no account system, no analytics, and no telemetry.
The release build is compiled without the outbound network entitlement. This is not a policy choice alone — it is an architectural one. Without the entitlement granted by Apple’s sandbox, no socket can open, regardless of what any code inside the app might attempt. The only network activity permitted is Apple’s own StoreKit, which handles the one-time purchase and restore flow through a separate Apple-managed process.
Summon does not collect personal data. It does not phone home. It does not track usage. Your calendar is read locally on your Mac and never transmitted anywhere. The release build ships without the network entitlement — at the OS level, no connection can be opened for core functions.
What We Collect
Summon does not collect personal data. No analytics, no telemetry, no crash reporting that leaves your Mac. Here is the full picture:
| Data Type | Collected? | Accessible to ARRcade? |
|---|---|---|
| Personal information | Not Collected | No |
| Usage analytics or telemetry | Not Collected | No |
| Calendar event titles, times, or attendees | Not Collected | No |
| Meeting join links extracted from events | Not Collected | No |
| Location data | Not Collected | No |
| Device identifiers | Not Collected | No |
| App preferences (alert timing, snooze settings) | On Device Only | No |
| StoreKit purchase & restore | Apple’s Process | No — handled by Apple directly; see App Store Data below |
Summon contains no analytics SDKs, advertising networks, third-party crash reporters, or any other external library that makes network requests. The only third-party code present is standard macOS system frameworks provided by Apple.
Calendar Access
Summon requests access to your calendar via Apple EventKit (NSCalendarsUsageDescription). This is the only sensitive permission Summon requests, and it is used for a single, narrow purpose: reading upcoming events to determine their start times and detecting meeting join links (Zoom, Google Meet, Teams, and similar) embedded in event notes or location fields.
- Calendar data is read entirely on your Mac, inside the app process. It is never transmitted to ARRcade or any other server.
- Summon reads event titles, start times, and notes/location fields only to schedule alerts and extract join links. No other calendar data is accessed.
- Calendar access is read-only. Summon never creates, modifies, or deletes calendar events.
- You can revoke calendar permission at any time in System Settings → Privacy & Security → Calendars. Summon will continue to run but will not show alerts for calendar events.
Calendar access (NSCalendarsUsageDescription) is used solely on-device to read upcoming events and detect meeting join links. This data is never transmitted anywhere. It stays on your Mac for the lifetime of the app process and is not persisted beyond what is needed to show the next scheduled alert.
Network & Entitlements
Summon is built and distributed without the com.apple.security.network.client entitlement. This means the macOS App Sandbox blocks all outbound network connections at the operating system level — not just at the application logic layer. No socket can open for any core function of the app.
The absence of the network entitlement is verifiable: inspect the app bundle’s entitlements with codesign -d --entitlements - /Applications/Summon.app. You will not find com.apple.security.network.client. The sandbox enforces this at the kernel level — it is not a software promise, it is an OS constraint.
The one exception is Apple’s StoreKit purchase and restore flow. This is handled by a separate Apple-managed process (storeaccountd / commerce) outside the Summon sandbox, using Apple’s own entitlements. ARRcade receives only aggregate, anonymised sales data through App Store Connect — never any information that identifies you.
- No analytics or telemetry is sent on launch, in the background, or at any other time.
- No crash reports are transmitted outside your Mac.
- Join links detected in calendar events are opened directly via
NSWorkspace.open(_:)— a local macOS API that invokes your default browser. The link itself is never logged or sent to ARRcade.
Permissions & App Sandbox
Summon runs in the macOS App Sandbox. Its entitlement footprint is intentionally minimal:
- Calendar access (EventKit): Requested via
NSCalendarsUsageDescriptionto read upcoming events and detect join links. Read-only. Never transmitted. - Network access: Not requested. The
com.apple.security.network.cliententitlement is absent from the release build. No outbound connections are possible for core app functions.
Summon does not request access to your camera, microphone, contacts, photos, location, files, or any other permission beyond the calendar access described above. It is a menu-bar utility — its surface area is deliberately narrow.
Your settings (alert timing, snooze duration, calendar selection) are stored in UserDefaults on your Mac only. They are never synced to iCloud or transmitted anywhere. Uninstalling Summon removes all stored preferences.
App Store-Supplied Data
Summon is distributed through the Mac App Store. Apple receives standard anonymous app metrics — crash reports, app launch counts, and aggregate usage data — from all apps distributed through their platforms. ARRcade has access to these aggregated, anonymised metrics through App Store Connect, but has no access to any information that identifies individual users through these channels.
For details on what Apple collects, see Apple’s Privacy Policy.
Your Rights
Because Summon stores no personal data beyond your on-device preferences, you have complete control at all times.
- Access: There is no personal data to access — ARRcade holds none.
- Deletion: Uninstalling Summon removes all local preferences. No data exists on ARRcade servers because none was ever sent.
- Portability: No personal data exists to port.
For users in the European Economic Area (EEA), this design means your GDPR rights are inherently satisfied — no formal request to us is required because no personal data is processed by ARRcade.
For California residents: Summon does not sell personal information, so CCPA opt-out rights do not apply. There is no personal information to sell.
Children’s Privacy
Summon is a productivity utility designed for adults and is not directed at children under 13. We do not knowingly collect personal information from children. Because Summon collects no personal data from anyone, this is inherently satisfied.
Changes to This Policy
If we make material changes to this Privacy Policy, we will update the “Last updated” date at the top of this page and note the change in the accompanying app update on the Mac App Store.
Given Summon’s architecture — no personal data collection, no servers, no accounts, and no network entitlement — the scope for meaningful change is narrow. Any change that introduced data collection would require explicit, informed opt-in from users.
Contact
Questions about this Privacy Policy or how Summon handles data? We are happy to help.