Doc Sanitizer privacy policy
Summary. Doc Sanitizer processes the Word, Excel and PowerPoint documents you open entirely on your device. It makes no network connections by default, has no servers, and Whiteforge Technologies never receives your documents, file paths, author names, comment text, speaker notes, telemetry, or any other data from the app. An optional auto-update check (off by default) makes a single HTTPS request to GitHub if you enable it — see Network activity for the full detail.
1. Introduction
This policy explains how Doc Sanitizer handles your data. Doc Sanitizer is a macOS application published by Whiteforge Technologies Ltd (“Whiteforge”, “we”), a company registered in England and Wales (company number 17224707). It inspects Word (.docx), Excel (.xlsx) and PowerPoint (.pptx) documents for hidden data — authors and editors, tracked changes, comments, speaker notes, pivot caches, hidden sheets and slides, embedded files, VBA macros, custom XML — removes it, and verifies the result before saving.
This policy is for the Doc Sanitizer app. The whiteforgetech.co.uk website has its own privacy policy.
2. Data the app processes locally
Doc Sanitizer processes the document files you open with it. While a file is open, the app holds in memory:
- The bytes of the document file you opened.
- The decoded contents of the document’s hidden-data categories. For Word files this includes author and last-editor names, the company and template path the file came from, the text of comments, the wording of tracked insertions and deletions. For Excel files it includes the names of hidden sheets, the source-range and column names cached inside pivot tables, comment authors and bodies (including email-shaped userIds in threaded comments), external workbook references, and connection strings. For PowerPoint files it includes the full text of speaker notes, the titles of hidden slides, comment authors and bodies. Across all three it includes any custom-defined document properties (project codes, classification labels, internal metadata) and the file paths of any embedded objects.
- The output path you select for the sanitised copy.
All of the above stays on your device. None of it is transmitted off the device — including author names, comment text, and speaker notes: every category is decoded locally and displayed in the app window only.
3. Data Whiteforge receives
None. Doc Sanitizer does not send your documents, decoded metadata, file paths, or telemetry to Whiteforge. There are no Whiteforge servers in the data path. The app does not contain analytics SDKs, advertising SDKs, or third-party tracking libraries. The optional auto-update check (described below) goes directly to GitHub — Whiteforge does not see those requests.
4. Network activity
By default, Doc Sanitizer makes no outbound network connections. The auto-updater is off out of the box. The app shows a first-run modal explaining this; if you do not opt in, the app never touches the network.
In Settings → Updates (or via the first-run modal), you can enable two things:
- “Check for updates automatically on launch” — off by default. If you turn it on, Doc Sanitizer makes a single HTTPS request per app launch to
https://github.com/whiten1968/DocSanitizer-downloads/releases/latest/download/latest.json. This is a static text file describing the current latest release. If a newer version is available, the app offers to download and install it; the download itself is also an HTTPS request to GitHub. - “Check for updates now” — a manual button. Makes the same request, once, only when you click it.
The requests contain no document content, no file paths, no decoded metadata, no usage statistics, no user identifier, and no telemetry of any kind. They are ordinary HTTPS GETs identical to any user requesting that URL in a browser. The only data GitHub receives is your IP address (visible to any server you connect to) and the fact that something is requesting the Doc Sanitizer update manifest.
You can revoke consent at any time by turning “Check for updates automatically” off. Settings preferences are stored locally on your device only.
5. Where data is stored
- The document file you open — remains where you opened it from. Doc Sanitizer does not copy your input files into its own storage, and never overwrites the original.
- The decoded metadata and your output path choice — held in memory while the file is open. When you open a different document or quit the app, this state is discarded.
- The sanitised output — only created when you choose to save and pick a destination. Doc Sanitizer writes to the location you specify (typically alongside the original with a
-sanitizedsuffix, matching the input’s format) and nowhere else. - Optional Finder Quick Action. If you turn on Settings → Finder integration, Doc Sanitizer writes a small Automator workflow into
~/Library/Services/so that right-clicking a Word, Excel or PowerPoint document in Finder offers Sanitize with Doc Sanitizer. Turning the toggle off again removes the workflow. The workflow itself contains no personal data — it’s a fixed script that runsopen -a “Doc Sanitizer” <file>.
6. Crash reports and diagnostics
Doc Sanitizer does not collect or transmit crash reports, performance metrics, or diagnostic data. macOS itself may collect crash logs at the operating-system level and offer to share them with developers; that behaviour is controlled by your macOS privacy settings (System Settings → Privacy & Security → Analytics & Improvements), not by Doc Sanitizer.
7. Deletion
- Opening a different file — drops the in-memory state for the previous one.
- Quitting the app — drops all in-memory state.
- Uninstalling Doc Sanitizer — remove the Doc Sanitizer.app bundle from Applications. The app does not install components elsewhere on the system. Move the app to the Trash and empty it, and everything Doc Sanitizer touched is gone.
The documents you opened, and the sanitised outputs you saved, are unaffected by uninstalling the app — they live where you put them. If you previously turned on the Finder Quick Action, remove ~/Library/Services/Sanitize with Doc Sanitizer.workflow by hand, or turn the toggle off in Settings first.
8. Children
Doc Sanitizer is not directed at children under 13. We do not knowingly collect personal information from children.
9. Your rights
If you are in the UK or the EU, you have rights under the UK GDPR and the EU GDPR — including the rights of access, rectification, erasure, restriction, objection, and the right to lodge a complaint. Because Doc Sanitizer does not transmit your data to us, these rights are effectively under your direct control through the app and the file system on your device. If you have a question about your data in Doc Sanitizer, email us at the address below.
You can complain to the UK Information Commissioner’s Office at ico.org.uk.
10. Changes to this policy
If we change this policy, we will update the “Last updated” date at the top. Material changes will be summarised at the top of the policy for a reasonable period.
11. Contact
For privacy questions about Doc Sanitizer:
Whiteforge Technologies Ltd
support@whiteforgetech.co.uk