Security
WhyDidItClose is designed to be inspectable by operators, not merely described by marketing copy.
Security model
| Layer | What WhyDidItClose does | Why it matters |
|---|---|---|
| Capture | Correlates local evidence around the closure window | Keeps diagnostic quality tied to on-device facts |
| Storage | Persists event history in the user's Application Support directory | Avoids hidden cloud dependency for core diagnosis |
| Export | Defaults to redacted export controls in the app | Reduces accidental leakage in support handoff |
| Distribution | Publishes signed/notarized build plus SHA256 checksum | Gives a concrete trust-verification path |
| Support | Uses a public support email and explicit policy pages | Makes escalation ownership visible |
Local-first data flow
- An app closes.
- WhyDidItClose records identity, timing, and termination evidence locally.
- A dominant cause and bounded confidence are computed on-device.
- The operator decides whether to export JSON or CSV.
What the product needs for diagnosis
| Required for diagnosis | Not required by default |
|---|---|
| App name and bundle identifier | Account credentials |
| Launch and termination timestamps | Continuous cloud replay |
| Local evidence signals around the event | Full-device telemetry streaming |
| Optional operator feedback events | Background cloud ingestion of incident history |
Distribution verification
For direct download, operators should validate:
- the published SHA256 hash on
/download - the Apple notarization/Gatekeeper trust chain
- the support path if hash or execution trust does not match
Security posture for teams
- Local-first diagnostics reduce policy friction for internal pilots.
- Export is explicit, so incident packs can be reviewed before sharing.
- Team rollout should define who can export and where incident payloads are stored.
For rollout questions, contact support@whydiditclose.com.