Privacy Policy
Vitriol's desktop app is offline by design. This page is a complete inventory of what data is collected (none), what network requests the app makes (a small, named list), and where things are stored on your machine. If you find anything in the code that contradicts this policy, please file an issue — we treat it as a bug.
What we collect
Nothing. Vitriol contains no analytics, no telemetry, no crash reporting service, no error-collection beacon, no usage tracking, no advertising IDs, no fingerprinting, and no third-party SDKs that do any of those things on our behalf. The application binary is shipped to your machine and runs there; it does not phone home about how you use it, what files you convert, what passwords you set, or anything else.
This includes Stone-mode passwords. Passwords you enter for password-protected Stone outputs live only in the playlist row's memory and are gone the moment you remove the row or close the app. Vitriol never logs, persists, transmits, or otherwise stores them.
Network requests Vitriol does make
Vitriol is offline-first, not offline-only. Three categories of outbound HTTPS requests can occur:
1. First-launch dependency download (one-time)
When you first run Vitriol from source (python launcher.py),
the launcher fetches:
- FFmpeg + ffprobe — from
gyan.dev(the official Windows essentials build) - Assimp DLL — from the Assimp GitHub Releases page
- DejaVu Sans + Cinzel fonts — from their respective upstream release pages
These are required for audio/video conversion, 3D model conversion, and
PDF/splash-screen rendering respectively. They are downloaded once and
cached locally under %LOCALAPPDATA%\Vitriol\; subsequent launches
reuse the cached copies and make no additional requests.
If you install Vitriol via the bundled installer or portable zip, these dependencies ship with the download — no first-launch fetch is needed.
2. Auto-update check (once per 24 hours, optional)
When enabled (default ON), Vitriol asks the GitHub Releases API once every 24 hours whether a newer version exists:
GET https://api.github.com/repos/kl3mta3/Vitriol/releases/latestThe request includes only a User-Agent header identifying the
Vitriol version (e.g. Vitriol/1.1.0). No personal data is sent.
The response is a public JSON document with the latest release's version
tag and asset URLs. As with any HTTPS request, GitHub's servers necessarily
see your IP address — same as if you visited
github.com in your browser.
You can disable this in Preferences → Appearance, or by adding
--no-update-check to your launch command, after which Vitriol
makes no update-check requests at all.
3. User-initiated update download (when you click "Update now")
If the auto-update check finds a newer release and you click Update now, Vitriol downloads the installer from GitHub Releases:
GET https://github.com/kl3mta3/Vitriol/releases/download/...This is functionally identical to clicking the link in your browser. Vitriol verifies the downloaded file's SHA-256 against the hash published in the release notes before launching it.
What Vitriol does NOT do
- No analytics endpoint, no Google Analytics, no Segment, no Plausible, nothing of that kind
- No crash-reporting service (Sentry, Bugsnag, etc.)
- No A/B testing or feature-flag service
- No advertising or ad-related network calls
- No "phone home" check on every launch
- No upload of files you convert, ever
- No upload of metadata about files you convert (filenames, sizes, formats), ever
Local storage on your machine
Vitriol stores a small amount of data in your local user profile. None of it is transmitted anywhere; it exists so the app can remember your preferences and so the launcher can find its dependencies on the next run.
| Path | Contents |
|---|---|
%LOCALAPPDATA%\Vitriol\settings.json |
Toggle states (Stone enabled? Verify Round-Trip enabled? Splash on launch? Auto-check updates?), last-used save folder, timestamp of the last successful update check. |
%LOCALAPPDATA%\Vitriol\logs\vitriol.log |
Application log. Records errors, warnings, and informational events from the running app. Local only — never transmitted. |
%LOCALAPPDATA%\Vitriol\bin\ |
FFmpeg, Assimp, and the hardware-encoder probe cache. Downloaded on first launch (when running from source). |
%LOCALAPPDATA%\Vitriol\fonts\ |
DejaVu Sans + Cinzel TTF files used for PDF output and the splash screen wordmark. |
%USERPROFILE%\Documents\Vitriol\<Category>\ |
The default destination for converted output files. You choose where each conversion saves; this is just where the picker opens by default. |
To completely remove all Vitriol state from your machine, delete
%LOCALAPPDATA%\Vitriol\. The installer's uninstaller does NOT
remove this folder by design — settings and logs survive reinstalls
so a re-install puts you back exactly where you left off.
Third-party services
Vitriol does not integrate with any third-party service. The only external endpoints contacted are listed in the "Network requests" section above (gyan.dev, GitHub, the Assimp/DejaVu/Cinzel project release pages). No data is sent to any of these — Vitriol downloads files from them and that's it.
The website you are reading right now (vitriol.rocks) is hosted on GitHub Pages. GitHub may collect server logs (IP, User-Agent, page requested) per their own privacy policy. That logging applies to the website, not to the Vitriol application.
Security
Vitriol's installer and the bundled Vitriol.exe are digitally
signed via Azure Trusted Signing. The publisher visible in Windows UAC
prompts is Equivalent Exchange. To verify the certificate, right-click
the downloaded file → Properties → Digital Signatures.
Auto-update downloads are SHA-256 verified against the hash published in each release's notes before the installer is launched. A tampered or partial download is refused at the verification step rather than executed.
To report a security vulnerability privately, please follow the contact instructions at /.well-known/security.txt or open a private security advisory on the GitHub Security tab.
Children's privacy
Vitriol does not collect any data, so it does not collect data from children either. The application has no age-gated features and no account system.
Changes to this policy
If this policy changes (for example, if a future version of Vitriol adds a network capability not listed here), we will update this page and bump the effective date at the top. Material changes will also be called out in the corresponding release notes. Past versions of the policy are visible in the Git history of this file.
Contact
Questions, concerns, or "you said no analytics but I see network activity" reports:
- Privacy / general inquiries — contact@vitriol.rocks
- Support — support@vitriol.rocks
- Bug reports — GitHub Issues
- Private security disclosures — GitHub Security Advisories
Full routing guide on the Contact page.