Privacy Policy
Lectern for macOS · Effective March 11, 2026
Overview
Lectern is a macOS application for composing and cross-posting content to multiple social media platforms. It is designed with a local-first architecture: your drafts, schedules, tokens, and logs stay on your device, except when temporary hosted media URLs are needed for publishing.
Data Storage
All post content, drafts, media files, scheduling data, and application logs are stored locally on your Mac using SwiftData. Authentication tokens for connected social media accounts are stored in the macOS Keychain, which encrypts them at rest and restricts access to when your user session is unlocked.
Lectern does not maintain any server-side database, user accounts, or cloud sync service. The only server-side storage Lectern uses is temporary media hosting for platforms that require public media URLs.
Data Transmitted to Third Parties
When you publish a post, Lectern sends your content directly to the social media platforms you have selected. This may include text, images, and videos. Each platform's own privacy policy governs how they handle that content once received.
The platforms Lectern can connect to include:
- Bluesky
- Mastodon (user-configured instance)
- Threads
- Tumblr
For Threads and Instagram media posts, Lectern must provide a publicly accessible media URL. By default, the app temporarily uploads those media files to Lectern's Cloudflare R2 bucket, served from cdn.lectern.work, so Meta can fetch them during publishing. If you enable Use custom R2 bucket in Settings, Lectern uploads the media to your own Cloudflare R2 bucket instead. In either case, the upload is temporary and Lectern attempts to delete the hosted media automatically after publishing.
Data We Do Not Collect
Lectern does not collect analytics, telemetry, crash reports, usage statistics, or any form of tracking data. There are no third-party SDKs, advertising frameworks, or data brokers integrated into the application. Outside the temporary hosted media required for certain Threads and Instagram uploads, Lectern does not collect or retain your content on a server.
OAuth & Authentication
Lectern authenticates with social platforms using OAuth 2.0 or platform-specific app passwords. OAuth tokens and refresh tokens are stored exclusively in the macOS Keychain. Lectern never transmits your tokens to any server other than the social platform that issued them.
Logging
Lectern maintains local diagnostic logs to help with troubleshooting. These logs include network request metadata (URLs, status codes, response times) but authorization headers are automatically redacted. Logs are stored locally in SwiftData and are never transmitted off your device. You can clear all logs from within the application.
Data Deletion
You are in full control of your data. You can remove any connected account from Lectern at any time, which deletes the associated tokens from Keychain and cascades deletion to related posts and media references. Uninstalling Lectern removes all locally stored data.
Children's Privacy
Lectern is not directed at children under the age of 13. We do not knowingly collect any information from children.
Changes to This Policy
If this policy is updated, the revised version will be posted at this URL with an updated effective date.
Contact
For questions about this privacy policy, contact david@daviddegner.com.