macOS Privacy Permissions

Your Mac is tracking every permission it’s ever granted

System Settings shows you a fraction. tcc-viewer shows you everything — every app, every permission type, every version, every date. One command, local only.

Click to copy $ brew install ideabrian/tap/tcc-viewer
Then run: tcc-viewer
364
Total permission entries on a typical developer Mac
66%
Were duplicates from a single app auto-updating
240
Stale entries for app versions no longer installed
22
Distinct permission types macOS tracks silently

What is TCC?

Every time macOS asks “Allow this app to access your Documents?” — your answer gets stored in a hidden SQLite database called TCC (Transparency, Consent, and Control). It records every permission for every app, going back to when you first set up your Mac. System Settings shows you a simplified view. The actual database has far more — and on most developer machines, it’s full of junk.

localhost:3847
TCC Viewer for macOS
Every privacy permission your Mac has ever tracked — from a hidden database called TCC
364
Total Entries
124
Unique Apps
22
Permission Types
240
Duplicate Versions
236
Stale (removable)
66% of your permissions are duplicates. 240 out of 364 entries belong to versioned apps that install each update as a new binary. 236 entries are for old versions you’re no longer running.
Search clients, paths, services…
Duplicates Only
Stale Only
Client
Status
DB
Last Modified
~/.local/share/claude/versions/2.1.161
Allowed
user
Jun 2, 2026
~/.local/share/claude/versions/2.1.158
Allowed
user
Jun 1, 2026
~/.local/share/claude/versions/2.1.154
Allowed
user
May 28, 2026
~/.local/share/claude/versions/2.1.153
Allowed
user
May 27, 2026
/opt/homebrew/.../bin/gtimeout
Allowed
system
May 21, 2026
com.electron.toggleboard
Denied
system
Apr 21, 2026

What System Settings won’t show you

01
Both databases
macOS splits permissions across two hidden databases — one per-user, one system-wide. Most tools only see one. tcc-viewer reads both and merges them into one view.
02
Duplicate detection
Apps that install each update as a new binary — like Claude Code — create duplicate permission entries. tcc-viewer finds and highlights every one.
03
Stale entry tracking
Old versions you’re no longer running still have permissions. See exactly how many entries are dead weight cluttering your privacy settings.
04
22 permission types
Full Disk Access, Downloads, Desktop, Documents, Camera, Microphone, Screen Recording, Automation, Contacts, Location, and more. Every one, decoded.
05
Search and filter
Search by app name or path. Filter by permission type, allowed/denied status, or database source. Find anything in seconds.
06
Timeline view
See when permissions were granted over time. Spot bursts of activity from app updates or new installs at a glance.

Three seconds to insight

Install with Homebrew. Run one command. Your browser opens with every permission your Mac has ever tracked — searchable, sortable, explained. No account, no config, no data sent anywhere.

$brew install ideabrian/tap/tcc-viewer
🍺 /opt/homebrew/Cellar/tcc-viewer/1.0.0

$tcc-viewer

tcc-viewer
Reading privacy databases...

Found 364 entries
Serving at http://localhost:3847

Press Ctrl+C to stop

Privacy-first by design

A privacy tool should respect your privacy. tcc-viewer is fully local, fully open source, and fully transparent.

No network requests

Zero. The web UI runs on localhost. Your permission data never touches a server, an API, or a third-party service.

Open source

Every line of code is on GitHub. Read it, fork it, audit it. The compiled binary is built from the same public source.

Read-only

tcc-viewer only reads your permission databases. It never modifies, deletes, or writes to them. SQLite read-only mode, enforced in code.

See what your Mac sees

One command. Every permission. Local only.

$ brew install ideabrian/tap/tcc-viewer
View on GitHub Report an issue