The quiet way to catch sensitive data before it becomes a problem.

OysterCatcher scans your Mac locally for secrets and personal information. No cloud. No complexity. Just peace of mind.

Join the waitlistSee what it finds
OysterCatcher
Last scan: Just now4 findings
AWS Access Keycritical

~/Projects/api/.env.backup

SSH Private Keyhigh

~/Downloads/deployment-key.pem

Credit Card Numberhigh

~/Documents/expenses-2024.csv

GCP Service Keymedium

~/old-projects/config.json

Scanning ~/Documents, ~/Downloads, ~/Projects
Protected

Runs entirely on your Mac

Your data never leaves your machine

No data upload required

Zero cloud dependencies by design

Designed for macOS from day one

Native, fast, and feels right at home

Sensitive data has a way of sticking around

Not because of bad intent. Because life moves fast.

The everyday accumulation

CSV exports with customer emails. Old .env files with API keys. SSH keys in Downloads. They pile up in the folders you use most—and forget to clean.

The compliance blind spot

GDPR risk often comes from accidental retention, not bad actors. A forgotten spreadsheet with dates of birth. A log file with credit card numbers. Easy to overlook. Hard to explain.

The supply-chain threat

Infostealer malware knows exactly where to look: Downloads, Desktop, repos. They scan for secrets the same way you would—except they do it in seconds.

The cleanup gap

You know you should review old files. But when? Sensitive data lives in your filesystem until you decide to look. OysterCatcher looks for you.

What OysterCatcher finds

Two categories of sensitive data. One unified approach.

Secrets

AWS Access Keys

Active credentials that could grant access to your entire cloud infrastructure.

Why it matters: A single leaked key can lead to compromised databases, unauthorized charges, or data exfiltration.

How we help: OysterCatcher identifies key patterns and lets you revoke or rotate with confidence.

GCP Service Account Keys

JSON key files for Google Cloud Platform service accounts.

Why it matters: Service accounts often have broad permissions. A leaked key is an open door.

How we help: Detects JSON structure and validates against known GCP patterns.

SSH Private Keys

RSA, ECDSA, and Ed25519 private keys used for server access.

Why it matters: SSH keys provide direct shell access. Unprotected keys are high-value targets.

How we help: Finds keys in any directory, not just ~/.ssh.

NPM Tokens

Authentication tokens for publishing packages to npm.

Why it matters: Compromised tokens enable supply-chain attacks affecting downstream users.

How we help: Identifies tokens in .npmrc files and environment variables.

Personal Information

Credit Card Numbers

Valid card numbers with Luhn checksum verification.

Why it matters: PCI DSS requires strict handling. Accidental retention creates compliance liability.

How we help: Validates format and checksum to reduce false positives.

Dates of Birth

Birthdates in common formats within CSV and text files.

Why it matters: Combined with names or emails, DOB enables identity theft and violates GDPR.

How we help: Context-aware detection that understands file structure.

Coming soon: Passport numbers, national ID numbers, and custom patterns. We are building detection for the data that matters most to you.

How it works

Three steps. Complete control. No complexity.

01

Scan

Point OysterCatcher at your folders. It analyzes files locally, looking for secrets and PII using pattern matching and validation.

CRIT
HIGH
MED
02

Review

See what was found, organized by severity and type. Each finding shows the file path, a preview, and why it matters.

03

Clean up

Take action on each finding. Ignore false positives, move files to Trash, or set reminders to handle them later.

Your choices, your control

Ignore safely

Mark false positives. They won't appear in future scans.

Move to Trash

Delete with confidence. macOS Trash gives you a safety net.

Remind me later

Not ready to decide? Set a reminder and revisit.

Privacy by design

Your data stays yours

We built OysterCatcher to protect your privacy, not compromise it.

Scans run locally

All analysis happens on your Mac. Your files are never uploaded, streamed, or shared.

No cloud upload by default

OysterCatcher works completely offline. Internet access is never required.

Optional online validation

For tokens that can be verified (like AWS keys), you can enable live validation. Off by default.

Supports GDPR principles

Helps you practice data minimisation by identifying personal data you may have forgotten.

Built to reduce risk

We do not collect your data. We help you find and manage it. That is the entire product.

Coming soon

OysterCatcher is in development. Join the waitlist to be notified when it is ready.

No spam. One email when it is ready.