Privacy Policy

Onyx Launcher — Minecraft Launcher for macOS

Effective Date: June 3, 2026

Last Revised: June 3, 2026

1. INTRODUCTION AND GENERAL PROVISIONS

Welcome to Onyx Launcher (hereinafter referred to as the "Launcher", "Application", "Onyx", "we", "our", "us"). This Privacy Policy (hereinafter referred to as the "Policy") explains in detail what information we collect during your use of the Launcher, for what purpose, how we store and protect it, and whether we transfer it to third parties. We have written this Policy in the simplest and most understandable language possible, without unnecessary legal jargon, so that you truly understand what happens to your data.

Onyx Launcher is a desktop application for the macOS operating system designed to launch, configure, and manage the game Minecraft: Java Edition. The Launcher allows you to create game profiles (instances), install mod loaders (Fabric, Quilt, Forge, NeoForge), search for and download modifications, resource packs, and shaders, manage Microsoft accounts and offline accounts, and configure game launch settings.

By using Onyx Launcher, you confirm that you have read this Policy and agree to the described conditions of data processing. If you do not agree with any of the points, please stop using the Launcher.

Onyx Launcher is not an official product of Mojang Studios or Microsoft Corporation. Minecraft is a registered trademark of Mojang Studios.

2. DATA PROCESSING PRINCIPLES

We adhere to the following principles when working with your information:

Data Minimization. We collect only the information that is technically necessary for the operation of a specific Launcher function. We do not collect unnecessary data "just in case".
Local Storage by Default. The absolute majority of your data (settings, game files, accounts, instance configuration) is stored exclusively on your computer and never leaves it.
Transparency. Every case of transferring any information to external servers is described in this Policy with an explanation of the reason and scope.
User Control. Where possible, we provide you with the ability to disable the collection of certain data (e.g., analytics) through the Launcher settings.

3. WHAT DATA WE COLLECT AND PROCESS

Below is a complete list of all categories of data that the Launcher interacts with in one way or another.

3.1. MICROSOFT AUTHORIZATION (XBOX LIVE / MINECRAFT)

Why is it needed:
To play Minecraft on licensed (online) servers, an official Microsoft account with a purchased Minecraft: Java Edition license is required. The Launcher uses the official Microsoft OAuth 2.0 protocol (Authorization Code Flow) to verify your license.

How the authorization process works:

You click the "Log in with Microsoft" button in the Launcher.
The official Microsoft login page (login.live.com) opens in the built-in or system browser. You enter your username and password directly on the Microsoft website.
The Launcher NEVER receives, sees, or stores your password for the Microsoft account. It works exclusively with temporary digital tokens.
After a successful login, Microsoft issues a temporary authorization code to the Launcher.
The Launcher exchanges this code for a set of access tokens through a chain of official Microsoft services: Microsoft OAuth → Xbox Live Authentication (user.auth.xboxlive.com) → XSTS Authorization (xsts.auth.xboxlive.com) → Minecraft Services (api.minecraftservices.com).
Upon completion of this chain, the Launcher receives: a Minecraft access token (Access Token), a Microsoft refresh token (Refresh Token), your Minecraft username and UUID (unique player identifier in the Mojang system), as well as the Xbox user hash (User Hash / XUID).

What is stored locally:

Minecraft Access Token — used to launch the game and connect to servers. Has a limited lifespan (usually 24 hours).
Microsoft Refresh Token — allows the Access Token to be updated automatically without re-entering the password. Stored until the account is deleted from the Launcher or until access is revoked in your Microsoft account.
Your Minecraft username.
Your Minecraft UUID.
XUID (Xbox User ID Hash).
Date the account was added.

How tokens are stored:
Access and refresh tokens are stored in the secure macOS system storage — Keychain. This is an Apple system component specifically designed for the secure storage of passwords, certificates, and tokens. Data in Keychain is encrypted at the hardware level and protected by your macOS password. No other application on your computer can access these tokens without your explicit permission. Public account data (username, UUID, account type, date added) is stored in a JSON file in the Launcher's data directory on your drive.

Important:

We do not have our own authorization server. All data exchange occurs directly between your computer and the official Microsoft and Mojang servers.
We do not store your password, email, or other personal data of your Microsoft account.
You can revoke the Launcher's access to your Microsoft account at any time by going to the page https://account.live.com/consent/Manage and removing permission for the application.

3.2. OFFLINE ACCOUNTS

The Launcher supports so-called "offline accounts" that allow you to play Minecraft without a license (on servers that support this). When creating an offline account, you simply enter your desired username (from 3 to 16 characters).

What is stored:

The username you entered.
An automatically generated UUID (using a standard MD5 algorithm compatible with offline servers).
Data is stored exclusively locally in the Launcher configuration file on your drive.
For offline accounts, no requests to external authorization servers take place.

3.3. PLAYER AVATAR (DOWNLOADING SKIN HEAD)

To display the avatar (skin head) of your licensed account in the Launcher interface, we request the third-party public service mc-heads.net.

How it works:

The Launcher sends a request to mc-heads.net with your Minecraft UUID (without dashes) to retrieve the skin head image.
The received image is cached (stored) locally on your drive to avoid downloading it every time.

What data is transmitted:

Your Minecraft account UUID (this is public information, available to anyone through the official Mojang API).
Standard technical information of the HTTP request (IP address, browser User-Agent).

We do not control the mc-heads.net service and are not responsible for its privacy policy. This service is public and widely used in the Minecraft ecosystem.

3.4. MODIFICATION SEARCH & DOWNLOAD (MODRINTH & CURSEFORGE)

The Launcher features a built-in browser for modifications, resource packs, and shaders supporting two of the largest platforms: Modrinth (modrinth.com) and CurseForge (curseforge.com).

What data is transmitted when searching and downloading:

Search query (text you type in the search bar).
Minecraft version for which mods are searched.
Mod loader type (Fabric, Forge, Quilt, NeoForge).
Content category (mod, resource pack, shader).
Technical information of the HTTP request (IP address, User-Agent).

What data is NOT transmitted:

Your Minecraft username or UUID.
Your Microsoft account credentials.
Information about other installed mods or Launcher settings.
Any other personal information.

Downloaded mods are stored exclusively locally, in the folder of the corresponding instance on your drive.

Modrinth and CurseForge are independent platforms and operate under their own Terms of Use and Privacy Policies. We recommend reviewing them separately on the official websites of these services.

3.5. AUTOMATIC UPDATES (SPARKLE FRAMEWORK)

To keep the Launcher up-to-date and fix bugs and security vulnerabilities in a timely manner, Onyx uses the open-source Sparkle update framework (https://sparkle-project.org/), which is an industry standard for macOS applications.

How the update check works:

The Launcher periodically (or at the user's request) downloads an XML file (appcast.xml) from our repository on GitHub. This file contains information about the latest available version of the Launcher, a description of changes, and a link to the update file.
URL of the appcast file: https://raw.githubusercontent.com/deeppacketdev-hub/onyx-launcher/main/appcast.xml

What data is transmitted during the update check:

Current Launcher version (e.g., 1.1.5).
Current build number (e.g., 18).
Your macOS operating system version.
System language (for potentially displaying localized release notes).
IP address (necessary for the network connection itself, but we DO NOT store or analyze IP addresses on the server side; the appcast file is hosted on GitHub servers, so the IP address is processed in accordance with GitHub's Privacy Policy).

What data is NOT transmitted:

Minecraft username or UUID.
Microsoft account credentials.
List of installed mods or instances.
Any other Launcher configuration data.

You can reject or postpone the installation of any update.

3.6. ANONYMOUS ANALYTICS (TELEMETRYDECK)

To improve the quality of the Launcher and understand how users interact with it, we collect limited anonymous usage statistics using the TelemetryDeck service (https://telemetrydeck.com/).

TelemetryDeck is a European analytics service specifically designed with privacy in mind. It complies with the requirements of the General Data Protection Regulation (GDPR) of the European Union and does not collect any personal identifiers.

What signals (events) we send:

"appLaunched" — Launcher startup event. Sent once when the program starts. Contains no additional parameters.
"gameLaunched" — Minecraft launch event. Contains only two parameters: Minecraft version (e.g., "1.21.5") and mod loader name (e.g., "Fabric" or "None").

What TelemetryDeck collects automatically (standard SDK metadata):

General device information (CPU type — Apple Silicon or Intel, macOS version). This information is aggregated and does not allow identifying a specific computer.
Launcher version.
System language.
Region (country) determined by system language settings (not by IP address).

What TelemetryDeck does NOT collect:

User IP addresses (TelemetryDeck does not log IP addresses on principle).
Usernames, emails, nicknames, or UUIDs.
Device serial numbers or other hardware identifiers.
Advertising identifiers (IDFA/IDFV).
Any data that allows identifying a specific individual.

How to disable analytics:
You can completely disable analytics collection in the Launcher settings. To do this, go to Settings → General and disable the "Telemetry" (or "Analytics") toggle. Once disabled, no data will be sent to TelemetryDeck. This setting is saved and persists after restarting the application.

3.7. DISCORD RICH PRESENCE (DISCORD STATUS)

The Launcher features Discord integration to display your game activity in your Discord profile ("Rich Presence").

How it works:

If the Discord client is running on your computer, the Launcher connects to it via a local IPC socket (inter-process communication on your computer). Data is NOT transmitted over the internet — only between two applications on your device.
Through this channel, the Launcher notifies Discord of the following information: instance name, Minecraft version, mod loader name, and game session start time.

What data is transmitted:

Data is transmitted exclusively locally, between the Launcher and the Discord client on your computer.
The display of this data in your Discord profile depends on Discord's own privacy settings.

How to disable:
You can disable this feature in the Launcher settings. Also, if Discord is not running on your computer, no connection takes place.

3.8. DOWNLOADING GAME FILES

For Minecraft to run, the Launcher downloads necessary files from official Mojang servers and related resources:

Minecraft client files (JAR) — from Mojang servers (piston-meta.mojang.com, piston-data.mojang.com, launchermeta.mojang.com).
Java Libraries — from Mojang servers (libraries.minecraft.net) and mod developers' servers (maven.fabricmc.net, maven.quiltmc.org, maven.minecraftforge.net, maven.neoforged.net).
Game resources (textures, sounds) — from Mojang CDN (resources.download.minecraft.net).
Java Runtime Environment (JRE/JDK) — from Adoptium servers (api.adoptium.net) for automatic Java installation if it is missing on your computer. When downloading Java, the Launcher detects your processor architecture (Apple Silicon or Intel) to download the correct version.

During each such download, external servers receive your IP address (as with any HTTP request), but we do not control these servers and are not responsible for their IP address handling. All downloaded files are stored locally in the Launcher's cache directory on your drive.

3.9. LOCALLY STORED DATA (ON YOUR COMPUTER)

Below is a complete list of data that the Launcher stores on your drive. This data is never sent to our servers.

Launcher Configuration:

Global settings (interface language, color theme, path to Java, default allocated RAM, autostart settings, Launcher close actions after game launch, telemetry settings, Discord Rich Presence settings).
Instance list (name, Minecraft version, selected mod loader and its version, allocated memory, additional JVM arguments, game window size, server autoconnect settings, last session time, and total playtime).
Account list (type, username, UUID, date added; tokens separately in Keychain).

Game Files:

Downloaded Minecraft versions.
Java libraries.
Native libraries (.dylib).
Game resources (textures, sounds).
Installed Java Environment (JRE).
Mods, resource packs, shaders (downloaded via the built-in browser or added manually).
Game worlds, screenshots, and other files created by the game Minecraft itself.

Skin Files:

Downloaded and cached skin files (head image, body image, skin texture).

3.10. GAME LAUNCH LOGS

During the launch and operation of Minecraft, the Launcher displays a technical log in the console, which includes:

Game launch parameters (path to Java, Minecraft version, JVM arguments).
Standard output/error stream of the game (stdout/stderr).
Errors and warnings from mods and the game itself.

Important:

These logs are displayed ONLY in the Launcher interface and exist ONLY in RAM. The Launcher DOES NOT write these logs to a file on your disk.
The game Minecraft itself may create its own log files (latest.log, crash-reports) in the instance folder. This is standard Minecraft behavior, and the Launcher does not control this process.
Logs may contain your macOS system username as part of file paths (e.g., /Users/your_username/...). If you share logs with someone for troubleshooting, we recommend checking them for this information.
Minecraft access tokens are masked in the Launcher logs with asterisks (********) and are not displayed in plain text.

4. DATA TRANSFER TO THIRD PARTIES

We do not sell, rent, trade, or distribute your personal data to third parties for marketing, advertising, or any other commercial purposes.

Data transfer occurs exclusively within the framework of technically necessary interaction with external services described in Section 3 of this Policy. Here is a complete list of third-party services the Launcher may interact with:

Service / Company	Data Transmitted	Purpose
Microsoft (`login.live.com`)	OAuth authorization code	Minecraft account login
Xbox Live (Microsoft)	Microsoft token	Authorization stage
Minecraft Services (Mojang)	Xbox/XSTS tokens	Retrieving Minecraft token and profile
`mc-heads.net`	Minecraft UUID	Downloading skin avatar
Modrinth (`modrinth.com`)	Search queries, game version	Mod search and download
CurseForge (`curseforge.com`)	Search queries, game version	Mod search and download
GitHub (`raw.githubusercontent.com`)	Launcher version, macOS version	Check and download updates
TelemetryDeck	Anonymous usage signals	Analytics (disabled in settings)
Adoptium (`api.adoptium.net`)	Processor architecture, OS version	Downloading the correct Java version
Mojang CDN	Standard HTTP request	Downloading game files
Discord (local IPC)	Instance name, game version	Rich Presence status (can be disabled)

5. DATA PROTECTION

We take reasonable measures to protect your information:

HTTPS Encryption. All network requests made by the Launcher are carried out exclusively via the secure HTTPS protocol with TLS encryption. This applies to all communications: Microsoft authorization, requests to Modrinth/CurseForge APIs, update downloads, TelemetryDeck analytics, and downloading game files.
Secure Token Storage. Sensitive data (authorization tokens) are stored in the macOS Keychain — a system storage protected by hardware encryption. Tokens are marked with the kSecAttrAccessibleWhenUnlocked attribute, meaning they are only accessible when your Mac is unlocked and inaccessible when the screen is locked or in sleep mode.
Hardened Runtime. The Launcher is built with Hardened Runtime enabled — a special macOS security mode that restricts application capabilities (disallows loading third-party libraries, memory modification by other processes, etc.).
Code Signing. The Launcher binary is signed with a digital signature and time stamp, which guarantees code integrity and allows macOS to verify that the file has not been modified since compilation.
Token Masking in Logs. When game startup parameters are displayed in the Launcher console, access tokens are automatically replaced with asterisks (********) to prevent accidental exposure.

6. DATA STORAGE AND DELETION

Retention Period:

Local data (settings, instances, accounts) is stored on your drive for as long as you use the Launcher.
Tokens in Keychain are stored until the corresponding account is deleted from the Launcher or until manually deleted via the 'Keychain Access' system utility.
Anonymous analytics data in TelemetryDeck is stored in accordance with TelemetryDeck's retention policy and cannot be linked to a specific user.

How to delete your data:

Account Deletion: You can delete any account through the Launcher interface. This automatically deletes: the account record from the configuration file, tokens from macOS Keychain, as well as cached skin files for this account.
Full Deletion: To completely delete all Launcher data, delete the application and its data directory (Application Support). This will delete all local settings, game file cache, and configuration.
Revoking Microsoft Access: Even after deleting the Launcher, we recommend revoking access in your Microsoft account on the page https://account.live.com/consent/Manage.

7. PRIVACY OF MINORS

Onyx Launcher is not intended for children under 13. We do not knowingly collect personal information from individuals under this age. If you are a parent or guardian and believe that your child has provided us with their personal data, please contact us, and we will take steps to delete such information.

Please note: during authorization through Microsoft, if the account belongs to a minor without appropriate parental consent in the Microsoft Family Safety system, authorization will be rejected with a corresponding message. This limitation is set by Microsoft, not by us.

8. YOUR RIGHTS

Depending on your place of residence, you may have the following rights regarding your data:

Right to Access: You can view all your data at any time since it is stored locally on your computer.
Right to Deletion: You can delete any of your data (accounts, instances, cache) through the Launcher interface or by deleting the files from your drive.
Right to Opt-Out of Analytics: You can disable TelemetryDeck anonymous analytics collection in the Launcher settings.
Right to Revoke Access: You can revoke the Launcher's access to your Microsoft account at any time.

Since we do not maintain a server-side database of users and do not collect identifying information, most of your data is already under your complete control.

9. OPEN SOURCE SOFTWARE

The Launcher uses the following third-party open-source libraries and components:

Sparkle (https://sparkle-project.org/) — automatic update framework for macOS. License: MIT.
TelemetryDeck Swift SDK (https://github.com/TelemetryDeck/SwiftSDK) — SDK for anonymous analytics. License: MIT.

Each of these libraries has its own privacy policy and terms of use, which we recommend reviewing separately.

10. CHANGES TO THIS PRIVACY POLICY

We reserve the right to update this Privacy Policy. Changes may occur due to the following reasons:

Adding new features to the Launcher that require data processing.
Changes in third-party services or libraries.
Changes in legal requirements in the field of personal data protection.
Clarifications or improvements of formulations.

In case of significant changes (e.g., adding new categories of data collection or new third parties), we will notify you through:

Release Notes in the Launcher.
Announcements on the official Launcher website.

The date of the last revision is always indicated at the beginning of this document. We recommend reviewing this Policy periodically.

11. CONTACT US

If you have any questions, comments, suggestions, or complaints regarding this Privacy Policy or the processing of your data, you can contact us:

Through our official repository on GitHub: https://github.com/deeppacketdev-hub/onyx-launcher
Through the contact information on the official Launcher website.

We make every effort to respond to your inquiries within a reasonable timeframe.