MacSweep

Security & trust

MacSweep is built so you stay in control at every step — nothing moves without your confirmation, and every build is verified by Apple before it reaches you.

Apple-notarized & Developer ID signed

Every MacSweep release is submitted to Apple's notary service, which scans the binary for malicious code before issuing a notarization ticket. macOS Gatekeeper verifies that ticket on first launch, so the app cannot run if the signature has been tampered with after signing.

Signed by Apple Developer ID · Team ID FZUGD25X69 · Bundle ID com.macsweep.app

Local & private

MacSweep runs entirely on your Mac. Disk scans, cache analysis, and cleanup decisions happen on-device — no file paths, file contents, or scan results are sent to MacSweep servers. Product analytics are off by default and require explicit opt-in in the app; even then, only coarse usage events (action names, size buckets) are collected, never personal content.

Review-first cleanup

MacSweep never deletes anything without showing you what it found first, and every cleanup action requires your explicit confirmation — it does not silently run permanent cleanup. File cleanup moves selected files to the Trash where macOS supports it, so you can recover them. Some cleanup is permanent by nature: emptying the Trash and temp cleanup clear directory contents, and Docker cleanup uses Docker's own APIs. MacSweep tells you which is which before you confirm.

Verify the download yourself

If you want to confirm the app is exactly what Apple signed, you can verify it locally. Run these commands in Terminal after installing:

codesign --verify --strict --verbose=2 /Applications/MacSweep.app
spctl -a -vvv -t exec /Applications/MacSweep.app

To verify a downloaded DMG before opening it:

xcrun stapler validate MacSweep-*.dmg

Published SHA-256 checksums for every release are on the Releases page.

For IT & managed environments

MacSweep is distributed exclusively from macsweep.app — there is no other official distribution channel. Details for allowlisting and policy configuration: