SnipTray logo

The Clipboard Manager Privacy Checklist

A printable, ten-point checklist for evaluating any clipboard manager before you install it — covering data path, encryption, analytics, defaults, and what to confirm in the App Store listing.

7 min read · by SnipTray Team

A clipboard manager sees everything you copy. That includes passwords (briefly), drafts of sensitive messages, customer details, internal links, and the occasional API token that should never have been on the clipboard in the first place. The standard for what makes one trustworthy should be high — and a one-page checklist makes the evaluation tractable.

This is that checklist. Ten yes/no questions to ask before installing any clipboard manager. Apply it to SnipTray, to its competitors, to anything else you are considering. If you cannot get a clear answer on more than two of these, install something else.

For the deeper safety case, see Are clipboard managers safe?, How clipboard managers handle passwords, and iCloud security, explained.

The 10-point clipboard manager privacy checklist

Print it. Tape it to your monitor. Use it for every clipboard manager you ever evaluate.

1. Does it auto-detect and exclude passwords?

The bare-minimum protection. A well-designed clipboard manager recognizes password-shaped content (mixed case + digits + symbols, generated-password length) and does not record it. SnipTray does this by default; many alternatives require manual configuration.

How to verify: copy a password from your password manager. Open the clipboard manager’s history. The password should not be there.

2. Does it auto-detect and exclude 2FA codes?

Six-digit TOTP codes look like nothing else. A clipboard manager that does not skip them is recording your authentication codes in a searchable database. Hard pass.

How to verify: copy a TOTP code from Authy / Google Authenticator / your password manager. Check the history.

3. Does it auto-detect and exclude credit-card numbers?

Credit-card numbers pass the Luhn checksum — a simple mathematical check that any clipboard manager can run on every clip. If the clip passes the Luhn check and matches credit-card length, skip it. SnipTray does; not every alternative does.

How to verify: copy a known card number (your own, for testing) and check the history.

4. Does it ship with an app exclusion list pre-populated?

Even with auto-detection, the strongest defense is a pre-populated app exclusion list — apps from which nothing copied is ever recorded, regardless of content. Look for: 1Password, Bitwarden, KeePassXC, Apple Passwords, Authy, your bank’s app.

How to verify: check the clipboard manager’s privacy or exclusion settings. Are these apps listed by default, or do you have to add them yourself?

5. Does it honor org.nspasteboard.ConcealedType?

This is the community-driven convention password managers use to mark clipboard items as “do not record”. A clipboard manager that respects this flag will skip anything marked, regardless of content shape or source app.

How to verify: harder to test directly. Check the clipboard manager’s docs or privacy page. SnipTray honors this flag explicitly.

6. Where does sync data live?

Three patterns:

  • Local-only (no sync) — safest if you only use one device.
  • Private iCloud (CloudKit) container — end-to-end encrypted, vendor cannot read. Best for cross-device sync.
  • Third-party cloud (vendor’s servers) — vendor can technically decrypt. Different trust model.

For clipboard data specifically, prefer the first two. See Clipboard managers with iCloud sync, compared.

How to verify: read the privacy policy and / or docs. “Syncs through iCloud” is a strong sign; “syncs through our cloud” is the lower-trust option.

7. Does it phone home with analytics?

A clipboard manager has no business sending usage data anywhere. Zero analytics, zero telemetry, zero “diagnostic” beacons. Look for explicit “no analytics” or “no telemetry” language.

How to verify: read the privacy policy. Run Little Snitch or LuLu for a day and see what network connections the clipboard manager makes. A well-designed one makes connections only to iCloud (for sync) and to the App Store / vendor (for updates) — nothing else.

8. Is it native, or Electron?

Electron means a Chromium engine running all day, with the security surface area of a full browser. For an app that handles sensitive content, native is the right choice. SnipTray is 100% Swift / SwiftUI; some less-prominent clipboard managers are Electron wrappers.

How to verify: check the app’s resource use. Native apps idle under 30 MB RAM and near-zero CPU. Electron apps idle at 100–300 MB and 1–5% CPU.

9. Is the vendor identifiable?

Real company, real privacy policy, real contact email, identifiable people behind it. Anonymous closed-source apps that handle sensitive data are a hard pass. Anonymous open-source apps you can audit are a different conversation (see Maccy vs SnipTray for that discussion).

How to verify: look at the App Store listing’s developer name, the website’s About / Contact page, the privacy policy’s data controller field.

10. Does it offer auto-clear of history?

Even with the strongest defenses, anything that does get recorded sits in your history until you find it. Auto-clear (1 hour / 1 day / 1 week / never) is defense in depth. Look for it in privacy or storage settings.

How to verify: check the settings. SnipTray ships auto-clear as a one-toggle option.

How SnipTray scores against the checklist

For transparency, here is how SnipTray answers each item:

#CheckSnipTray
1Auto-detect passwordsYes (default on)
2Auto-detect 2FA codesYes (default on)
3Auto-detect credit cards (Luhn)Yes (default on)
4Pre-populated app exclusion listYes (1Password, Bitwarden, KeePassXC, Apple Passwords, Authy)
5Honors org.nspasteboard.ConcealedTypeYes
6Sync via private CloudKit containerYes (Pro)
7Zero analytics / telemetryYes
8Native (no Electron)Yes (Swift / SwiftUI)
9Identifiable vendorYes (privacy policy, hello@sniptray.com)
10Auto-clear optionYes (1h / 1d / 1w / never)

10/10. Most major alternatives score 4–7 by default, with the rest requiring manual configuration.

How to apply this to your existing setup

If you already have a clipboard manager installed:

  1. Run the checklist against it. Score honestly.
  2. For any failed item that has a setting, change the setting (e.g., add 1Password to the exclusion list).
  3. For any failed item that does not have a setting (e.g., the app phones home), consider switching apps.
  4. Clear your existing history before changing anything else, to drop anything sensitive that snuck in under the old defaults. See How to clear clipboard on Mac, iPhone, and iPad.

Frequently asked questions

What if I do not handle anything sensitive on my Mac?

Then this checklist is less critical for you. But “I do not handle anything sensitive” usually means “I do not think I handle anything sensitive” — almost everyone copies a password, a credit card, or a private message occasionally. The defaults matter even for casual users.

Is open-source automatically safer?

Auditable code is genuinely valuable — but strong defaults matter more than auditability for most users. Maccy is open-source and has fewer defaults turned on than SnipTray. Choose based on the checklist, not the license. See Maccy vs SnipTray.

What about Raycast’s clipboard, Alfred’s, Pastebot’s, Paste’s?

All have their own posture against this checklist. We have written comparisons of each: Raycast clipboard vs SnipTray, Alfred clipboard vs SnipTray, Pastebot vs SnipTray, Paste vs SnipTray. Generally: SnipTray has the strongest defaults; the others vary.

What about clipboard managers on Windows or Linux?

This checklist applies cross-platform — auto-detection, app exclusion, sync trust model, analytics, native vs not. Windows and Linux are out of SnipTray’s scope (Apple-only), but the same questions are worth asking of any clipboard tool.

Should I trust apps that pass this checklist completely?

Strong defaults are necessary, not sufficient. Combine with: a strong device passcode, FileVault, Touch ID / Face ID, and Advanced Data Protection on iCloud. Privacy is layered. See iCloud security, explained.

What about iOS clipboard managers?

iOS has a stricter system-level model — apps cannot poll the clipboard in the background. The same checklist applies, but with the iOS-specific question of “how does the app capture in a model that does not allow background polling?” See Best clipboard manager for iPhone in 2026 and What apps can read your clipboard on iOS.

The bottom line

Ten checks. Most major clipboard managers fail two or three by default. SnipTray was designed to pass all ten without any user configuration — which is the right baseline for an app that handles your most sensitive content all day.

Try SnipTray free and the checklist is already satisfied out of the box.

Try SnipTray for free

The smart clipboard manager for Mac, iPhone, and iPad. Free forever for one Mac. Pro from $2.99/mo or $24.99/year.

All posts →