Install for an individual

This guide covers direct install for individuals — e.g. a founder trying the product before rolling it out, a contractor not on the org’s MDM, or anyone on an unmanaged Mac. If your IT team manages your Mac via Jamf, Kandji, Intune, or similar, see Deploy via MDM instead — the experience there is zero-touch.

Requirements

macOS 13 (Ventura) or later. Earlier versions of macOS are not supported.
An InPolicy account on your organization’s tenant. If you don’t have one, ask your admin to invite you, or see Sign in.

Install

Download the latest InPolicy.pkg from the release your admin pointed you to (typically GitHub Releases or a direct link).
Double-click the .pkg to open the installer.
Follow the prompts. The installer requires an admin password because it installs to /Applications and registers a login item.
After install, InPolicy launches automatically. You’ll see a shield icon (⎙) appear in your menu bar.

Grant Accessibility permission

InPolicy needs Accessibility access to read the text in focused fields across apps. This is the same permission that password managers, text expanders, and translation tools use.

On first launch, macOS will show a dialog or the InPolicy menu will say “Accessibility permission required.”
Click Open System Settings, or navigate manually: System Settings → Privacy & Security → Accessibility.
Find InPolicy in the list. Toggle it on.
Return to InPolicy. The shield icon in the menu bar should now show a green checkmark, indicating it’s running.

Nothing else is requested. InPolicy does not ask for:

Full Disk Access
Screen Recording
Camera, Microphone, or Location
Automation (AppleEvents)

If you see a prompt for any of those, something is wrong — screenshot it and contact support.

Managed-Mac users sign in automatically via device tokens pushed from MDM. For individual install, the sign-in flow uses a URL-scheme callback:

Click the InPolicy shield in your menu bar → Sign in…
Your default browser opens to https://app.inpolicy.ai/signin?from=desktop.
Sign in using your SSO or email/password.
The web app finishes auth and redirects you to a inpolicy://auth/callback?... URL, which macOS hands to the InPolicy app.
The app stores your refresh token in the macOS Keychain and shows you as signed in.

If your browser asks “Open InPolicy?” after signing in, click Open or Always allow.

Verify

Open TextEdit (or Notes, or Mail), create a new document, and type a sentence that should trigger a policy your team has published.

Within about half a second you should see a floating overlay appear near the field with the policy card. If nothing happens:

Check the menu bar icon — a slashed shield means the app isn’t provisioned or Accessibility isn’t granted.
Check you’re signed in — the menu’s status line will say either “Detecting as [you@yourdomain]” or ”⚠ Sign in required.”
See FAQ for more troubleshooting.

Updates

InPolicy uses Sparkle for auto-updates. The app checks for a new version every 24 hours and, when one is available, downloads it in the background and prompts you on next launch.

You can also force a check:

Click the menu bar icon.
Choose Check for Updates…

Updates are cryptographically verified (EdDSA signatures). Only builds signed by InPolicy’s private key will install.

Uninstall

Click the menu bar icon → Quit.
Drag /Applications/InPolicy.app to the Trash.
(Optional) Remove your stored tokens from the Keychain by running:
Terminal window
```
security delete-generic-password -s "ai.inpolicy.desktop" 2>/dev/null
```
If this errors, nothing was stored — that’s fine.
(Optional) Remove the login item: System Settings → General → Login Items → find InPolicy under Open at Login → click minus.

Your InPolicy account on the web app is unaffected.

What the Mac app does — ongoing behavior after install
Deploy via MDM — for IT-managed fleets