Your questions is rather general. But a try: "What’s the best Postman alternative if privacy is a concern — Postmate Client vs. Thunder Client?"

- Always use a local client (100%) that you fully control. - Be aware tat many providers have advanced finger printing techniques. So reaching out to a remote API is always a severe privacy risks! At least when you make an API call from you 'own' computer/home/work to an API-service. - Most 'tools' for making API tools use telemetry. If you use a tool within a IDE that uses Telemetry you could be harmed twice. (E.g. VSCode with Thunder Client)

It depends on what you mean by "privacy."There are at least three separate concerns: Does the client send telemetry? Does it sync your collections or API definitions to a cloud service? Do your API requests transit through a third-party server, or are they sent directly from your machine?

Those matter much more than whether the client is Postman, Thunder Client, or something else.

You can look into Bruno: https://www.usebruno.com

i fully trust openrouter zdr and distillable parameters, i said a lot of controversial things, and there no cop round up my doorsteps