Except the open-source ones, or sandboxed[1] ones without any auto-update functionality (not sure if this app has any).
[1] Loosely; I’d say not referencing any networking entrypoints or dlsym() also counts, as working around that would be very non-deniably malicious.
Perhaps this type of software could be either open-source with full code accessibility, or proprietary but from a highly trustworthy entity responsible for privacy both legally and reputationally. Currently, both approaches are missing.