Telemetry & privacy
What a self-hosted deployment reports, and how to turn it off.
Self-hosted deployments default to anonymous, first-party telemetry only: a daily version heartbeat with no user identity, code, or prompt content. Vendor telemetry such as Sentry never activates on a self-hosted install, and you can turn everything off with one variable.
Telemetry modes
The server has one telemetry mode setting, PROLIFERATE_TELEMETRY_MODE, with
three values:
| Mode | Who runs it | Behavior |
|---|---|---|
self_managed | Self-hosted deployments (the template default) | Anonymous first-party telemetry only. |
local_dev | Developers running from source | Same posture as self_managed. |
hosted_product | Proliferate's own cloud, and only that | The only mode where vendor telemetry (Sentry, product analytics) activates. |
The deploy bundle ships with PROLIFERATE_TELEMETRY_MODE=self_managed
already set in .env.production.example.
What leaves your server
In self_managed mode, exactly one thing leaves your infrastructure: a daily
anonymous version heartbeat from the server. The full record is:
installUuidis a random UUID generated on your server and stored in your database. It identifies the install, not any person or company.- The fields above are the whole record. No account emails, organization names, repository names, code, file paths, or prompt content are ever sent.
- The heartbeat is POSTed to
PROLIFERATE_ANONYMOUS_TELEMETRY_ENDPOINT, which defaults tohttps://app.proliferate.com/api/v1/telemetry/anonymous.
What stays on your server
Desktop apps connected to your server send their own anonymous records to
your server, not to Proliferate. They land at POST /v1/telemetry/anonymous
on your API and are stored in your database:
VERSIONheartbeats: app version, platform, and architecture.ACTIVATIONmilestones: one-time flags such asfirst_launch,first_prompt_submitted,first_local_workspace_created,first_cloud_workspace_created,first_credential_synced,first_connector_installed, andfirst_bundled_agent_seed_hydrated.USAGEcounters: daily aggregates covering sessions started, prompts submitted, local and cloud workspaces created, credentials synced, and connectors installed. Counts only, no content.
These records give your instance admins the same anonymous shape of data, and they never leave your deployment.
Vendor telemetry
Vendor telemetry is gated to hosted_product in code, not by configuration
discipline:
- The server only initializes Sentry when the mode is
hosted_product. SettingSENTRY_DSNon aself_managedinstall does nothing. - The same gate applies to Sentry configuration injected into cloud sandboxes: self-managed deployments omit it.
- The official desktop app makes the same decision on its own: unless it is pointed at Proliferate's hosted product, it treats itself as self-managed and keeps vendor telemetry off.
Turning everything off
Server side, set one variable in .env.static and rerun ./bootstrap.sh:
With that set, the daily heartbeat stops and zero telemetry leaves your server.
Desktop users can also opt out per install by adding
"telemetryDisabled": true to ~/.proliferate/config.json. The file is read
once at startup, so restart the app to apply. See Connect the desktop
app.
Deployments in restricted networks can set
PROLIFERATE_ANONYMOUS_TELEMETRY_DISABLED=1 and run with no outbound
telemetry traffic at all.