Telemetry & privacy

What a self-hosted deployment reports, and how to turn it off.

Self-hosted deployments default to anonymous, first-party telemetry only: a daily version heartbeat with no user identity, code, or prompt content. Vendor telemetry such as Sentry never activates on a self-hosted install, and you can turn everything off with one variable.

Telemetry modes

The server has one telemetry mode setting, PROLIFERATE_TELEMETRY_MODE, with three values:

ModeWho runs itBehavior
self_managedSelf-hosted deployments (the template default)Anonymous first-party telemetry only.
local_devDevelopers running from sourceSame posture as self_managed.
hosted_productProliferate's own cloud, and only thatThe only mode where vendor telemetry (Sentry, product analytics) activates.

The deploy bundle ships with PROLIFERATE_TELEMETRY_MODE=self_managed already set in .env.production.example.

What leaves your server

In self_managed mode, exactly one thing leaves your infrastructure: a daily anonymous version heartbeat from the server. The full record is:

{
  "installUuid": "1c9a4a7e-...",
  "surface": "server",
  "telemetryMode": "self_managed",
  "recordType": "VERSION",
  "payload": {
    "appVersion": "0.3.0",
    "platform": "linux",
    "arch": "x86_64"
  }
}
  • installUuid is a random UUID generated on your server and stored in your database. It identifies the install, not any person or company.
  • The fields above are the whole record. No account emails, organization names, repository names, code, file paths, or prompt content are ever sent.
  • The heartbeat is POSTed to PROLIFERATE_ANONYMOUS_TELEMETRY_ENDPOINT, which defaults to https://app.proliferate.com/api/v1/telemetry/anonymous.

What stays on your server

Desktop apps connected to your server send their own anonymous records to your server, not to Proliferate. They land at POST /v1/telemetry/anonymous on your API and are stored in your database:

  • VERSION heartbeats: app version, platform, and architecture.
  • ACTIVATION milestones: one-time flags such as first_launch, first_prompt_submitted, first_local_workspace_created, first_cloud_workspace_created, first_credential_synced, first_connector_installed, and first_bundled_agent_seed_hydrated.
  • USAGE counters: daily aggregates covering sessions started, prompts submitted, local and cloud workspaces created, credentials synced, and connectors installed. Counts only, no content.

These records give your instance admins the same anonymous shape of data, and they never leave your deployment.

Vendor telemetry

Vendor telemetry is gated to hosted_product in code, not by configuration discipline:

  • The server only initializes Sentry when the mode is hosted_product. Setting SENTRY_DSN on a self_managed install does nothing.
  • The same gate applies to Sentry configuration injected into cloud sandboxes: self-managed deployments omit it.
  • The official desktop app makes the same decision on its own: unless it is pointed at Proliferate's hosted product, it treats itself as self-managed and keeps vendor telemetry off.

Turning everything off

Server side, set one variable in .env.static and rerun ./bootstrap.sh:

PROLIFERATE_ANONYMOUS_TELEMETRY_DISABLED=1

With that set, the daily heartbeat stops and zero telemetry leaves your server.

Desktop users can also opt out per install by adding "telemetryDisabled": true to ~/.proliferate/config.json. The file is read once at startup, so restart the app to apply. See Connect the desktop app.

Info:

Deployments in restricted networks can set PROLIFERATE_ANONYMOUS_TELEMETRY_DISABLED=1 and run with no outbound telemetry traffic at all.

On this page