Privacy & Telemetry

Your code never leaves your machine. Here's exactly what we collect, what we don't, and how to control it.

Core Principle

Evolution Engine is local-first. All analysis — git history, dependency graphs, CI data, pattern matching — runs entirely on your machine. No code, file contents, or repository data is ever transmitted anywhere.

Telemetry is opt-in only. It is disabled by default. EE asks once on your first evo analyze run, and "No" is the default — pressing Enter without typing anything means no data is collected.

What We Collect (when opted in)

If you choose to enable telemetry, here is the complete list of data points collected:

Data Point	Example Value	Why
Command name	`"analyze"`	Know which features are used
Adapter count	`4`	Understand typical setup complexity
Family list	`["git", "dependency"]`	Prioritize adapter development
Signal count	`12`	Measure analysis depth
Pattern count	`3`	Track pattern library effectiveness
Error type (if any)	`"FileNotFoundError"`	Fix bugs proactively
EE version	`"0.1.0"`	Understand version distribution
Anonymous ID	`"a1b2c3d4-..."`	Count unique users (random UUID, no PII)

Sample event payload

This is the exact JSON sent when you run evo analyze with telemetry enabled:

{
  "event": "analyze_complete",
  "properties": {
    "adapter_count": 4,
    "families": ["git", "dependency", "ci", "deployment"],
    "signal_count": 12,
    "pattern_count": 3
  },
  "anon_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "version": "0.1.0"
}

What We NEVER Collect

These items are never collected regardless of your telemetry setting:

Data	Collected?
Source code or file contents	Never
File paths or directory names	Never
Repository names or URLs	Never
Git commit messages or hashes	Never
Usernames, emails, or real names	Never
IP addresses (not logged server-side)	Never
Advisory content or signal values	Never
Dependency names or versions	Never
Error stack traces	Never

How to Control Telemetry

Check current status

evo telemetry status

Enable

evo telemetry on

Disable

evo telemetry off

Or use the config directly

evo config set telemetry.enabled false

Environment variable override

Set the standard DO_NOT_TRACK=1 environment variable to disable telemetry globally, overriding any config setting. This is respected even if telemetry is enabled in config.

export DO_NOT_TRACK=1

Where Telemetry Data Goes

Events are sent to https://codequal.dev/api/telemetry, a Vercel serverless function that:

Validates the event structure (rejects malformed or oversized payloads)
Logs it as structured JSON to Vercel's built-in log viewer
Returns a success response

There is no database. Events are stored as log entries in Vercel's infrastructure. We use them to understand usage patterns, prioritize features, and detect common errors. That's it.

Rate limiting

The telemetry endpoint accepts a maximum of 100 events per hour per anonymous ID. The CLI client has a 2-second timeout — if the request doesn't complete in time, it's silently dropped. Telemetry never blocks or slows down your workflow.

Verify It Yourself

The telemetry implementation is in the EE source code:

evolution/telemetry.py — Client-side: what data is collected and how it's sent
website/api/telemetry.py — Server-side: what happens when data is received

Both files are short and readable. You can inspect exactly what is sent before enabling telemetry.

Payment & License Data

If you purchase Evolution Engine Pro:

Payment is handled entirely by Stripe. We never see or store your credit card number.
Your license key is generated server-side and stored in your Stripe customer metadata.
The license key is an HMAC-signed token containing only: tier ("pro"), a truncated cryptographic hash of your email (irreversible), and issue date. It is validated locally by the CLI — no server call needed to check your license.
You can retrieve your license key anytime from the Stripe billing portal or by contacting info@codequal.dev.

Contact

Questions about privacy or data handling? Email info@codequal.dev.