Skip to main content Skip to navigation Skip to footer

Telemetry Policy

Effective Date: February 1, 2026

1. Introduction

Rediacc software products collect anonymized usage telemetry to help us improve product quality, diagnose issues, and understand how our tools are used. This Telemetry Policy describes exactly what data is collected, why, how it is processed, and how you can opt out.

This policy covers four products: the Rediacc Web Application, the Rediacc CLI, the Rediacc Middleware, and the Rediacc Bridge (Renet). Website analytics (Plausible) are covered separately in our Privacy Policy and Cookie Policy.

2. Our Telemetry Principles

All telemetry collection at Rediacc follows these principles:

  • Privacy by design: Personal identifiers are anonymized before transmission. Email addresses are reduced to domain only, user IDs are hashed (SHA-256) and truncated, passwords and secrets are never collected.
  • Minimal collection: We collect only what is necessary to improve product quality and diagnose issues. We do not collect file contents, database contents, query results, or business data.
  • Transparency: This policy lists every category of data collected by each product. There are no hidden data flows.
  • User control: Every product provides a mechanism to disable telemetry entirely. Opt-out is respected immediately and completely.
  • Aggregation: Telemetry data is analyzed in aggregate. We do not build individual user profiles from telemetry.

4. Web Application Telemetry

The Rediacc Web Application uses OpenTelemetry-based distributed tracing. Telemetry is transmitted to https://www.rediacc.com/otlp. In production, only 10% of sessions are sampled.

4.1 Data Collected

The Web Application collects the following categories of data:

  • Browser information: browser name and version, preferred language, platform (e.g., Windows, macOS, Linux), screen resolution, color depth, user agent string, device memory (if available), network connection type
  • User context: session ID (randomly generated per session), email domain only (local part is redacted, e.g., ***@example.com), organization name, team name
  • Page views and navigation: pages visited within the application, route changes, referrer information
  • User interactions: clicks, form submissions, modal opens/closes, search queries, filter changes, tab switches, file downloads (file names are not collected)
  • API calls: HTTP method, URL path, response status code, request duration
  • Errors: error type, error message, stack trace (truncated to 1,000 characters), error source
  • Performance metrics: Core Web Vitals (LCP, FID, CLS, TTFB, INP), resource timing, memory usage (sampled every 30 seconds), long task detection
  • Component lifecycle: component mount/unmount timing, render duration

4.2 Data NOT Collected

The Web Application does not collect:

  • Full email addresses (local part is always redacted)
  • Passwords, tokens, or authentication credentials
  • File contents, database contents, or query results
  • Form field values (only the fact that a form was submitted is recorded)
  • Clipboard contents or keystrokes
  • IP addresses (not logged by our telemetry endpoint)

4.3 How to Opt Out

Set the userConsent configuration flag to false in your account settings. Telemetry stops immediately upon opt-out.

Desktop Application: Telemetry is completely disabled in the Desktop (Electron) application by default. No data is collected or transmitted.

5. CLI Telemetry

The Rediacc CLI uses the OpenTelemetry Node SDK. Telemetry is transmitted to https://www.rediacc.com/otlp.

5.1 Data Collected

The CLI collects the following categories of data:

  • Command usage: command name, CLI version, exit code, success or failure status
  • Anonymized arguments: command options with sensitive values redacted — passwords, tokens, secrets, API keys, and credentials are replaced with [REDACTED]
  • Environment: operating system type, Node.js runtime version, deployment environment
  • Error information: error type, error message, and limited stack trace when commands fail
  • API interactions: HTTP method, URL path, response status code, request duration
  • Session: randomly generated session ID, command execution duration

5.2 How to Opt Out

You can disable CLI telemetry using any of these methods:

  • Set the environment variable REDIACC_TELEMETRY=off (also accepts false or 0)
  • Set telemetryEnabled: false in your CLI configuration file
  • Telemetry is automatically disabled in CI environments (detected via the CI environment variable)

6. Middleware Telemetry

The Rediacc Middleware collects operational telemetry. Telemetry is transmitted to https://www.rediacc.com/otlp/v1/traces.

6.1 Data Collected

The Middleware collects the following categories of data:

  • System information: hostname, operating system version, .NET runtime version
  • API calls: HTTP method, endpoint path, response status code, request duration
  • Database operations: stored procedure name, execution duration, row count returned (no query content, parameters, or result data)
  • Authentication events: hashed user identifier only — user IDs are hashed with SHA-256 and a salt, then truncated to the first 12 characters. Original user IDs are never transmitted.
  • Health checks: service component availability status and response times
  • Application lifecycle: startup, shutdown, and configuration change events
  • Error information: error type, error message, and operational context

6.2 How to Opt Out

Set Telemetry:Enabled to false in your Middleware configuration (appsettings.json or environment-specific configuration).

7. Bridge (Renet) Telemetry

The Rediacc Bridge (Renet) uses OpenTelemetry with gzip-compressed OTLP export. Telemetry is transmitted to www.rediacc.com/otlp/v1/traces in batches (maximum 10 spans, flushed every 5 seconds).

7.1 Data Collected

The Bridge collects the following categories of data:

  • Queue operations: task ID, priority level, operation type, execution duration, success or failure status
  • SSH operations: target host, username, port number, exit code, execution duration (no command content or output is collected)
  • API calls: procedure name, request duration
  • Vault operations: operation type and duration (no secret values, keys, or vault contents are collected)
  • Bridge lifecycle: startup, shutdown, and reconnection events

7.2 How to Opt Out

You can disable Bridge telemetry using either method:

  • Set the environment variable REDIACC_TELEMETRY_DISABLED=1
  • Set the environment variable DO_NOT_TRACK=1 (respects the Do Not Track standard)

8. Data Processing and Storage

All telemetry data is transmitted over encrypted connections (TLS 1.2+) to our telemetry endpoint. Data is processed and stored as follows:

  • Encryption: All data is encrypted in transit using TLS. The Bridge additionally uses gzip compression.
  • Retention: Raw telemetry traces are stored for up to 90 days for debugging and incident investigation. Aggregated metrics are retained for up to 12 months and then deleted.
  • Access: Telemetry data is accessible only to Rediacc engineering and operations staff on a need-to-know basis.
  • No third-party sharing: Telemetry data is not shared with, sold to, or accessible by any third party.
  • Infrastructure: All telemetry data is processed and stored on infrastructure located within the European Union.

9. International Data Transfers

Telemetry data is processed and stored exclusively on servers within the European Union. In the unlikely event that telemetry data needs to be transferred outside the EU/EEA (e.g., for disaster recovery), appropriate safeguards will be in place, including Standard Contractual Clauses (SCCs) as approved by the European Commission.

10. Your Rights

Because our telemetry data is anonymized and aggregated, it generally does not constitute personal data under GDPR. However, to the extent that any telemetry data can be linked to you personally, you have the right to:

  • Access: Request information about what telemetry data we hold that may relate to you
  • Deletion: Request deletion of any telemetry data that can be linked to you
  • Opt-out: Disable telemetry at any time using the product-specific mechanisms described above
  • Complaint: Lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or your local supervisory authority

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

11. California Residents (CCPA/CPRA)

If you are a California resident, the following additional disclosures apply under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Categories of information collected: Internet or electronic network activity information (browser type, interaction data, error logs), device identifiers (anonymized), geolocation data (country-level only, derived from IP address which is not stored)
  • Purpose: Improving and maintaining service quality, debugging, performance monitoring, and security
  • Sale/Sharing: We do not sell or share telemetry data as defined by the CCPA/CPRA
  • Right to opt out: Use the product-specific opt-out mechanisms described in sections 4–7 above. We also honor the Global Privacy Control (GPC) signal in our Web Application.

12. Changes to This Policy

We may update this Telemetry Policy when we add new products, change what data is collected, or modify our processing practices. Changes will be posted on this page with an updated effective date. We will notify users of material changes through our product release notes and website.

Questions?

If you have questions about our telemetry practices or need help opting out, contact us at [email protected].

Related Policies