❯ cat /etc/spanna/telemetry

What Spanna collects

Documented product analytics. On the desktop app, telemetry is off until you opt in at first launch. On the web client, telemetry is on by default and you can turn it off from your account menu at any time.

documented · auditable · opt-out from settings

❯ list events

Events

Exhaustive list of analytics events Spanna emits. Every event is documented; nothing else fires.

  • download_clicked
  • deeplink_clicked
  • login_clicked
  • web_login_succeeded
  • web_connection_created
  • web_query_executed
  • feature_used
  • desktop_first_run
  • desktop_login_succeeded
  • desktop_connection_created
  • desktop_query_executed
  • desktop_upgrade_clicked
  • desktop_update_available
  • desktop_update_downloaded
  • desktop_update_installed
  • desktop_update_failed
  • purchase_completed
  • subscription_renewed
  • subscription_canceled

❯ list properties --safe

Properties

Metadata attached to events. None of it identifies a person, and none of it touches your database content.

  • + dl_token
  • + platform_target
  • + utm_source / utm_medium / utm_campaign / utm_content / utm_term
  • + referrer, landing_path, from_page
  • + first_utm_* / first_referrer / first_landing_path / first_visitor_id (first-touch attribution)
  • + visitor_id
  • + surface, feature, context, pro
  • + connection_type, query_type
  • + app_version, os, arch, os_family, browser_family
  • + from_version, to_version, channel, reason_code
  • + plan, license_state, amount, currency, interval, mrr, arr, cancel_reason

❯ list properties --never

Never collected

Anything that could leak the shape, location, or contents of your data is on this list — by design, not by promise.

  • × database names
  • × collection names
  • × connection strings
  • × hostnames
  • × IP addresses on the client (server-side we hash the requester IP for abuse detection; the original IP is not stored)
  • × query contents
  • × aggregation pipelines
  • × credentials or secrets

❯ list channels --other

Other channels

Data sources that aren't part of the analytics event stream above but do collect data when enabled. Each is listed separately so the events list above stays exhaustive and these don't get conflated with it.

  • Crash diagnostics (desktop, off by default)

    When you opt in at first launch, we upload the crash type, sanitised message, and stack trace if the app crashes. Native minidumps written by the OS stay on your machine and are never uploaded.

  • Session recordings (web, on by default)

    Masked recordings of your interactions with the web client and marketing site, captured by PostHog. Every text value and input field is masked at the source before recording — we see clicks, scrolls, and navigation, never typed content.

  • Feedback submissions (manual, you initiate)

    When you send feedback from the desktop app we receive what you type, your optional email address, and (only if you tick the box) a diagnostics blob.

❯ telemetry diag

Telemetry diagnostics

On desktop, open Settings → Privacy for a live status read-out and a one-click toggle. On the web client, open your account menu and use the analytics toggle there.

❯ telemetry off

Opt out

Disabling analytics stops new events immediately. Already-collected anonymous events stay aggregated; we don't keep per-user identifiers tying them to you.

# see also: /privacy · /security