Telemetry disclosure
GrantLock collects anonymized usage telemetry from the Free Binary tier by default to learn what to improve. The OSS source build collects nothing unless you enable it explicitly. You can disable telemetry on the Free Binary at any time:
grantlock config set telemetry off
This page is the canonical short-form telemetry disclosure. The full disclosure
is maintained in the open-source repository under TELEMETRY.md and is
rendered here at build time once that file ships.
What we collect
| Field | Why | Tier |
|---|---|---|
| Anonymous install ID (UUIDv4, generated at install, never tied to email) | Distinguish unique installs from repeat runs | Free Binary |
| OS family + architecture | Decide which platform builds to keep maintained | Free Binary |
| GrantLock version | Decide when to retire old versions safely | Free Binary |
| Number of MCP servers scanned (count only, no names) | Sanity-check our targeting | Free Binary |
Top-level CLI command (scan, install, report, etc.) | Find dead features | Free Binary |
| Crash reports (stack trace + version + OS, redacted of paths) | Triage bugs | All tiers, opt-in |
What we do not collect
- Server names, URLs, hostnames
- Tool names, resource paths, prompt contents
- Configuration file contents
- IP addresses (downloads are logged separately and tied to the signup email, not the install)
- Any content of the agents you run against
Where it goes
Telemetry events are sent over TLS to a single endpoint at
telemetry.grantlock.ai, ingested into a write-only event store, and aggregated
nightly. Raw events are deleted after 90 days. Aggregated counts are retained
indefinitely.
How to verify
The telemetry payload is logged in plaintext to ~/.grantlock/telemetry.log
when you set telemetry verbose — read it before each run if you want to
audit what was sent.
How to delete
Email hello@grantlock.ai with your install ID (grantlock config get install_id). We will purge events for that ID within 30 days.
GrantLock Analyst conversation history
Applies to the paid Cloud tier (Pro and above) at app.grantlock.ai. Off by default — your organization must explicitly opt in (a one-time prompt the first time someone uses the GrantLock Analyst). Until you opt in, no conversation is stored.
When enabled, GrantLock stores the questions you ask the Analyst and the answers it returns, so you can resume a conversation where you left off. Retention is coupled to your AI-privacy setting, and the most restrictive tier used in a conversation wins:
| AI-privacy tier | Conversation retention |
|---|---|
| Standard | 30 days |
| Limited | 7 days |
| Strict / EU-residency | Not stored — nothing is written server-side |
- Never used for training. Conversation content is never used to train any AI model.
- Org-role visible. Saved conversations are visible to members of your organization who have Analyst access — so an analyst can hand a thread to a colleague (MSSP and team workflows). Conversation content is isolated to your organization (row-level security).
- Your control. Export any conversation (JSON or CSV) or permanently delete it at any time from the Analyst's conversation-history panel. Deletion is immediate and irreversible. Expired conversations are purged automatically on a daily schedule.
- Scope. Only the Analyst Q&A surface is affected, and only after opt-in. This is independent of the OSS and Free Binary telemetry posture described above. Cloud processing is governed by your subscription agreement (DPA).
Stub — canonical source at https://raw.githubusercontent.com/grantlock-ai/grantlock/main/TELEMETRY.md.