Skip to content
grantlock

Telemetry disclosure

GrantLock collects anonymized usage telemetry from the Free Binary tier by default to learn what to improve. The OSS source build collects nothing unless you enable it explicitly. You can disable telemetry on the Free Binary at any time:

grantlock config set telemetry off

This page is the canonical short-form telemetry disclosure. The full disclosure is maintained in the open-source repository under TELEMETRY.md and is rendered here at build time once that file ships.

What we collect

FieldWhyTier
Anonymous install ID (UUIDv4, generated at install, never tied to email)Distinguish unique installs from repeat runsFree Binary
OS family + architectureDecide which platform builds to keep maintainedFree Binary
GrantLock versionDecide when to retire old versions safelyFree Binary
Number of MCP servers scanned (count only, no names)Sanity-check our targetingFree Binary
Top-level CLI command (scan, install, report, etc.)Find dead featuresFree Binary
Crash reports (stack trace + version + OS, redacted of paths)Triage bugsAll tiers, opt-in

What we do not collect

  • Server names, URLs, hostnames
  • Tool names, resource paths, prompt contents
  • Configuration file contents
  • IP addresses (downloads are logged separately and tied to the signup email, not the install)
  • Any content of the agents you run against

Where it goes

Telemetry events are sent over TLS to a single endpoint at telemetry.grantlock.ai, ingested into a write-only event store, and aggregated nightly. Raw events are deleted after 90 days. Aggregated counts are retained indefinitely.

How to verify

The telemetry payload is logged in plaintext to ~/.grantlock/telemetry.log when you set telemetry verbose — read it before each run if you want to audit what was sent.

How to delete

Email hello@grantlock.ai with your install ID (grantlock config get install_id). We will purge events for that ID within 30 days.

GrantLock Analyst conversation history

Applies to the paid Cloud tier (Pro and above) at app.grantlock.ai. Off by default — your organization must explicitly opt in (a one-time prompt the first time someone uses the GrantLock Analyst). Until you opt in, no conversation is stored.

When enabled, GrantLock stores the questions you ask the Analyst and the answers it returns, so you can resume a conversation where you left off. Retention is coupled to your AI-privacy setting, and the most restrictive tier used in a conversation wins:

AI-privacy tierConversation retention
Standard30 days
Limited7 days
Strict / EU-residencyNot stored — nothing is written server-side
  • Never used for training. Conversation content is never used to train any AI model.
  • Org-role visible. Saved conversations are visible to members of your organization who have Analyst access — so an analyst can hand a thread to a colleague (MSSP and team workflows). Conversation content is isolated to your organization (row-level security).
  • Your control. Export any conversation (JSON or CSV) or permanently delete it at any time from the Analyst's conversation-history panel. Deletion is immediate and irreversible. Expired conversations are purged automatically on a daily schedule.
  • Scope. Only the Analyst Q&A surface is affected, and only after opt-in. This is independent of the OSS and Free Binary telemetry posture described above. Cloud processing is governed by your subscription agreement (DPA).

Stub — canonical source at https://raw.githubusercontent.com/grantlock-ai/grantlock/main/TELEMETRY.md.