Skip to content

Telemetry

CloudSlash collects anonymous aggregate usage data. Here is exactly what is sent, what is never sent, and how to opt out.


What We Collect

Each successful cloud scan fires a single JSON event containing:

{
  "engine_version": "v3.1.0",
  "os": "darwin",
  "arch": "arm64",
  "plugins_active": ["aws", "k8s"],
  "nodes_scanned": 1420,
  "waste_cost_usd": 320,
  "duration_seconds": 47
}
Field Type Purpose
engine_version string Track adoption of new releases
os / arch string Prioritise platform-specific fixes
plugins_active string[] Understand which providers are most used
nodes_scanned int Aggregate infrastructure size distribution
waste_cost_usd int Rounded to the nearest dollar: measures aggregate savings impact
duration_seconds int Monitor scan performance regressions

Data Privacy

What We Never Collect

CloudSlash has a hard technical constraint. The opt-out check happens before any network object is created. When telemetry is disabled, no DNS lookup, no socket, and no HTTP client are ever instantiated. Verify this guarantee in pkg/telemetry/analytics.go.

The following data is never transmitted, regardless of opt-out status:

  • AWS Account IDs, ARNs, or resource identifiers of any kind
  • IP addresses, CIDR ranges, or VPC topology data
  • API keys, credentials, or secrets of any kind
  • Hostnames, domain names, or DNS records
  • Cost breakdowns tied to individual resources
  • Tags, labels, or resource metadata
  • Any data from your cloudslash.yaml or Slashfile

Opt Out

How to

There are four independent ways to disable telemetry. Any one of them is sufficient.

TUI

First-Run Prompt

The first time you run cs tui, CloudSlash displays a consent dialogue before the dashboard starts. Press ← / → to choose, then Enter to confirm. Selecting Decline writes telemetry.opt_out: true to ~/.cloudslash/config.yaml and creates a sentinel file so the prompt never appears again.

Environment Variable

Recommended for CI/CD

export CLOUDSLASH_TELEMETRY=0

Set this in your shell profile, .env file, or CI/CD pipeline secrets. Both 0 and false (case-insensitive) are accepted. This variable is evaluated before any config file is read, so it works even in ephemeral containers where no config file exists.

.github/workflows/scan.yml
env:
  CLOUDSLASH_TELEMETRY: "0"

CLI Flag

Pass --no-telemetry to any command:

cs scan --no-telemetry
cs daemon --no-telemetry
cs tui --no-telemetry

Because --no-telemetry is a persistent flag, it propagates to all subcommands automatically.

Config File

Add the following to ~/.cloudslash/config.yaml:

telemetry:
  opt_out: true

Or set it with the config command:

cs config set telemetry.opt_out true

Web Dashboard

Open the daemon web UI → Settings (gear icon) → Privacy & Data → toggle Share Anonymous Usage Data off. The change is written to config.yaml immediately and takes effect on the next scan.


Verification

Source Code

Verify via

The opt-out check is the very first statement in ReportScanCompletion:

func ReportScanCompletion(ctx context.Context, optOut bool, ...) error {
    if optOut {
        return nil  // Hard gate: no network object is created
    }
    // ... HTTP POST in a goroutine
}

View the full source →

Packet Capture

Verify via

With CLOUDSLASH_TELEMETRY=0 set, use a local packet sniffer to confirm zero outbound connections to analytics.cloudslash.dev:

# macOS
CLOUDSLASH_TELEMETRY=0 cs scan &
sudo tcpdump -i any host analytics.cloudslash.dev
# Expected: zero packets captured

Telemetry Endpoint

Events are sent via HTTPS POST to:

https://analytics.cloudslash.dev/v1/events

The request uses a 5-second timeout. A network failure (firewall, airgap, connectivity issue) is silently discarded. It never causes a scan to fail or slow down because the POST runs in a background goroutine and the scan result is returned before it completes.


DO_NOT_TRACK

CloudSlash respects the CLOUDSLASH_TELEMETRY=0 convention. If you also set the standard DO_NOT_TRACK=1 environment variable and would like us to honour it natively, open a GitHub issue.


Privacy Policy

For the full legal privacy policy covering the CloudSlash SaaS dashboard and website, see cloudslash.dev/privacy.