Telemetry¶
CloudSlash collects anonymous aggregate usage data. Here is exactly what is sent, what is never sent, and how to opt out.
What We Collect¶
Each successful cloud scan fires a single JSON event containing:
{
"engine_version": "v3.1.0",
"os": "darwin",
"arch": "arm64",
"plugins_active": ["aws", "k8s"],
"nodes_scanned": 1420,
"waste_cost_usd": 320,
"duration_seconds": 47
}
| Field | Type | Purpose |
|---|---|---|
engine_version |
string | Track adoption of new releases |
os / arch |
string | Prioritise platform-specific fixes |
plugins_active |
string[] | Understand which providers are most used |
nodes_scanned |
int | Aggregate infrastructure size distribution |
waste_cost_usd |
int | Rounded to the nearest dollar: measures aggregate savings impact |
duration_seconds |
int | Monitor scan performance regressions |
Data Privacy¶
What We Never Collect
CloudSlash has a hard technical constraint. The opt-out check happens before any network object is created. When telemetry is disabled, no DNS lookup, no socket, and no HTTP client are ever instantiated. Verify this guarantee in pkg/telemetry/analytics.go.
The following data is never transmitted, regardless of opt-out status:
- AWS Account IDs, ARNs, or resource identifiers of any kind
- IP addresses, CIDR ranges, or VPC topology data
- API keys, credentials, or secrets of any kind
- Hostnames, domain names, or DNS records
- Cost breakdowns tied to individual resources
- Tags, labels, or resource metadata
- Any data from your
cloudslash.yamlor Slashfile
Opt Out¶
How to
There are four independent ways to disable telemetry. Any one of them is sufficient.
TUI¶
First-Run Prompt
The first time you run cs tui, CloudSlash displays a consent dialogue before the dashboard starts. Press ← / → to choose, then Enter to confirm. Selecting Decline writes telemetry.opt_out: true to ~/.cloudslash/config.yaml and creates a sentinel file so the prompt never appears again.
Environment Variable¶
Recommended for CI/CD
Set this in your shell profile, .env file, or CI/CD pipeline secrets. Both 0 and false (case-insensitive) are accepted. This variable is evaluated before any config file is read, so it works even in ephemeral containers where no config file exists.
CLI Flag¶
Pass --no-telemetry to any command:
Because --no-telemetry is a persistent flag, it propagates to all subcommands automatically.
Config File¶
Add the following to ~/.cloudslash/config.yaml:
Or set it with the config command:
Web Dashboard¶
Open the daemon web UI → Settings (gear icon) → Privacy & Data → toggle Share Anonymous Usage Data off. The change is written to config.yaml immediately and takes effect on the next scan.
Verification¶
Source Code¶
Verify via
The opt-out check is the very first statement in ReportScanCompletion:
func ReportScanCompletion(ctx context.Context, optOut bool, ...) error {
if optOut {
return nil // Hard gate: no network object is created
}
// ... HTTP POST in a goroutine
}
Packet Capture¶
Verify via
With CLOUDSLASH_TELEMETRY=0 set, use a local packet sniffer to confirm zero outbound connections to analytics.cloudslash.dev:
# macOS
CLOUDSLASH_TELEMETRY=0 cs scan &
sudo tcpdump -i any host analytics.cloudslash.dev
# Expected: zero packets captured
Telemetry Endpoint¶
Events are sent via HTTPS POST to:
The request uses a 5-second timeout. A network failure (firewall, airgap, connectivity issue) is silently discarded. It never causes a scan to fail or slow down because the POST runs in a background goroutine and the scan result is returned before it completes.
DO_NOT_TRACK¶
CloudSlash respects the CLOUDSLASH_TELEMETRY=0 convention. If you also set the standard DO_NOT_TRACK=1 environment variable and would like us to honour it natively, open a GitHub issue.
Privacy Policy
For the full legal privacy policy covering the CloudSlash SaaS dashboard and website, see cloudslash.dev/privacy.