releases.shpreview
Privacy & Telemetry
View .md

Privacy & Telemetry

Releases collects anonymous usage data from the CLI and the local MCP stdio server so we can understand which commands and tools are actually used. This page documents exactly what is collected, how to see it, and how to turn it off.

What is collected

Every CLI command and every local MCP tool call records a single event with:

  • Command or tool name — e.g. search, list, or tool search_releases
  • CLI version — e.g. 0.10.0
  • Device info — operating system, architecture, and how the CLI is running (e.g. darwin arm64, compiled binary or Bun)
  • Outcome — exit code and duration in milliseconds
  • Anonymous ID — a random UUID generated on first run and stored at ~/.releases/telemetry-id
  • Timestamp — when the event occurred

What is never collected

  • Command arguments or flag values
  • File paths, source slugs, org or product names, release IDs
  • Search queries, prompt text, or any other content you type
  • Usernames, email addresses, hostnames, IP addresses (beyond what any HTTP request exposes to the receiving server)
  • The contents of any release, changelog, or summary

Anonymous ID

The first time the CLI runs, a random UUID is written to ~/.releases/telemetry-id with 0600 permissions. This ID is not tied to a user, account, or machine identifier — it is a randomly generated value that lets us count unique clients across events. Deleting the file on your end resets your identity.

First-run notice

On first run, the CLI prints a one-time notice to stderr summarizing what is collected and how to opt out. The notice is suppressed on subsequent runs, on CI, and on clients that identify as internal.

Opting out

You can disable telemetry at any time. Any of the following will silence it:

releases telemetry disable              # persistent opt-out (stored locally)
RELEASED_TELEMETRY_DISABLED=1 releases # per-invocation opt-out
DO_NOT_TRACK=1 releases                # also respected

To see the current state, the anonymous ID, and the endpoint events would post to:

releases telemetry status

To re-enable:

releases telemetry enable

How events are sent

Events are sent best-effort to POST /v1/telemetry on the public API with a 1.5-second timeout. If the request fails, times out, or the machine is offline, the event is silently dropped — telemetry never blocks a command and never surfaces errors.

Retention

Telemetry events are retained for 90 days and then deleted.