tokemetry docs

Privacy and security

tokemetry is designed so usage telemetry can be centralized without centralizing conversation content.

Privacy boundary

Conversation content, prompts, responses, and source code are not part of the website's v1 telemetry model. The collector uploads usage metadata and normalized counters needed for limit windows, burn-rate, history, and API analytics.

Credential handling

OAuth tokens remain on the collector machine. Server API tokens are expected to use bearer authentication and hashed storage. The production server should run on infrastructure controlled by the user.

Network posture

The default deployment posture is private-first: a server reachable over WireGuard or a similarly restricted network path, with HTTPS at the edge where appropriate.

Website collection

The public website does not add analytics, cookies, account systems, or data collection by default.