Privacy Policy

Agent Recon™ respects your privacy. This policy explains what data we collect, how we use it, and your rights.

1. What We Collect

When telemetry is enabled, Agent Recon sends a single heartbeat on startup and once daily. Each heartbeat contains the following fields:

• install_id — a randomly generated UUID, not derived from any personal information (not from hardware IDs, MAC addresses, usernames, or hostnames)
• version — the Agent Recon version string (e.g., "1.5.0")
• platform — operating system and CPU architecture (e.g., "darwin-arm64")
• timestamp — ISO-8601 datetime of the heartbeat

Additionally, your source IP address is captured server-side by the Azure infrastructure when the heartbeat is received. The client never sends IP information.

1b. Website Analytics

When you visit www.agent-recon.net, a lightweight analytics beacon records the following data:

• Page path — which page you visited (e.g., /, /privacy.html)
• Referrer domain — the hostname of the page that linked you here (stripped to domain only)
• Device class — desktop, mobile, or bot (derived from User-Agent header)
• Timestamp — when the page was loaded

Your IP address is captured server-side by Azure infrastructure (not sent by the beacon). IP addresses are not stored in the site analytics table and are not used for tracking.

What we do NOT do with website analytics:

• No cookies or tracking pixels
• No browser fingerprinting
• No cross-site tracking
• No advertising or profiling
• No third-party analytics services (e.g., Google Analytics)

Website analytics data is retained for 90 days, then permanently deleted. Daily aggregate summaries (total page views per day, with no individual visitor data) are retained indefinitely.

Legal basis (GDPR): Legitimate interest in understanding website traffic to improve the product and prioritize development. You may object by using a browser extension that blocks analytics beacons, or by disabling JavaScript.

2. What We Do NOT Collect

Agent Recon does not collect any of the following:

• No session content (prompts, tool inputs, tool outputs, file contents, code)
• No personally identifiable information (names, email addresses, usernames, hostnames)
• No API keys, credentials, or authentication tokens
• No usage metrics (token counts, session durations, event counts, model names)
• No file paths, working directories, or project names
• No browsing history or network activity
• No hardware identifiers (MAC addresses, serial numbers, device IDs)

3. How We Use Collected Data

We use the data described in Section 1 for the following purposes:

• Aggregate install counts — measuring daily active installs
• Version distribution analysis — prioritizing updates and deprecation schedules
• Platform distribution analysis — prioritizing platform support and compatibility testing
• IP-to-ASN mapping — identifying corporate network clusters for license compliance

We do not sell, rent, or share your data with third parties. We do not use your data for advertising or profiling.

4. Data Retention

• Heartbeat records are retained for 90 days, then permanently deleted.
• IP-to-ASN mapping data is retained for 90 days.
• After the retention period, data is purged and cannot be recovered.

5. How to Opt Out

You can disable telemetry at any time:

1. Open the Agent Recon dashboard in your browser.
2. Click the gear icon to open Settings.
3. Toggle “Send anonymous usage statistics” to disabled.

When disabled, zero telemetry is sent — no heartbeat, no version check, nothing. The opt-out takes effect immediately.

You can also set telemetry_enabled to false directly in the SQLite database settings table.

6. How to Delete Your Data

Self-service data deletion is built into the dashboard:

1. Open the Agent Recon dashboard in your browser.
2. Click the gear icon to open Settings.
3. Click “Delete My Data” in the telemetry section.
4. Confirm when prompted.

Deletion is immediate and permanent — deleted data cannot be recovered. Telemetry is automatically disabled after deletion to prevent new records from being created.

7. Your Rights Under GDPR

If you are in the European Economic Area, you have the right to:

• Access — request what data we hold about your install ID
• Erasure — delete all data associated with your install ID (see Section 6)
• Object — opt out of data collection at any time (see Section 5)
• Portability — request your data in a machine-readable format via GitHub Issues
• Rectification — your data consists only of automatically generated fields; there is nothing to correct

To exercise these rights, use the self-service deletion endpoint (Section 6) or open a GitHub Issue.

8. Your Rights Under CCPA

If you are a California resident:

• Right to Know — you can request what data we collect (described in Section 1)
• Right to Delete — use the self-service deletion endpoint (Section 6)
• Right to Opt Out of Sale — we do not sell your personal information to any third party
• Non-Discrimination — we will not discriminate against you for exercising your rights

9. Data Security

• All heartbeat data is transmitted over HTTPS (TLS encryption in transit).
• Server-side data is stored in Azure Table Storage with managed identity access controls.
• Secrets (API tokens) are stored in Azure Key Vault.
• Network access to storage and key vault is restricted via Azure Virtual Network and firewall rules.
• No shared access keys — all access uses Azure Managed Identity with role-based access control (RBAC).

10. Children’s Privacy

Agent Recon is a software development tool not directed at children under 13. We do not knowingly collect data from children.

11. Contact

For privacy questions or requests, open a GitHub Issue at:

https://github.com/genxcoder1999/agent-recon-community/issues

12. Changes to This Policy

We may update this policy from time to time. Material changes will be noted in release notes and the effective date will be updated. Continued use of Agent Recon after changes constitutes acceptance of the revised policy.