Privacy
Last updated 2026-04-21. Plain-English summary first.
Short version
- Your code never leaves your laptop. Compression runs locally. No prompts, source, or traces are uploaded.
- The binary makes four small HTTP calls: install pixel, first-run beacon, session heartbeat, idle heartbeat. None carry prompt content.
- We see aggregate numbers (tokens saved, session count), not what was in the session.
- No third-party ad trackers. No analytics beacons beyond what's listed below.
What we collect, and why
1. Install pixel
Fired by install.sh after install. Opt out: TETRIS_NO_PIXEL=1.
| Field | Example | Why |
|---|---|---|
triple | aarch64-apple-darwin | binary demand |
version | v0.1.2 | adoption curve |
build_id | hash | artifact integrity |
2. First-run beacon
Once per install.
| Field | Example | Why |
|---|---|---|
install_id | UUID v4 | de-dupe installs |
machine_id_hash | HMAC(salt, host-id) | per-plan device count |
platform | darwin/arm64 | release QA |
binary_version | v0.1.2 | adoption |
machine_id_hash is a one-way HMAC with a per-install random salt. Not reversible to your hostname or MAC.
3. Session heartbeat
After each compression session.
| Field | Example |
|---|---|
install_id | UUID |
jti | license token ID |
tokens_before / tokens_after | 41822 / 5119 |
strategy_chain | [safety_mask, ast_pack, rome_prune, …] |
model_id | claude-sonnet-4-5 |
latency_ms | 142 |
We do not receive prompts, responses, file paths, project names, tool args, tool results, or node contents. Only the numeric counters + strategy chain.
4. Idle heartbeat
Once per day. Updates last_seen_at. Returns license freshness + CRL status.
What we do not collect
- Prompts, chats, file contents.
- File paths (absolute or relative).
- Repository names, git remotes, branches.
- Tool args or tool results.
- IP: used for TLS + rate limiting, not stored past 24 hours.
- Any third-party advertising trackers.
What runs in the browser
Cloudflare Web Analytics (cookieless) and a small Alpine.js counter that fetches aggregate stats from a Supabase Edge Function. No identifiers are sent.
Retention
- Install + heartbeat rows: 24 months, then aggregated + deleted.
- Session rows (numeric only): 24 months.
- Raw HTTP logs: 7 days.
- Your local
~/.tetris/savings.logis yours. Never uploaded.
Opt-outs
- Install pixel:
TETRIS_NO_PIXEL=1. - Telemetry:
tetris config set telemetry.enabled false. - Enterprise air-gap builds ship with telemetry compiled out.
Your rights
GDPR / CCPA: email privacy@tetris.codes with your
install_id (tetris config show install_id). We export or delete within 30 days.
Sub-processors
| Vendor | Purpose |
|---|---|
| Cloudflare | DNS, TLS, Pages, Workers, Web Analytics |
| Supabase | Auth, Postgres, Realtime, Edge Functions |
| Resend | transactional email |
| Stripe | payment processing (Pro + Enterprise) |