Website data
We collect only the information needed to run the website, respond to requests, and provide the product.
- Website and install access logs, such as IP address, user agent, requested URL, and timestamp.
- Cloudflare Web Analytics Real User Measurements (RUM), such as aggregate page and browser
performance measurements from public site visits.
- Contact information you send us, such as your email address and message content.
- Enterprise account or support information you choose to provide.
Website cookies and RUM
The public NopeID website uses Cloudflare Web Analytics Real User Measurements (RUM) to understand
aggregate page performance and reliability.
- Cloudflare's RUM beacon does not store data in your browser or access browser storage such as
cookies, localStorage, sessionStorage, or IndexedDB.
- Cloudflare may receive source IP address as ordinary HTTPS connection metadata for the RUM request,
but does not store it in core RUM databases or logs.
- We do not have tracking cookies on the public website.
- If Cloudflare security or traffic-management services set strictly necessary cookies, those cookies
are not used for advertising or cross-site tracking.
Website sharing and retention
We do not sell personal information. We may share limited website, email, download, support, or
enterprise-request data with service providers that help us operate those services. We keep these records
only as long as needed, unless a longer period is required for security, legal, or business records.
What stays on your device
Raw agent prompts, reasoning, commands, files, file contents, runtime journals, and local policy records
stay on your device. Product analytics, when enabled, are limited to usage signals, security event
counts, and coarse environment details.
Product analytics
The installed NopeID agent includes a Usage Analytics setting, enabled by default and controlled from the
helper Privacy screen. When enabled, NopeID sends limited product analytics through Google Analytics
Measurement Protocol using consent flags that deny ad user data and ad personalization.
- Usage signals, such as agent starts, app opens, and active-use timing.
- Settings flag states, such as whether major local protections are enabled.
- Security event counts for injection, intent divergence, risky commands, blocked tools, blocked MCP
requests, and tool authorization outcomes.
- Coarse environment details, such as app version, macOS major/minor version, country, hashed install
ID, and hashed trace IDs.
Never in analytics
NopeID analytics payloads do not include raw commands, tool inputs or arguments, prompts, messages, plan
text, file paths, repository names, regex rules, credentials, tokens, file contents, scanned content,
local usernames, account identities, email addresses, raw product event IDs, or IP address fields. The
analytics endpoint may still see source IP address as ordinary HTTPS connection metadata.
Enterprise and optional features
Organizations may configure NopeID with additional reporting, fleet management, or remote execution
features. Those deployments may have separate terms, settings, and retention rules controlled by the
organization.
Your choices
You can turn off Usage Analytics in the NopeID helper Privacy settings. When analytics are turned off,
the product may send one final opt-out event and then stops normal analytics events. You can uninstall
NopeID at any time and remove local product data from your device using the tools available in your
operating system.