Privacy & telemetry
ide99 is local-first. Queries, results, passwords, history — all stored on your machine. From the app to our servers, only: update checks (if enabled) and optional anonymous statistics. Nothing else.
Where your data lives
| What |
macOS |
Windows |
Linux |
| Connections (no passwords) |
~/Library/Application Support/ide99/connections.json |
%APPDATA%\ide99\connections.json |
~/.config/ide99/connections.json |
| Passwords |
OS keychain |
Credential Manager |
libsecret / KWallet / GNOME Keyring |
| Query history |
…/ide99/history.db (SQLite) |
same |
same |
| Recent Plans |
…/ide99/plans/ |
same |
same |
| MCP audit log |
…/ide99/mcp-audit.log |
same |
same |
| Schema cache |
…/ide99/schemas/ |
same |
same |
None of your data ever lands in our logs / cloud / telemetry.
Privacy settings
Settings → Privacy — two toggles:
Anonymous statistics
Off by default. If on, once a day a request is sent to our server with:
- ide99 version
- OS (
darwin / win32 / linux) + version (14.6, 11, Ubuntu 22.04)
- Architecture (
arm64, x64)
- UI locale (
ru or en)
- Whether the app launched at least once today (boolean)
What's not sent:
- No DB names, hosts, users, IPs
- No SQL queries or results
- No table or column names
- No clipboard, file, or history contents
Crash reports
Off by default. If on, on app crash these are sent:
- Stack trace (function names, files, lines in ide99 code)
- ide99 version + OS
- Names of Postgres extensions present on the active connection (e.g.,
pgvector, postgis)
What's not sent:
- No SQL, no data, no passwords
- No table/column names of yours (only generic strings like
Failed to parse jsonb, no value)
"What we collect" modal
The What we collect button on the Privacy page opens a dialog with the verbatim list of what's sent. Same content as above, in short form. Transparency by design.
Where it goes
Default endpoints:
- Anonymous statistics:
https://stats.ide99.ru (or .io for the EN locale)
- Crash reports:
https://crash.ide99.ru (or .io)
In Settings → Privacy → Endpoint you can pick:
- EU (default) — servers in the EU
- RU — servers in Russia (for data localization scenarios)
- None — disables any transmission even with stats/crash on
If you turn on stats and leave endpoint = None — nothing's sent. A "double switch" if you want to flip toggles either way at any time.
Production guards (recap)
Beyond telemetry, production guards are part of privacy too — they protect data from your own mistakes:
- Read-only by default for prod connections
- Confirming destructive commands by typing the table name
- Slow-query warnings before running them
- Optional exclusion from history for sensitive connections
Clear local data
The Clear all local data button on the Privacy page wipes:
connections.json (connections)history.db (history)plans/ (recent plans)mcp-audit.log (audit)schemas/ (schema cache)- Passwords from OS keychain (via system API)
Tauri logs and cookies aren't touched — those are at the system level, better to rm -rf the profile folder.
Next