# Telemetry Aerospike Voyager collects anonymous usage statistics to help the team understand how the application is used and where to focus improvements. Telemetry is enabled by default and can be disabled at any time. No personally identifiable information (PII) is ever collected, and no data is shared with third parties beyond the analytics provider described below. Use of Voyager is governed by the [Voyager Terms of Service](https://aerospike.com/legal/voyager-terms/) and the [Aerospike Privacy Policy](https://aerospike.com/legal/privacy-policy/). ## Opting out **On first launch**, Voyager shows a Privacy settings screen before you start using the application. This screen also presents the [Voyager Terms of Service](https://aerospike.com/legal/voyager-terms/) and [Privacy Policy](https://aerospike.com/legal/privacy-policy/) for your review. Usage analytics is on by default. Toggle it off before clicking **Get started** and no telemetry is ever collected. **After first launch**, open **Settings** (gear icon in the sidebar), navigate to **Security & privacy**, and toggle **Usage analytics** off. The change takes effect immediately; no further events are sent. ## How it works **Anonymous identifier.** On first launch, Voyager generates a random UUID and stores it locally as your analytics identifier. This identifier is not tied to your name, email, or any account. It is the same across sessions on the same installation but is not shared across devices. **Analytics provider.** Voyager uses [PostHog](https://posthog.com) to collect and store usage events. Events are sent to PostHog’s US-hosted service at `us.posthog.com`. See the [Aerospike Privacy Policy](https://aerospike.com/legal/privacy-policy/) for details on how this data is handled. **Delivery.** Events are queued in a local buffer and delivered asynchronously in the background. Telemetry calls never block the UI. Any events buffered at shutdown are flushed before the process exits. **Consent gating.** Every event passes through an atomic consent check before delivery. Events generated after opt-out are dropped immediately and never reach PostHog. **Common properties on every event.** Each event automatically includes `app_version` (the Voyager version string) and `platform` (`desktop` or `web`). ## What is collected Telemetry captures the _shape_ of how Voyager is used — which features are exercised and whether they succeed — not the data you work with. At a high level, Voyager records: - **Which features you use**, such as managing connections, browsing or mutating records, exploring clusters, running the MCP server, and navigating between pages. - **Anonymous aggregates** like counts (records returned, bins on a record, cluster size) and durations, so we can understand performance and scale. - **Environment and build information** (Voyager version, operating system, architecture) to correlate behavior with specific builds and platforms. - **Outcomes**, including whether an action succeeded and, when it didn’t, a structured error code and category. - **Configuration shape** for connections — for example, whether TLS or authentication is enabled — never hostnames, credentials, or certificate content. Crash reports include the panic message string only; no stack traces. Your opt-in or opt-out preference is itself recorded so the setting can be respected across sessions. ## What is not collected - Cluster hostnames, IP addresses, ports, or connection strings - Usernames, passwords, or TLS certificate content (only whether auth or TLS is enabled as a boolean) - Record keys, primary key values, or digest values - Bin names or bin values - Namespace names or set names - Query expressions, filter conditions, or index names - Stack traces (crash reports include only the panic message string) - File paths or directory names - Any personally identifiable information