Telemetry & privacy

tok0 is local-first. Every byte of your shell output, every command you run, every project you compress in stays on your machine. The optional telemetry channel is anonymous instance metrics — and it is off by default.

What’s local-only, always

These never leave your machine, regardless of any setting:

• Raw command output (stdin and stdout).
• Compressed command output.
• The commands you ran.
• File paths, project names, repo URLs.
• The contents of your config or rule files.
• The contents of your meter database.

There is no “phone home” code path that handles any of these. tok0’s source tree is grep-able — search for reqwest or ureq and you’ll find exactly two callsites: the optional telemetry pinger, and the optional self-update checker. Both are gated behind explicit config.

What tok0 stats uses

tok0 stats and friends (tok0 costs, tok0 adoption, tok0 profile) read from ~/.config/tok0/meter.db. That database is local SQLite; nothing reads it but you. You can inspect it with the sqlite3 CLI:

sqlite3 ~/.config/tok0/meter.db ".schema"
sqlite3 ~/.config/tok0/meter.db "SELECT * FROM events LIMIT 5;"

Schema:

events
  id           INTEGER PRIMARY KEY
  ts           INTEGER (unix epoch)
  command      TEXT (the command name, e.g. "git diff" — not the args)
  raw_bytes    INTEGER
  filtered_bytes INTEGER
  exit_code    INTEGER
  filter_ms    INTEGER

Notice: no args, no paths, no output content — just sizes.

Optional telemetry (off by default)

When explicitly enabled, tok0 sends an anonymous instance ping once per day to api.tok0.dev/telemetry. The payload:

{
  "instance_id": "f1c2…",
  "tok0_version": "0.4.2",
  "os": "darwin",
  "arch": "aarch64",
  "events_today": 142,
  "tokens_saved_today": 18402,
  "compressors_used": ["git", "cargo", "npm"]
}

That’s the entire payload. There is no field for command args, output content, paths, or any kind of identifier that ties back to you or your projects. The instance_id is a random 128-bit value generated on first run; you can rotate or delete it any time:

rm ~/.config/tok0/instance_id

Turning it on

tok0 telemetry on

Or in config.toml:

[telemetry]
enabled = true

Turning it off (verifying it’s off)

tok0 telemetry off
tok0 telemetry status   # prints "off"

Or set TOK0_NO_TELEMETRY=1 in your shell rc — that environment variable forcibly disables telemetry regardless of config, and is the standard way to opt out across managed environments.

Auditing the wire

Want to verify nothing leaks? Run tok0 with TOK0_LOG=trace and watch:

TOK0_LOG=trace tok0 git diff 2>&1 | grep -i 'http\|request'

You’ll see (a) zero network calls when telemetry is off, (b) exactly one POST to the telemetry endpoint per day when it’s on, (c) the full request body printed before send so you can see exactly what’s leaving.

Self-updater

Separate from telemetry: tok0’s self-updater periodically checks GitHub Releases for new versions. This is a single GET request, no payload, controlled by:

[updater]
auto_check = true

Set to false to disable. There is no telemetry attached to the updater check; GitHub sees a request from your IP, the same as git pull.

Cloud features (gated, opt-in)

Builds with --features cloud add tok0 auth login and tok0 cloud team, which talk to api.tok0.dev for team-level dashboards. The default binary does not include these subcommands. If you’ve never run cargo install tok0 --features cloud or the equivalent, you don’t have them.

When you do log in, your team token lives in your OS keychain (Keychain on macOS, Credential Manager on Windows, libsecret on Linux). tok0 auth logout revokes it.

Threat model

tok0 is designed to be safe to install in environments where:

• You can’t trust arbitrary network calls (offline / restricted CI).
• You handle proprietary code or PHI/PII.
• Your security team needs to audit every byte that leaves the machine.

The CI pipeline asserts these properties on every release: a network-isolation test runs the binary inside a sandbox with no network and verifies it never attempts a connection in the default config.