Telemetry
Opt-in. Anonymous. One ping per machine per month. Effective May 7, 2026.
Claude Recall is local-first. The CLI you install never phones home unless you explicitly say yes. This page tells you exactly what gets sent if you do, what we never collect, and how to opt out at any time.
Why we ask at all
The public npm download counter mixes real installs with security scanners, mirror caches, CI runners, and curiosity tools. We have no way to tell those apart from real humans. Without a clean human-only signal, marketing decisions get made against vanity numbers.
The fix is the smallest possible ping: one anonymous message per machine per month that lets us count installs honestly. It uses no fingerprint, no identity, and no cross-month correlation.
The exact payload
If you opt in, this is the literal JSON we send to POST https://clauderecall.com/api/install-ping. Nothing more, nothing less:
{
"event": "install",
"version": "0.62.0",
"platform": "darwin",
"arch": "arm64",
"month": "2026-05",
"nonce": "a3f8b1d2c0419e8b07c18b6e2d3a9c01"
}Field by field
- event — always the literal string
"install". Future-proofing for additional event types should we ever add them (which would require a new opt-in). - version — the CLI version you installed. Same number that's public on npm.
- platform — one of
darwin,linux,win32. OS family only. - arch — one of
x64,arm64,ia32. CPU family only. - month — current calendar month, used as a server-side dedup key.
- nonce — 32 random hex characters generated locally on first ping of the month, then rotated on the 1st of every month. Cannot be linked to a previous month's ping. Cannot be linked to your machine. Cannot be linked to you.
What we never send
Explicit negative list. None of these are in the payload, in the headers we control, or in any server-side log we keep:
- Email or name
- IP address (your network sends that anyway; we discard it server-side and never join it to the row)
- Machine fingerprint, hostname, OS username, MAC address
- File paths or file content from your machine
- Session content, conversation transcripts, code, or anything from
~/.claude/projects/ - License key (Pro users)
- Anything that could identify you across runs, across months, or across machines
How to opt out
Three commands, each takes a fraction of a second. Default for new installs is OFF — the first-run prompt only appears on a real terminal (CI environments without a TTY auto-decline).
recall telemetry off # opt out, delete the nonce, never ping again
recall telemetry on # opt in (or re-opt-in)
recall telemetry view # show current decision and the exact next-ping payloadState lives in ~/.recall/telemetry.jsonwith mode 0600. You can delete the file at any time to reset to "not yet decided".
Server side
Pings land in a single SQLite table on the same droplet that handles license activation. Schema:
CREATE TABLE install_pings (
id INTEGER PRIMARY KEY AUTOINCREMENT,
received_at TEXT NOT NULL DEFAULT (datetime('now')),
version TEXT NOT NULL,
platform TEXT NOT NULL,
arch TEXT NOT NULL,
month TEXT NOT NULL,
nonce TEXT NOT NULL,
UNIQUE(month, nonce)
);The UNIQUE(month, nonce) constraint enforces server-side deduplication even on buggy clients. We do not log IP addresses or User-Agent strings into this table.
Source code
Don't take our word for any of this — read the source:
- src/telemetry/install-ping.ts — CLI side: state file, nonce rotation, fetch with 5s timeout
- src/telemetry/first-run-prompt.ts — first-run y/N prompt, TTY-only, default N
- site/app/api/install-ping/route.ts — server endpoint with Zod validation and per-IP rate limiting
- site/lib/install-pings-db.ts — server-side schema, dedup constraint
Data retention
Raw rows are kept for 90 days. After that, they are aggregated into daily counts and the raw rows are deleted. We never need a single row beyond a quarter; we only need the count.
Questions or concerns
Email [email protected] or open an issue on the public issue tracker.
See also: Privacy Policy · Terms