Privacy Policy
Archgate ("we", "us", "our") is an open-source CLI tool for enforcing Architecture Decision Records (ADRs) as executable rules. This Privacy Policy explains how we collect, use, and protect information when you use the Archgate CLI, our documentation site, or our website.
Data controller: Dasolve AS (Org.nr 936 035 019), Lillogata
5P, 0484 Oslo, Norway.
Legal basis for CLI telemetry: Legitimate interest under
GDPR Article 6(1)(f) and LGPD Article 7, IX c/c Article 10. See our Legitimate Interest Assessment for the full analysis.
Data Protection Officer (Encarregado): privacy@archgate.dev
Applicable law: This policy complies with the European General Data Protection Regulation (GDPR), the Brazilian Lei Geral de Proteção de Dados (LGPD, Lei nº 13.709/2018), and the California Consumer Privacy Act (CCPA). For Brazilian users, see the Portuguese version for LGPD-specific provisions including Art. 18 rights, international transfer mechanisms, and ANPD contact information.
Our principles
- Minimal collection. We only collect what we need to improve the tool.
- No personal data. We do not collect names, emails, usernames, IP addresses, or any personally identifiable information through the CLI or websites.
- Full transparency. Our telemetry implementation is open source. You can inspect every data point we collect in the source code.
- Easy opt-out. A single command or environment variable disables all telemetry.
What the CLI collects
Usage analytics (PostHog)
When you run an Archgate command, we record anonymous usage data to understand how the CLI is used, prioritize features, and identify problems. This includes:
- Command name and flags used (flag presence only, never flag values)
- Exit code and execution duration
- Environment metadata: operating system, CPU architecture, Bun version, Archgate version, CI provider detection, TTY and WSL detection, shell type, and locale
- Install context: how the CLI was installed (binary, proto, npm, or local dev dependency)
- Project context: whether an Archgate project exists, number of ADRs and rules, and number of domains
- Repository context (non-identifying): whether a git repo exists, the hosting platform bucket (github/gitlab/bitbucket/azure-devops/other), a SHA-256 hash of the remote URL (truncated, not reversible), and the default branch name
- Coarse location: country and region only, resolved server-side from your IP address, which is then immediately discarded (see IP Anonymization below)
- Anonymous install ID: a random UUID generated on first run, not derived from any personal data
Specific commands send additional context: check sends aggregate
rule counts, init sends the editor choice, and upgrade sends version transition info. No file paths, source code, ADR content,
or AI prompts are ever included.
For public repositories confirmed via an unauthenticated API probe, a
one-time project_initialized event on archgate init may include the remote URL, owner, and repository
name. Private, self-hosted, or unconfirmed repositories never have this
information shared.
Error tracking (Sentry)
When the CLI crashes (exit code 2), we send:
- Error type, message, and stack trace (file paths stripped to relative paths)
- Runtime context: operating system, architecture, Bun version, Archgate version
- Anonymous install ID (same random UUID as analytics)
What the CLI does NOT collect
- No source code or file content
- No ADR content, rule output, or violation details
- No AI prompts, agent interactions, or generated code
- No flag values, API keys, tokens, or credentials
- No browsing history, cookies, or cross-site tracking
Archgate Plugins Service
The Archgate Plugins Service (plugins.archgate.dev)
handles plugin distribution and user authentication. Unlike the CLI
telemetry described above, this service does collect personal information when you create an account.
Account creation (signup)
When you sign up via archgate login, we collect:
- Email address — provided by you during signup or prefilled from your GitHub account
- GitHub username — retrieved from the GitHub API after you authorize via OAuth (GitHub Device Flow)
- Editor choice — which editor you plan to use (Claude Code, VS Code, Cursor, or Copilot CLI)
- Use case description — a short free-form text you provide describing how you plan to use Archgate
This data is stored in our database and used to provision your account, send you a welcome email, and understand how Archgate is being adopted.
Authentication tokens
When you log in, we issue an authentication token for plugin downloads. We store:
- Token hash — a SHA-256 hash of your token (the raw token is returned once and never stored on our servers)
- GitHub username — used as your user identifier
- Usage metadata — download count, last used timestamp, creation date, and expiration date (90 days by default)
On your machine, the token and GitHub username are stored in your operating system's credential manager (macOS Keychain, Windows Credential Manager, or Linux libsecret) — never as plain-text files.
Email communications
We send a one-time welcome email when you sign up. Emails are delivered via Resend. We do not send marketing emails, newsletters, or promotional content unless you explicitly opt in.
What the Plugins Service does NOT collect
- No real names or physical addresses
- No payment or billing information
- No source code, repository content, or ADR content
- No IDE telemetry or editor usage data beyond the initial editor choice at signup
- No IP addresses are stored — request IPs are used only for rate-limiting and discarded
Account deletion
To delete your account and all associated data, run archgate login logout to revoke your token locally, then contact
us at privacy@archgate.dev to request
deletion of your signup data from our database.
IP anonymization
Archgate uses PostHog's built-in IP anonymization. The CLI sends
events with $ip: null. PostHog resolves your IP to a
country and region server-side, then discards the IP address entirely.
It is never stored.
For Sentry, the project has "Prevent Storing of IP Addresses" enabled. IP addresses are stripped before storage.
How to opt out of CLI telemetry
You can disable all CLI telemetry (both analytics and error tracking):
Environment variable:
export ARCHGATE_TELEMETRY=0
Accepted values: 0, false, no, off (case-insensitive). Add to your shell profile for permanent
opt-out.
CLI command:
archgate telemetry disableThe environment variable takes precedence. When set, telemetry is disabled regardless of the CLI config.
What the websites collect
archgate.dev (marketing site)
The Archgate website uses Cloudflare Web Analytics, a privacy-first analytics service that:
- Does not use cookies
- Does not track individual visitors
- Does not collect personal information
- Provides only aggregate page-view and performance metrics
We also use PostHog for anonymous web analytics on
this site. PostHog is configured with person_profiles: "identified_only", meaning no user
profiles are created for anonymous visitors. Only aggregate page-view
and interaction data is collected.
No other third-party advertising or tracking services are used on this site.
cli.archgate.dev (documentation site)
The documentation site uses Cloudflare Web Analytics with the same privacy properties described above.
Cookies
The Archgate CLI does not set or read cookies.
The archgate.dev and cli.archgate.dev websites use PostHog configured
for
cookieless, memory-only tracking (persistence: "memory"). No cookies are set, no localStorage is written, and no data
persists between page loads. Each page view is treated as an
independent anonymous event.
If cookies are present, they are solely from infrastructure providers (such as Cloudflare) for operational purposes like bot protection, and contain no personal data.
How data is transmitted
CLI analytics events are routed through n.archgate.dev and
error reports through s.archgate.dev. These are
transparent reverse proxies operated by Dasolve AS on Cloudflare
infrastructure. They forward requests to PostHog EU (Frankfurt) and
Sentry EU (Frankfurt) respectively without logging, storing, or
inspecting event payloads. Their purpose is DNS-level resilience and
regional routing optimization.
Data storage and retention
| Service | Data | Region | Retention |
|---|---|---|---|
| PostHog Cloud | Anonymous usage analytics | EU | 1 year |
| Sentry Cloud | Crash reports | EU | 90 days |
| Turso | Signup data and token hashes (Plugins Service) | EU | Until account deletion is requested |
| Cloudflare | Aggregate web analytics | Global (edge) | 6 months |
All data is transmitted over HTTPS.
Third-party services
We use the following third-party services:
- PostHog — Anonymous CLI and web usage analytics. PostHog Privacy Policy.
- Sentry — CLI crash reporting. Sentry Privacy Policy.
- Cloudflare — Website hosting and privacy-first web analytics. Cloudflare Privacy Policy.
- GitHub — Source code hosting, binary releases, and CI/CD. GitHub Privacy Statement.
- npm — Package distribution. npm Privacy Policy.
- Resend — Transactional email delivery for welcome emails. Resend Privacy Policy.
- Turso — Database hosting for the Plugins Service (signup and token data). Turso Privacy Policy.
We do not sell, rent, or share any data with third parties for advertising or marketing purposes.
Subprocessors
The following third-party services process data on our behalf in connection with the Archgate CLI, Plugins Service, and websites:
| Subprocessor | Purpose | Data processed | Region |
|---|---|---|---|
| PostHog Inc. | CLI and web analytics | Anonymous usage events | EU (Frankfurt) |
| Functional Software Inc. (Sentry) | Crash reporting | Error reports, stack traces | EU (Frankfurt) |
| Cloudflare Inc. | CDN, DNS, web analytics, reverse proxy | Aggregate page views, forwarded events | Global edge (no storage) |
| GitHub (Microsoft Corp.) | OAuth, source hosting, binary releases | GitHub username (Plugins Service only) | US |
| ChiselStrike Inc. (Turso) | Plugins Service database | Account data, token hashes | EU |
| Resend Inc. | Transactional email | Email address (welcome email only) | US |
We maintain Data Processing Agreements (DPAs) with all subprocessors that handle personal data. Data transferred outside the EU/EEA is protected by Standard Contractual Clauses (SCCs) or equivalent mechanisms.
Open-source transparency
Archgate is open source under the Apache-2.0 license. You can verify every privacy claim in this policy by reading the source code:
Your rights
Under the GDPR and applicable Norwegian data protection law, you have the following rights regarding your personal data:
Right of access (Article 15)
You may request a copy of all data associated with your install ID or
Plugins Service account. To exercise this right, email
privacy@archgate.dev with your
install ID (found in ~/.archgate/config.json or via
archgate telemetry status). We will respond within 30
days with a CSV or JSON export.
Right to erasure (Article 17)
You may request deletion of your data. Note that disabling telemetry stops future collection but does not delete historical data. To request deletion of historical analytics and crash data:
- Email privacy@archgate.dev with your install ID
- We will delete all PostHog events and Sentry reports associated with your ID within 30 days
For Plugins Service account deletion:
-
Run
archgate login logoutto revoke your token locally - Email privacy@archgate.dev to request deletion of your signup data (email, username, use case) from our database
Aggregate or anonymized data that cannot be linked back to an individual may be retained for statistical purposes.
Right to object (Article 21)
You may object to processing based on legitimate interest at any time
by disabling telemetry (archgate telemetry disable) or by
contacting us. If you object, we will cease processing unless we can
demonstrate compelling legitimate grounds that override your
interests.
Right to data portability (Article 20)
Upon request, we will provide your data in a structured, commonly used, machine-readable format (JSON or CSV).
Right to lodge a complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at datatilsynet.no.
Response timeframe
We will respond to all data subject requests within 30 days of receipt. If a request is complex, we may extend this by an additional 60 days with prior notice.
California Privacy Rights (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:
- Right to know: You may request the categories and specific pieces of personal information we have collected. Categories include: identifiers (random UUID), internet activity information (command usage), and geolocation data (country/region only).
- Right to delete: You may request deletion of your data using the same process described in "Right to erasure" above.
- Right to opt-out of sale: We do not sell, rent, or share personal information for monetary or other valuable consideration. There is nothing to opt out of.
- Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights. Disabling telemetry has no effect on CLI functionality.
To exercise your CCPA rights, contact privacy@archgate.dev.
Children's privacy
Archgate is a developer tool and is not directed at children under the age of 13. We do not knowingly collect any information from children.
Changes to this policy
We may update this Privacy Policy from time to time. Changes will be reflected by the "Last updated" date at the top of this page. Since we do not collect personal data, we have no way to notify individual users of changes. We encourage you to review this page periodically.
Contact
If you have questions about this Privacy Policy or wish to exercise your data protection rights:
Dasolve AS
Lillogata 5P, 0484 Oslo, Norway
Org.nr: 936 035 019
Email: privacy@archgate.dev
You may also open an issue on GitHub for non-sensitive privacy questions.