What we collect — and the long list of what we don't.

These never leave your machine. There is no code path in the SDK that reads them for transmission — several are actively stripped by a client-side filter before any network call.

• ✕Environment variables. The SDK does not read process.env to send it. Nothing from your shell environment is transmitted.
• ✕.env files & secrets. No .env, credentials, or config secrets are read or sent. A sanitizer drops anything shaped like a key (sk-, pk-, ghp-, tokens, long hex) before tags are built.
• ✕Source code & file contents. Manifests are inspected only for the presence of known markers; file contents are never transmitted.
• ✕File paths & directory names. Your working directory is SHA-256 hashed locally for a frequency cap; the raw path is never sent.
• ✕Dependency names. We detect ecosystems, not packages — we emit a namespaced tag like fw:react, never the literal dependency “react”.
• ✕Prompts & conversation text. Raw prompt text is never transmitted. Topic keywords are tokenized locally and anything containing a path, URL, email, or key is discarded.
• ✕Keystrokes & shell history. No input capture, no shell-history access — the SDK only runs as a terminal hook.
• ✕Your raw IP address. Advertisers never receive your IP. Server-side it is only hashed and resolved to a coarse region; the raw IP is never exposed.
• ✕Precise location. No GPS, coordinates, or postal codes — at most a country / region / city derived from IP, never anything finer.
• ✕Device fingerprints. No MAC address, serial, or hardware id. Identity is a single random UUID generated on install.
• ✕Your identity, to advertisers. Advertisers never see your name, email, install id, or any way to single you out — only anonymized aggregates.

When a Blip is requested (a terminal hook fires), the SDK sends a compact payload so the network can choose a relevant sponsor and pay the right maintainer:

• ✓An anonymous install id. A random UUID created once per machine and stored locally — not derived from anything about you, and never linked to a name or email.
• ✓Host & context. Which AI CLI fired the hook (e.g. claude_code, codex, antigravity, grok_cli, copilot_cli), the SDK version, your OS family (darwin / linux / win32), and the terminal program name.
• ✓Namespaced attribute tags. Coarse ecosystem signals like lang:typescript, fw:nextjs, infra:postgres, type:mcp-server — derived from manifest presence, never the underlying files or dependencies.
• ✓Anonymized session topics. A short list of sanitized keywords about what’s being worked on (paths, URLs, emails, secrets and usernames removed before they’re sent) — used purely for relevance.
• ✓Placement & package. The hook point (e.g. SessionStart), and — in maintainer mode — the public publisher key and package name so earnings are attributed correctly.
• ✓Blip events. Impression, engagement (e.g. dwell time), and dismissal events keyed to a server-issued impression id — so we can count views/clicks and pay out.
• ✓Coarse geo (derived, server-side). Your IP is resolved to country / region / city via the MaxMind GeoLite2 database and stored hashed. This powers geo targeting and analytics — the raw IP is never stored in the clear or shown to advertisers.

Built to be invisible & safe: the SDK is fail-silent, has a hard ≤500ms timeout, ships zero runtime dependencies, and is suppressed in CI. If anything is slow or unreachable, it does nothing rather than block your tool.

Relevance signals are built and scrubbed locally, before any request:

• Tokens containing a slash, backslash, @, or :// (paths, URLs, emails) are dropped.
• Anything matching a credential shape (API keys, tokens, long hex strings) is rejected.
• Your username is explicitly excluded from topic extraction.
• Your working-directory path is hashed (SHA-256) for a local frequency cap; the path itself never travels.
• Detection emits only namespace:value tags — never raw file names, dependency names, or contents.

Advertisers fund the compute and earnings — but they buy relevance, not your identity. Everything in an advertiser's dashboard is aggregated and anonymized, and small groups are suppressed so no individual can be singled out.

advertisers can see (aggregate only)

• ✓Delivery & performance. Total impressions, clicks, CTR, spend, dismiss rate, and daily trends for their own campaigns.
• ✓Coarse geography. Country / region / city breakdowns of where Blips were shown — never precise location, never your IP.
• ✓Audience mix. The share of the reached audience by AI tool and by attribute (language / framework / infrastructure / project type), as percentages.
• ✓Session topics. Top anonymized keywords the audience was working on — aggregated counts only.
• ✓Attention & conversions. Viewability, dwell time, engagement rate, and conversion counts/rates tied only to an anonymous click token.

advertisers never see

• ✕Who you are. No names, emails, install ids, device ids, or any per-developer record.
• ✕Raw events or IPs. Only GROUP BY aggregates — never row-level events, raw IPs, or IP hashes.
• ✕Small groups. A strict k-anonymity threshold (minimum of 5 distinct developers) is enforced: any tool or attribute reaching fewer than 5 people is folded into an “other” bucket and cannot be isolated.
• ✕Each other’s data. Conversions, impressions and clicks are siloed per advertiser.

Targeting works without exposing you. Advertisers choose audiences by tool, region/city, and ecosystem tags; that filter is applied on our servers at serve time. The advertiser learns only the aggregate outcome (“12% of reached developers use Claude Code”), never the list of people behind it.

Conversions stay anonymous. Attribution uses a single-use, anonymous click token (oc_cid) — never a developer identity. An advertiser can count that a signup happened; they cannot learn who.

The SDK keeps local state under ~/.config/opencrater/ — your install id, compute-wallet token, frequency-cap timestamps, cached config, and detected tags. These files are used locally to run the SDK and are not transmitted (only the specific fields listed above are sent).

• Turn Blips off entirely at any time: npx opencrater off.
• Every Blip has a visible opt-out / dismiss control.
• A server kill-switch and per-config controls can disable serving instantly.
• Want your waitlist email or any record removed? Email us (below) and we'll delete it.

Analytics are reported over rolling windows (typically the last 30 days). We do not sell data, and we do not share it with data brokers or advertising networks — collected signals are used only to serve relevant Blips, pay maintainers and developers, and show advertisers the anonymized performance of their own campaigns.

Email privacy@opencrater.to for anything data-related — access, deletion, or just to understand a detail on this page. See also our privacy policy and content policy.