Privacy by default
No cookies. Tell identifies visitors with random device UUIDs generated by the SDK. No cookie banner needed. No PII collected. Events and sessions use anonymous device IDs — not emails, names, or IP addresses. You choose what properties to send. Self-hosted. Your data stays on your servers. Nothing is sent to third parties. This makes Tell compliant with GDPR and CCPA without additional configuration.PII redaction
If your events or logs contain personal information (emails in log messages, IPs in error traces), the redact transform scrubs them before data reaches storage. Tell includes 11 built-in PII patterns:| Pattern | Matches |
|---|---|
email | Email addresses |
phone | Phone numbers (E.164 and common formats) |
credit_card | 13-19 digit card numbers |
ssn_us | US Social Security Numbers |
cpr_dk | Danish CPR numbers |
nino_uk | UK National Insurance Numbers |
bsn_nl | Dutch BSN numbers |
ipv4 | IPv4 addresses |
ipv6 | IPv6 addresses |
passport | Passport numbers |
iban | International Bank Account Numbers |
[REDACTED]. Hash mode replaces them with a deterministic pseudonym (e.g., usr_7Hx9KmPqR2sT) so you can still correlate records without exposing the original value.
Audit logging
Tell records 40 typed audit actions across authentication, data access, workspace management, and admin operations. Every action includes who did it, what they did, whether it succeeded, and from which source (API, CLI, MCP, or public link).What’s audited
| Category | Actions |
|---|---|
| Authentication | Login, logout, failed login, token refresh, API key create/revoke |
| Boards | Create, update, delete, run, share |
| Sharing | Create link, revoke link, public access |
| Data queries | SQL query execution, query denied, query timeout |
| Workspace | Add/remove member, role change, settings update |
| Invitations | Create, cancel, accept |
| Saved metrics | Create, update, delete |
| Segments | Create, update, delete |
| MCP | Auth failed, session create |
| Admin | Config change, setup, user create/update/delete |
Outcomes
Each audit event records an outcome:- Success — action completed normally
- Denied — permission check failed
- Failed — runtime error
- Blocked — rate limited or timed out
Sensitive actions
Some actions are classified as sensitive and should always be logged regardless of log level filtering. These include failed logins, API key operations, SQL queries, membership changes, and all admin operations.Enabling audit logs
Audit logging is enabled on the API server. Events are emitted as structured log entries with targetaudit, so they flow through your existing log infrastructure. Filter for target: "audit" to route them to a SIEM, log aggregator, or dedicated file.
Product telemetry
Tell collects anonymous usage telemetry to understand how the product is used. It’s enabled by default and designed to be transparent — you can inspect exactly what’s sent before deciding to keep it on. No PII. The install ID is a SHA256 hash derived from your hostname. It can’t be reversed to identify you. No IP addresses, hostnames, or user data are included.What’s collected
| Category | Data |
|---|---|
| Deployment | Anonymous install ID, Tell version, OS, architecture, CPU cores, memory |
| Configuration | Which source/sink/connector/transformer types are enabled (names only, not values) |
| Runtime | Messages processed, bytes processed, uptime, error count, active connections |
| Feature usage | Which features have been used: tail, query, TUI, boards count, API keys count, workspaces count |
t.tell.rs:50000.
Inspect the payload
See exactly what would be sent:Opt out
Configuration
| Field | Default | Description |
|---|---|---|
enabled | true | Set false to disable all telemetry |
interval | "7d" | Reporting interval ("1d", "7d", "30d") |
Rate limiting
Tell rate-limits sensitive endpoints to prevent abuse:| Endpoint type | Limit |
|---|---|
| Auth (login, token) | 10 req/min |
| Data queries (SQL) | 30 req/min |
| Public shares | 60 req/min |