LumaBrowser: Total transparency on data and telemetry.

This page applies specifically to LumaBrowser, which is operated by Lumabyte, LLC. Our open-source libraries (ResonantJs, OpenGridJs) collect no telemetry whatsoever. We are developers building tools for developers. We hate sneaky telemetry as much as you do. Here is exactly what the LumaBrowser Community Edition collects, why it collects it, and how to opt out. For the full umbrella privacy policy covering billing and licensing too, see /privacy.

The Philosophy

The modern web is a nightmare of randomized CSS classes and broken DOMs. The LumaBrowser Template Builder solves this. To make this tool truly powerful, the Community Edition operates on a shared-knowledge model: your generated selectors help build a public repository of resilient templates that benefits the entire ecosystem. Anonymous usage analytics tell us which features matter most so we can focus development where it counts. We collect the minimum needed to improve the product and nothing more.

What We Collect

Community Edition by default. Paid tiers with the NO_TELEMETRY entitlement (standard on Pro and Enterprise) collect nothing from the app beyond licensing; Enterprise Docker deployments never initialize PostHog or Sentry at all.

Machine Identifier A machine-level identifier is used as the PostHog distinctId so we can count unique installs and attribute events. It is not a random per-install UUID and not a one-way hash: it is the OS's own machine identifier (Windows: MachineGuid registry value; macOS: IOPlatformUUID; Linux: /var/lib/dbus/machine-id). It is stable across reinstalls of LumaBrowser on the same machine, and it is the same value used as the license fingerprint when you activate Pro or Enterprise. No name or email is attached to it in PostHog. We pair it with your platform, architecture, app version, and Electron version so we can track adoption across OS targets.
Application Lifecycle A single app_started event fires each launch. This helps us understand active usage and session frequency.
Feature Usage (IPC allow-list) A fixed, code-level allow-list of high-signal user actions is tracked as ipc_action events with only the channel name. Today that list includes: AI chat completions and streaming sessions, template-builder preference saves, notification-interceptor webhook save / forward / test, network-watcher add / remove / update / toggle / test, timed-task create / update / delete / trigger, and extension test-harness runs. Setting changes, extension toggles, setup-wizard completion, and LLM-provider configuration fire their own dedicated events with only structural metadata (e.g., which setting, how many providers). Read-only and polling channels are deliberately excluded to avoid noise. No prompts, no URLs, no credentials, no response bodies.
API Request Activity For requests made to the local REST API (used by MCP clients and automation tools), we log an api_request event with HTTP method and route path for non-GET requests. No request bodies, headers, query strings, or response data are transmitted.
Template Generation Data When the Template Builder analyzes a page to generate CSS selectors, the target domain, URL path, and the resulting generalized selector map are sent to our shared template repository. Query strings, URL fragments, form values, and any user-typed input are stripped before transmission.
Crash & Error Reporting Unhandled exceptions and native crashes are reported via Sentry (@sentry/electron) to help us identify and fix bugs. Stack traces, error messages, release version, and platform metadata are included; no user content or browsing data is attached.
IP Address (via PostHog and Sentry SDKs) Both PostHog and Sentry see the source IP of the outbound event request, as any HTTP client does. We don't log, query, or use IP addresses beyond what those SDKs do by default, but we won't pretend they aren't observable. PostHog is configured with person_profiles: 'identified_only' and session replay is disabled.

What We NEVER Collect

Your API Keys or Credentials Your Anthropic, OpenAI, and other provider keys never leave your machine. They are stored securely in your local SQLite database.
Prompts, Conversations, or AI Responses We track that a chat completion or streaming session occurred, but never the content of your prompts, system messages, or model responses.
URLs, Page Content, or Browsing History We do not track the URLs you visit, the pages you browse, cookies, or local storage. Tab events include no URL or page data.
Local WebGPU Data If you use the WebGPU extension for local model inference, zero prompt or response data is transmitted to us.
Intercepted Network Traffic The Network Watcher processes everything locally. We do not see the payloads, headers, or webhooks you forward traffic to.
Direct Personal Identifiers No names, no email addresses, no geolocation queries. The machine identifier above can be correlated with your Keygen.sh account if you also hold a paid license — but on the Community tier with no license, the identifier is not linked to an account-level profile we maintain.

How to Opt Out

Today, the Community tier has no in-app toggle. PostHog and Sentry are on by default for packaged Community builds. They are switched off in any of three ways:

Activate a Pro or Enterprise license that carries the NO_TELEMETRY entitlement (standard on our paid policies).
Run LumaBrowser in development mode (unpackaged, or launched with --dev) — both integrations short-circuit.
Block outbound traffic to us.i.posthog.com and o4511128142675968.ingest.us.sentry.io at the network layer.

Upgrading to a commercial license immediately severs all telemetry connections and keeps your generated templates strictly localized to your machine's SQLite database. View pricing plans →

A user-facing opt-out toggle for Community is on the roadmap. If you need it, email us and tell us — demand shapes the priority.

Want total privacy? Join the Pro waitlist.

Be the first to know when Pro Solo launches. Early adopters get locked-in pricing.