Privacy

July 2, 2026 · View on GitHub

Pulse is designed to run locally. By default, your monitoring data stays on your server.

Usage Data

Pulse has one outbound usage-data scope: outbound usage telemetry to help me understand active installations, release uptake, and feature use in aggregate.

Commercial activation and license-recovery runtime records stay on the Pulse instance where they were created. They are not exported to Pulse infrastructure, third-party analytics, support diagnostics, or ordinary Settings surfaces.

Outbound usage telemetry

Pulse includes outbound usage telemetry that is enabled by default. It sends a lightweight ping on startup and once every 24 hours with a rotating pseudonymous install ID to help me understand how many active installations exist, which releases are actually deployed, which features are in use, and whether Patrol control and governed Pulse Intelligence operations are being adopted.

The telemetry payload does not include hostnames, credentials, infrastructure identifiers, IP addresses, prompts, chat messages, command text, action output, token values, names, email addresses, or account identifiers. See the full field list below.

How to disable

  • Settings → System → General → Outbound usage telemetry (toggle off), or
  • Set the environment variable PULSE_TELEMETRY=false

How to inspect or rotate it

  • Settings → System → General → Preview payload shows the exact heartbeat JSON Pulse would send with the current runtime state.
  • Settings → System → General → Reset ID immediately rotates the local telemetry install ID and refreshes the previewed payload.
  • If telemetry is currently disabled, the preview still shows the payload Pulse would send if you enable it.

Exactly what is sent

Every field is listed below with the reason it exists. Nothing else is included in the telemetry payload:

FieldExamplePurpose
Install IDa1b2c3d4-...Distinguish active installations within one rotation window without tying telemetry to an account or person
Version6.0.0-rc.1Track the canonical release identity currently deployed
Version rawv6.0.0-rc.1-45-gabcdefPreserve the original build string when it differs so manual/dev builds do not pollute release reporting
Version channelstable, rc, devDistinguish published stable/RC assets from development or prerelease builds
Version buildgit.45.gabcdefPreserve build metadata for git-describe and other non-release builds
Version is developmenttrue/falseMark manual or source-built development installs explicitly
Version is published releasetrue/falseMark whether the running build matches a published stable or RC release asset
Platformdocker or binaryUnderstand whether runtime behavior differs between container and non-container installs
OSlinuxSee whether operating-system-specific issues exist
Archamd64See whether CPU-architecture-specific issues exist
Eventstartup or heartbeatDistinguish first-run/session starts from daily active-install heartbeats
PVE nodes3Understand Proxmox VE deployment size in aggregate
PBS instances1Understand Proxmox Backup Server adoption in aggregate
PMG instances0Understand Proxmox Mail Gateway adoption in aggregate
VMs25Understand approximate infrastructure scale in aggregate
Containers12Understand approximate LXC usage in aggregate
Agent hosts4Understand Pulse Agent adoption for node-local telemetry in aggregate
Docker hosts2Understand Docker monitoring adoption in aggregate
Docker containers18Understand Docker / Podman workload scale in aggregate
Kubernetes clusters0Understand Kubernetes monitoring adoption in aggregate
Kubernetes nodes3Understand Kubernetes node scale in aggregate
Kubernetes pods42Understand Kubernetes workload scale in aggregate
Kubernetes deployments8Understand Kubernetes deployment adoption in aggregate
Storage pools6Understand storage monitoring adoption in aggregate
Physical disks24Understand disk-health monitoring adoption in aggregate
Ceph clusters1Understand Ceph monitoring adoption in aggregate
Network shares5Understand NAS/share monitoring adoption in aggregate
TrueNAS systems1Understand TrueNAS integration adoption in aggregate
TrueNAS VMs2Understand TrueNAS VM visibility adoption in aggregate
TrueNAS apps7Understand TrueNAS app visibility adoption in aggregate
VMware hosts3Understand VMware vSphere host monitoring adoption in aggregate
VMware VMs35Understand VMware vSphere VM monitoring adoption in aggregate
VMware datastores4Understand VMware datastore visibility adoption in aggregate
Availability targets9Understand agentless availability-check adoption in aggregate
AI enabledtrue/falseSee whether AI features are actually used before expanding or removing them
Patrol enabledtrue/falseSee whether proactive AI health patrol is used
Discovery enabledtrue/falseSee whether network or model-backed discovery is used
Notifications enabledtrue/falseSee whether alert notification delivery is configured
AI actions enabledtrue/falseSee whether AI control tools are enabled without sending action history or command content
Active alerts4Understand how noisy or quiet installations are in aggregate
Relay enabledtrue/falseSee whether remote-access features are being used
SSO enabledtrue/falseSee whether single-sign-on support is being used
Multi-tenanttrue/falseSee whether multi-tenant/runtime-org features are being used
Paid licensetrue/falseDistinguish free from paid posture without sending the exact commercial tier
Has API tokenstrue/falseSee whether token-based automation/integration is being used without sending token counts
Update attempts 30d2Count update attempts recorded in the current 30-day telemetry window without sending download URLs, logs, or command output
Update successes 30d1Count successful update attempts in the current 30-day telemetry window
Update failures 30d1Count failed or rolled-back update attempts in the current 30-day telemetry window without sending raw errors, logs, URLs, or command output
Update last failure categorydownloadSend only a coarse category for the latest update failure, such as download, signature, checksum, disk_space, extract, backup, apply, restart, rolled_back, or unknown
Pulse Intelligence loop configuredtrue/falseSee whether Assistant, Patrol, governed actions, or external-agent access is configured so adoption can be measured without sending configuration details
Pulse Intelligence loop active 30dtrue/falseSee whether Assistant, Patrol, external-agent, or governed-action activity occurred in the current 30-day telemetry window
Pulse Intelligence complete operations loop 30dtrue/falseSee whether Patrol issue activity reached an approved or rejected governed-action decision without sending prompts, findings, resource identifiers, command text, or action output
Pulse Intelligence approved execution loop 30dtrue/falseSee whether Patrol issue activity reached an approved governed action attempt without sending action details
Pulse Intelligence resolved operations loop 30dtrue/falseSee whether Patrol issue activity reached resolution with an approved action success without sending prompts, findings, resource identifiers, command text, or action output
Pulse Intelligence Patrol control completed operations loop 30dtrue/falseSee whether a Patrol mode starter, Patrol issue activity, contextual Assistant or external-agent collaboration, and either a rejected governed decision or an approved governed decision with a verified outcome occurred without sending prompt text, checkout details, account links, token details, resource identifiers, command text, or action output
Pulse Intelligence Patrol control resolved operations loop 30dtrue/falseSee whether a Patrol mode starter, Patrol issue activity, contextual Assistant or external-agent collaboration, an approved governed decision, and a verified outcome occurred without sending prompt text, checkout details, account links, token details, resource identifiers, command text, or action output
Pulse Intelligence Patrol control paid completed operations loop 30dtrue/falseSee whether the install currently has a paid license and Patrol mode reached a governed decision without sending the exact tier, checkout details, account links, prompts, token details, resource identifiers, command text, or action output
Pulse Intelligence Patrol control paid resolved operations loop 30dtrue/falseSee whether the install currently has a paid license and Patrol mode reached a resolved issue without sending the exact tier, checkout details, account links, prompts, token details, resource identifiers, command text, or action output
Pulse Intelligence Pro activation completed operations loop 30dtrue/falseCompatibility mirror of the Patrol control completed field for historical aggregate reporting without sending prompt text, checkout details, account links, token details, resource identifiers, command text, or action output
Pulse Intelligence Pro activation resolved operations loop 30dtrue/falseCompatibility mirror of the Patrol mode resolved field for historical aggregate reporting without sending prompt text, checkout details, account links, token details, resource identifiers, command text, or action output
Pulse Intelligence Pro activation paid completed operations loop 30dtrue/falseCompatibility mirror of the paid Patrol mode decision field for historical aggregate reporting without sending exact tier, checkout details, account links, token details, resource identifiers, command text, or action output
Pulse Intelligence Pro activation paid resolved operations loop 30dtrue/falseCompatibility mirror of the paid Patrol mode resolved field for historical aggregate reporting without sending exact tier, checkout details, account links, token details, resource identifiers, command text, or action output
Pulse Intelligence governed action active 30dtrue/falseSee whether Patrol or Assistant reached action planning, approval, approve/reject decision, or approved-action depth in the current 30-day telemetry window without sending action details
Pulse Intelligence Assistant operations loop 30dtrue/falseSee whether Assistant collaboration specifically reached the Patrol issue plus approved/rejected governed-action path without sending prompts, chat messages, tool details, findings, command text, or action output
Pulse Intelligence Assistant approved execution loop 30dtrue/falseSee whether Assistant collaboration specifically reached approved governed-action execution in the 30-day window without sending prompts, chat messages, command text, actors, or action output
Pulse Intelligence Assistant approved action success loop 30dtrue/falseSee whether Assistant collaboration specifically reached approved action success in the 30-day window without sending prompts, chat messages, verification details, command text, or action output
Pulse Intelligence Assistant resolved operations loop 30dtrue/falseSee whether Assistant collaboration specifically reached Patrol resolution plus approved action success in the 30-day window without sending findings, prompts, chat messages, verification details, command text, or action output
Pulse Intelligence external agent operations loop 30dtrue/falseSee whether direct external-agent or MCP collaboration reached the Patrol issue plus approved/rejected governed-action path without sending route parameters, prompts, resource identifiers, command text, or action output
Pulse Intelligence external agent approved execution loop 30dtrue/falseSee whether direct external-agent or MCP collaboration reached approved governed-action execution in the 30-day window without sending route parameters, command text, actors, or action output
Pulse Intelligence external agent approved action success loop 30dtrue/falseSee whether direct external-agent or MCP collaboration reached approved action success in the 30-day window without sending route parameters, command text, verification details, or action output
Pulse Intelligence external agent resolved operations loop 30dtrue/falseSee whether direct external-agent or MCP collaboration reached Patrol resolution plus approved action success in the 30-day window without sending findings, route parameters, command text, verification details, or action output
Pulse Intelligence MCP adapter operations loop 30dtrue/falseSee whether the pulse-mcp adapter specifically reached the Patrol issue plus approved/rejected governed-action path without sending prompts, tool inputs, route parameters, resource identifiers, command text, or action output
Pulse Intelligence MCP adapter approved execution loop 30dtrue/falseSee whether the pulse-mcp adapter specifically reached approved governed-action execution in the 30-day window without sending prompts, tool inputs, command text, actors, or action output
Pulse Intelligence MCP adapter approved action success loop 30dtrue/falseSee whether the pulse-mcp adapter specifically reached approved action success in the 30-day window without sending prompts, tool inputs, verification details, command text, or action output
Pulse Intelligence MCP adapter resolved operations loop 30dtrue/falseSee whether the pulse-mcp adapter specifically reached Patrol resolution plus approved action success in the 30-day window without sending findings, prompts, tool inputs, verification details, command text, or action output
Pulse Intelligence operations loop starter requests 30d3Count shared Patrol-work starter requests in the current 30-day telemetry window without sending prompt text, chat messages, tool inputs, resource IDs, or request details
Pulse Intelligence Assistant operations loop starter requests 30d2Count Assistant requests for shared Patrol work in the current 30-day telemetry window without sending prompt text, chat messages, resource IDs, or request details
Pulse Intelligence Patrol operations loop starter requests 30d1Count Patrol work starter requests in the current 30-day telemetry window without sending prompt text, findings, resource IDs, or request details
Pulse Intelligence Patrol control operations loop starter requests 30d1Count Patrol work, Patrol-mode, and historical entry-point requests for shared Patrol work in the current 30-day telemetry window without sending prompt text, checkout details, account links, resource IDs, or request details
Pulse Intelligence Pro activation operations loop starter requests 30d1Count historical entry-point requests for Patrol mode in the current 30-day telemetry window without sending prompt text, checkout details, account links, resource IDs, or request details
Pulse Intelligence MCP operations loop starter requests 30d1Count pulse-mcp requests for shared Patrol work in the current 30-day telemetry window without sending prompt text, tool inputs, resource IDs, route parameters, or request details
Pulse Intelligence Assistant AI calls 30d18Count Assistant model calls in the current 30-day telemetry window without sending prompts, responses, session IDs, or chat text
Pulse Intelligence Assistant context AI calls 30d7Count Assistant model calls tied to a governed resource, finding, handoff, or action context in the current 30-day telemetry window without sending prompts, responses, session IDs, resource IDs, finding IDs, or chat text
Pulse Intelligence Assistant tool calls 30d11Count Assistant tool calls in the current 30-day telemetry window without sending tool names, tool inputs, tool outputs, prompts, responses, session IDs, resource IDs, finding IDs, command text, or chat text
Pulse Intelligence Patrol AI calls 30d6Count Patrol model calls in the current 30-day telemetry window without sending provider-bound context or findings text
Pulse Intelligence Patrol runs 30d12Count Patrol investigations in the current 30-day telemetry window
Pulse Intelligence Patrol new findings 30d5Count new findings produced by Patrol in the current 30-day telemetry window without sending finding IDs or details
Pulse Intelligence Patrol investigations 30d3Count findings investigated by Patrol in the current 30-day telemetry window without sending finding IDs, resource IDs, or details
Pulse Intelligence Patrol resolved findings 30d2Count findings resolved or fix-verified in the current 30-day telemetry window without sending finding IDs, resource IDs, fix details, or verification detail
Pulse Intelligence Patrol autofixes 30d1Count Patrol autofix records in the current 30-day telemetry window without sending target resources or fix content
Pulse Intelligence external agent enabledtrue/falseSee whether at least one token can use the external Pulse Intelligence agent/MCP surface without sending token counts, names, scopes, or values
Pulse Intelligence external agent used 30dtrue/falseSee whether an external-agent-capable API token reached a Pulse Intelligence agent/MCP route in the current 30-day telemetry window without sending token identity, route parameters, resource IDs, or request details
Pulse Intelligence MCP adapter used 30dtrue/falseSee whether the pulse-mcp adapter reached a Pulse Intelligence agent/MCP route in the current 30-day telemetry window without sending token identity, route parameters, resource IDs, prompts, or request details
Pulse Intelligence external agent context requests 30d8Count external-agent/MCP resource-context and fleet-context requests in the current 30-day telemetry window without sending resource IDs, route parameters, or request details
Pulse Intelligence external agent event stream requests 30d3Count external-agent/MCP event-stream requests in the current 30-day telemetry window without sending event content, route parameters, or request details
Pulse Intelligence external agent provisioning requests 30d2Count external-agent/MCP provisioning requests in the current 30-day telemetry window without sending discovered resources, credentials, route parameters, or request details
Pulse Intelligence external agent operator state requests 30d5Count external-agent/MCP operator-state requests in the current 30-day telemetry window without sending state payloads, route parameters, or request details
Pulse Intelligence external agent finding requests 30d4Count external-agent/MCP finding-list and finding-decision requests in the current 30-day telemetry window without sending finding IDs, finding text, route parameters, or request details
Pulse Intelligence external agent action requests 30d1Count external-agent/MCP action-plan, action-decision, and action-execution requests in the current 30-day telemetry window without sending command text, action output, route parameters, or request details
Pulse Intelligence action plans 30d4Count governed action plans in the current 30-day telemetry window without sending command text, resource IDs, or plan details
Pulse Intelligence approval requests 30d2Count approval-gated action requests in the current 30-day telemetry window without sending approvers, reasons, command text, or targets
Pulse Intelligence rejected action decisions 30d1Count rejected governed action decisions in the current 30-day telemetry window without sending approvers, reasons, command text, targets, or action IDs
Pulse Intelligence approved action decisions 30d1Count approved governed action decisions in the current 30-day telemetry window without sending approvers, reasons, command text, targets, or action IDs
Pulse Intelligence approved action attempts 30d1Count approved governed action attempts in the current 30-day telemetry window without sending action output, command text, or verification detail
Pulse Intelligence approved action successes 30d1Count approved governed actions that completed successfully in the current 30-day telemetry window without sending action output, command text, resource IDs, actors, reasons, or verification detail

Server-side handling and retention

  • Telemetry pings are stored on the Pulse license server only for aggregate install/use analysis.
  • The license server stores only the same coarse telemetry fields listed above; it does not expand them into exact commercial tiers, exact API-token counts, prompts, chat messages, command text, action output, token values, or resource identifiers.
  • Pulse may derive aggregate Pulse Intelligence adoption reports from those same rows, including whether an install reached Patrol issue activity, Patrol resolution, Assistant, direct external-agent, or MCP collaboration, Patrol mode starter use, paid Patrol mode cohorts, governed-action activity, approved or rejected action decisions, approved action success, completed Patrol control work, recent retention, and observed free-to-paid movement within the source window. Those reports do not add prompts, findings, resource identifiers, tool names, tool inputs, tool outputs, command payloads, action outputs, account links, or exact commercial tiers.
  • External-agent/MCP activity is stored only as a coarse adapter-origin flag plus capability-class counters: context, event stream, provisioning, operator state, findings, and action requests.
  • Telemetry rows older than 90 days are purged automatically.
  • The license server uses request IP addresses transiently for abuse/rate limiting, but it does not store IP addresses in telemetry rows.

What is NOT sent

  • No IP addresses are included in the telemetry payload or stored in telemetry rows
  • No hostnames, node names, VM names, or any infrastructure identifiers
  • No Proxmox credentials, API tokens, or passwords
  • No alert content, AI prompts, chat messages, tool names, tool inputs, tool outputs, command text, action output, or token values
  • No names, email addresses, account identifiers, or other intentionally identifying personal content

Install ID rotation

The telemetry install ID is pseudonymous, is not tied to a Pulse account, and rotates automatically every 30 days. Pulse keeps it only to avoid treating every startup ping as a brand-new install while still limiting long-term linkage from one heartbeat window to the next. Operators can also rotate it immediately from Settings → System → General → Reset ID.

Source code

The telemetry implementation is in internal/telemetry/telemetry.go. You can read the Ping struct to see every field that is transmitted.

No Third-Party Analytics

  • There is no third-party analytics SDK in the frontend.
  • Telemetry pings go only to the Pulse license server (license.pulserelay.pro), not to any third-party service.

Optional Outbound Connections (Explicitly Enabled)

Pulse can make outbound connections when you enable specific features:

  • AI providers: when AI features are configured, Pulse sends only the context required for your request to the provider you chose. Local providers stay on your network; non-local hosted providers receive provider-bound context directly from your Pulse instance. AI prompts from self-managed installs do not transit Pulse infrastructure. Before non-local model requests leave the instance, governed resource details use the same resource-policy redaction shown in Data Handling: local-only resource details are omitted from detailed prompt sections or replaced with policy-safe summaries, and known restricted resource identifiers are redacted where they appear in provider-bound context. See docs/AI.md.
  • Relay / Remote Access: when relay is enabled, Pulse connects to the configured relay endpoint to enable secure remote web access, Pulse Mobile pairing for handoff, and push notifications. See Settings → Remote Access.
  • Update checks: Pulse can check for new releases/updates (for example via GitHub release metadata) depending on your deployment and configuration.