Telemetry & Privacy
Velauth sends a small number of anonymous events to help understand which features are used and where improvements matter most. No Active Directory content, no usernames, and no machine-identifiable information is ever included.
Sending can be turned off at any time — see Opting out.
How your identity is protected
Section titled “How your identity is protected”Every event is tagged with an anonymous installation ID constructed as follows:
- A random ID is generated the first time Velauth runs and stored in
%AppData%\Velauth\telemetry-id.txt. - That ID and the Windows machine GUID (from
HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid) are combined and hashed with SHA-256. - The result (
anon-<64 hex characters>) is used as the event identifier.
The hash cannot be reversed. It does not contain your username, machine name, domain, or any other identifiable information. Deleting telemetry-id.txt resets it permanently.
Events sent
Section titled “Events sent”Every event includes these envelope fields:
| Field | Value | Notes |
|---|---|---|
distinct_id | anon-<64 hex chars> | Anonymous installation hash |
timestamp | UTC ISO-8601 | When the event occurred |
$lib | velauth | Identifies the sending app |
$lib_version | e.g. 1.8.0 | App version string |
app.launched
Section titled “app.launched”Fired once each time the application finishes starting up. No additional fields.
app.onboarding_completed
Section titled “app.onboarding_completed”Fired once per installation when the setup wizard is finished.
| Field | Value |
|---|---|
first_use_at_utc | UTC timestamp of wizard completion |
app.crash_occurred
Section titled “app.crash_occurred”Fired when an unhandled fatal error is caught, immediately before the crash report window appears.
| Field | Value |
|---|---|
source | Which crash handler caught the error (dispatcher, thread, or domain) |
stage | The last recorded startup stage at time of crash |
No exception message, stack trace, or user data is included here. A separate crash report (with a sanitised stack trace) is sent to Sentry — see Crash reports.
users.load
Section titled “users.load”Fired each time the user list is loaded or refreshed. Only the count of accounts returned is sent — no names, OUs, or attributes.
ui.page_navigate
Section titled “ui.page_navigate”Fired each time a page is opened. Contains only the page name (e.g. Users, Audit, Settings).
ui.safety_lock_toggle
Section titled “ui.safety_lock_toggle”Fired when the safety lock is turned on or off. Contains engaged: true/false.
AD operation events
Section titled “AD operation events”Fired when an operation is successfully applied. Only the count of accounts affected is sent — never account names, OUs, or any attribute.
| Event | Operation |
|---|---|
users.unlock | Account unlocked |
users.enable | Account enabled |
users.disable | Account disabled |
users.reset_password | Password reset |
users.force_reset_at_logon | ”Must change password at next logon” set |
users.password_never_expires | Password-never-expires enabled |
users.password_expires | Password expiry re-enabled |
The first time each operation type is used per installation, an additional first_use_at_utc timestamp is also sent.
What is never sent
Section titled “What is never sent”- Usernames, SAMAccountNames, display names, or email addresses
- Distinguished names or OU paths
- Domain names or hostnames
- Any password or credential
- Any Active Directory attribute value
- Audit log entries or report content
- IP addresses
Crash reports
Section titled “Crash reports”When a fatal error occurs, Velauth sends a crash report to Sentry (separately from PostHog). Before transmission, the report is scrubbed of:
- Usernames and account names
- Hostnames and Distinguished Names
The scrubbed stack trace and exception type are sent so the crash can be located and fixed. No AD data is included.
Data processors
Section titled “Data processors”| Data | Processor | Privacy policy |
|---|---|---|
| Usage events | PostHog Cloud (https://app.posthog.com/capture/) | posthog.com/privacy |
| Crash reports | Sentry (https://sentry.io) | sentry.io/privacy |
Velauth does not operate any analytics infrastructure itself.
Opting out
Section titled “Opting out”During setup: uncheck “Help improve Velauth by sending anonymous usage data” on the final step of the setup wizard. This prevents even the first app.launched event from being sent.
After setup: open Settings → Privacy and set “Share usage data” to Off. The change takes effect immediately.
The preference is stored in %AppData%\Velauth\preferences.json and persists across sessions and updates.