Skip to main content
Back to blog
Product·Published onMar 10, 2026

Introducing Anonymous Usage Telemetry

DH
David HöckCEO & Co-Founder, Vendure
Starting with v3.6.0, Vendure collects anonymous usage telemetry to help us understand how the framework is being used in the real world.

In this post, we want to be fully transparent about what we collect, why we collect it, and how you can opt out.

Why We're Doing This

As an enterprise platform with an open source core framework, we have limited visibility into how Vendure is actually deployed and used. We know what happens on our docs site, we see GitHub issues and Discord conversations, but the picture is incomplete. We don't know which plugins are popular, what databases people prefer, or how large a typical Vendure installation is.

This matters because it directly affects how we prioritize our work. Should we invest more in Postgres-specific optimizations or MySQL support? Are people running Vendure in containers or on bare metal? Which community plugins deserve the most attention?

Anonymous telemetry helps us answer these questions so we can focus our development efforts where they matter most. This is a common practice across major open-source frameworks, and we've designed our approach with privacy as the top priority from day one.

What We Collect

Telemetry data is sent once per server startup and includes:

  • Vendure version and Node.js version: so we know which versions are actively used
  • Database type (Postgres, MySQL, MariaDB, or SQLite): not your connection string, just the type
  • Operating system and architecture (e.g., linux x64): to understand target platforms
  • Plugin usage: names of official Vendure plugins and third-party npm packages. For custom plugins, we only collect a count, never the names
  • Entity metrics as ranges: we don't collect exact numbers. Instead of knowing you have 4,832 products, we only see "1k-10k". This applies to all entity counts
  • Deployment information: whether you're running in a container, which cloud provider (if any), and whether you use integrated or separate workers
  • Configuration strategy names: for example, we'll see that you use S3AssetStorageStrategy, but none of its configuration values

Each installation is identified by a randomly generated UUID that is not derived from any system information. It exists solely to deduplicate events.

What We Explicitly Don't Collect

We want to be equally clear about what is never collected:

  • No hostnames, IP addresses, or domain names
  • No customer data, order data, or any business information
  • No custom plugin names (only a count)
  • No API keys, secrets, or credentials
  • No file paths or source code
  • No configuration values (only strategy class names)
  • No personally identifiable information of any kind

Privacy by Design

We didn't bolt privacy onto this feature as an afterthought. It's built into the architecture:

  • Ranges instead of exact numbers: Entity counts are bucketed (e.g., "1k-10k") so we can't determine the actual size of your catalog or customer base
  • Random installation IDs: Generated with crypto.randomUUID(), completely disconnected from your system
  • Data stored in Germany: All telemetry data is processed and stored on servers located in Germany, subject to EU data protection regulations
  • Fully anonymous: There is no way for us to trace telemetry data back to a specific person, company, or website
  • Non-blocking: The telemetry request has a 5-second timeout and runs as fire-and-forget. It will never delay your server startup
  • Silent failures: If the request fails for any reason, nothing happens. No errors, no retries, no logs
  • CI-aware: Telemetry is automatically disabled in CI environments (GitHub Actions, GitLab CI, Jenkins, and many more)

How to Opt Out

While we'd love for everyone to keep telemetry enabled, we fully respect your choice to disable it. Simply set an environment variable:

Typescript

That's it. No config file changes, no code modifications. One environment variable and telemetry is completely off.

Keeping It Enabled Helps Everyone

The data we collect helps us make better decisions about where to invest our time and effort. When we can see that the majority of deployments run on Postgres with containerized setups, we know to prioritize testing and optimization for that stack. When we see which plugins are most widely adopted, we know where to focus maintenance and improvements.

In short, keeping telemetry enabled helps us build a better Vendure for everyone. We appreciate your trust, and we'll continue to be transparent about how this data is used.

If you have any questions or concerns about telemetry, feel free to reach out on Discord or open a discussion on GitHub.

Share this article

You may also like

Vendure's Technical Roadmap 2026
Product·Feb 26, 2026
The Vendure Technical Roadmap 2026: What's Coming and Where We're Headed
MB
Michael Bromley
Company·Dec 19, 2025
Year in Review 2025
DH
David Höck
Product·Oct 27, 2025
Updating Our Release Strategy
DH
David Höck