Diagrammo Privacy

Diagnostics summary

• What we collect: sanitized error messages, sanitized stack traces, app version, platform, and a per-install random ID. Your IP address is visible to the third-party error-tracking service that receives the events; we don’t use it to identify you.
• What we don’t collect: your file content, file names, full filesystem paths, the diagrams you author.
• Retention: 90 days.
• How to turn off: Settings → toggle off Send error reports to help fix bugs.

Events we capture

Each event sends only the listed properties.

app_opened

When the app launches. Properties: app version, platform (tauri desktop or web), and the chart type of the last opened file (derived from file extension only).

diagram_rendered

When a diagram successfully renders. Property: the chart type from a fixed list (e.g. sequence, flowchart, erd, kanban, org, c4).

app_crashed

Once per session if a recovery snapshot is found on launch. Properties: app version, file-extension-derived diagram type, and a short label describing what the app was doing before the crash (from a fixed allowlist).

crash_loop_detected

Once per session if the app crashed twice within 60 seconds. Properties: tier (always 1), the 60-second window, and the activity label.

onboarding_path

Once when a new install picks a folder. Property: default, suggestion, custom, or existing.

$exception

When an uncaught error escapes a React boundary, an async catch, or an unhandled rejection.

• Sanitized error message (paths stripped, capped at 500 characters)
• Sanitized stack trace (paths stripped, capped at 4000 characters)
• An error_class label from a fixed list: render_error, export_error, update_error, fs_error
• Narrow context fields: which UI panel crashed, update phase (check/install), filesystem operation, export format, or a base filename without path or extension. None of these carry user content.

What is NOT captured

• Your diagram content. The DSL you type, the diagrams you render — none enters any event.
• File or folder names. Path shapes in messages and stack traces are stripped before sending.
• Browsing. No pageview tracking, no docs-page tracking.
• Session replay. Not used.
• Funnels, cohorts, A/B tests. Not used.

Pseudonymity, not anonymity

The per-install ID is a random UUID generated on your device the first time Diagrammo starts. We never see your name, email, or any account identifier. But because the same UUID is reused across launches, two events from the same install are linkable to each other. That’s pseudonymity, not anonymity.

Opting out

Settings → Send error reports to help fix bugs. The opt-out is honored at the SDK level so any in-flight events are dropped.

Changes

If we ever expand what’s collected, this page is updated before the change ships and release notes call it out explicitly.