Open source

Audit the tracker
yourself.

Privacy you can verify beats privacy you’re asked to trust. The code that runs in your users’ browsers is fully open — read it, fork it, and confirm exactly what is collected and sent. There’s nothing hidden, because there can’t be.

Read the tracker source →GitHub repository
§ 01

The license split

We don’t call the whole thing “open source” — that would be inaccurate. Two licenses, two jobs.

Source-available, on purpose

The split is deliberate: the tracker is permissively open so anyone can adopt and audit it; the engine and surfaces are source-available so the work stays sustainable and can’t be resold as a competing hosted service.

Tracker

MIT

The tracker.js that runs in your users’ browsers. Fully open and forkable — the one piece that touches real people, open so you can verify it line by line.

Core · CLI · MCP · API

ELv2

The analysis engine and the surfaces that read it. Source-available under the Elastic License v2: read it, audit it, run it yourself — just not repackaged as a competing hosted service.

§ 02

Why it matters

Privacy, as a fact you can check

Every privacy promise here is verifiable in the open tracker, not just asserted in a policy:

  • No PII — no names, emails, IPs, or user identifiers; no keystrokes or form values.
  • No cookies, no cross-site tracking, no fingerprinting. The session ID is client-generated and sessionStorage-only.
  • Truncation at every boundary — selector strings and text are capped before they ever leave the page.
  • Do Not Track is respected. Anonymous behavioral patterns only.

Don’t take our word for any of it — the source is right there. Read it on GitHub →

Open enough to trust. Run it yourself.

Drop the tracker in, point your agent at the hosted API, and close the loop — or self-host the whole thing. Both paths start in one place.

Get started — freeBrowse the code →