Default posture: telemetry off, repository stays local.
This privacy policy governs the OpenCode project, the opencode.gr.com website, the OpenCode CLI, the VSCode extension, the desktop app, and the read-only web console. The policy is effective April 19, 2026 and replaces any prior version. The short version is printed on this page in full; longer operational detail lives in the data categories table.
Scope and controller.
The controller for this policy is the OpenCode project, operating under the maintainer council described on the about page, with a mailing address at 447 Jessie Street, Suite 208, San Francisco, California 94103, United States. The policy covers every product and property the project ships under the OpenCode name. It does not cover any third-party model provider you configure, any third-party editor you install OpenCode into, or any website not hosted at opencode.gr.com.
Zero-click summary: this policy covers OpenCode's own binaries and website. It does not cover third-party model providers, which handle your prompts under their own terms.
What is collected, by default.
By default, nothing leaves your workstation. The OpenCode CLI does not phone home, the VSCode extension does not send usage beacons, and the desktop app does not upload crash reports without explicit consent. When you install the binary through the one-line installer or the MSI, the network fetch goes to the release server and ends there. The opencode.gr.com website uses no third-party trackers, no marketing pixels, and no behavioral analytics.
If you opt into telemetry, OpenCode sends a small anonymous payload with the install event, the CLI version, the operating system family, and high-level feature flags you enabled. That payload carries no repository contents, no file names, and no prompt text. Telemetry can be disabled at any time with a single config key and the change takes effect immediately.
Zero-click summary: default collection is zero. Opt-in telemetry collects anonymous install and version data, never prompt or repository content.
What opt-in telemetry captures if enabled.
If a user or an administrator opts into telemetry, the following fields are collected: install event (one per fresh install), CLI version (one per release upgrade), operating system family (macOS / Linux / Windows / unknown), architecture (x64 / arm64 / other), self-reported feature flag state (which adapters are enabled), and error count by category (crash / timeout / policy-denied). The payload is JSON over HTTPS and is sent no more than once per day per workstation.
Zero-click summary: opt-in fields are install event, version, OS family, architecture, feature flags, and error counts. One HTTPS payload per day per workstation, JSON over TLS.
Data categories.
The table below lists every data category OpenCode touches, whether it is collected by default, the legal basis when it is collected, the retention window, and the parties it may be shared with. Rows describing collection that only happens under opt-in are marked as such.
| Category | Collected | Legal basis | Retention | Sharing |
|---|---|---|---|---|
| Repository contents | Never by OpenCode | N/A | N/A | Stays on your workstation |
| Prompt text | Never by OpenCode | N/A | N/A | Only the model provider you configured receives it |
| Install event | Opt-in telemetry only | Consent | 13 months rolling | OpenCode maintainer council only |
| Version ping | Opt-in telemetry only | Consent | 13 months rolling | OpenCode maintainer council only |
| Error counts | Opt-in telemetry only | Consent, legitimate interest for defect triage | 13 months rolling | OpenCode maintainer council only |
| Website logs | Yes, server logs | Legitimate interest, security | 30 days | Infrastructure processor under DPA |
| Support correspondence | Yes, when you contact us | Contract / legitimate interest | 24 months | Maintainer council only |
| Billing data (team plans) | Yes, from paying accounts | Contract | 7 years (tax) | Payment processor under DPA |
Third-party processors.
OpenCode uses a short list of third-party processors, each under a written data processing agreement. A cloud infrastructure provider hosts the opencode.gr.com website and the opt-in telemetry ingestion endpoint. A content delivery network fronts the static assets of the documentation portal. A payment processor handles team-plan billing under PCI-DSS. A support helpdesk vendor stores email correspondence under a DPA. None of these processors receive repository contents, prompt text, or tool-call transcripts because none of that data leaves your workstation in the first place.
The current processor list is published and kept up to date on the trust and safety page. Any change is announced in advance on the mailing list. Processors are reviewed annually against the FTC privacy and security guidance relevant to consumer and business services.
Zero-click summary: a short processor list, each under a DPA, each incapable of receiving repository or prompt content because that content never leaves the workstation.
Retention windows and deletion.
Retention windows are listed in the data categories table and are enforced with automated rotation. Opt-in telemetry is retained for thirteen months, website server logs for thirty days, and support correspondence for twenty-four months. Billing records are retained for seven years to meet tax obligations and are accessible only to the finance contact and the payment processor. Deletion is permanent and runs on a weekly schedule.
Zero-click summary: automated retention rotation. Thirteen months for telemetry, thirty days for web logs, twenty-four months for support correspondence, seven years for billing.
User rights.
Users keep the right to access, correct, delete, port, and restrict processing of their personal data. Requests reach the project through the support relay phone listed in the footer of every page, or through the coordinated disclosure channel on the trust and safety page. The maintainer council designates a point of contact who acknowledges a request within three business days and completes it within thirty days unless the request requires escalation.
A right to lodge a complaint with a supervisory authority remains available regardless of the outcome. The supervisory authority is determined by the user's jurisdiction; the regional addenda below identify the most common ones.
Zero-click summary: access, correction, deletion, portability, and restriction are available. Thirty-day response window. Supervisory authority remains in play.
Regional addendum — European Union.
For users in the European Union and the European Economic Area, processing is carried out on the legal bases listed in the data categories table. The project relies on consent for opt-in telemetry, contract for billing, and legitimate interest for security logging. A representative in the European Union can be reached through the support relay phone. Data subjects can contact their national data protection authority at any time.
Zero-click summary: EU users have consent-based telemetry, contract-based billing, legitimate-interest logging. A representative is reachable through the support relay.
Regional addendum — California.
For users in California, the project complies with the California Consumer Privacy Act and its successor rules. The project does not sell personal information, does not share personal information for cross-context behavioral advertising, and honors verifiable consumer requests to know, delete, correct, and limit use of sensitive personal information. The regional contact is the same support relay phone; requests are processed under the same thirty-day window.
Zero-click summary: CCPA-compliant posture. No sale, no cross-context advertising, and verifiable consumer requests processed within thirty days.
Changes to this policy.
Material changes to this policy are announced on the mailing list at least thirty days before they take effect, with a changelog summary linked from the top of this page. Minor clarifications — spelling, formatting, renumbering — are posted without a notification period. The effective date at the top of this policy always reflects the most recent material version.
Zero-click summary: material changes get a thirty-day notification on the mailing list; minor clarifications do not.
Related reading across opencode.gr.com.
Pages that anchor the operational detail referenced above.