Telemetry & Privacy
DirWarden sends a small number of anonymous events to help understand which features are used and where improvements matter most. No Active Directory content, no usernames, and no machine-identifiable information is ever included.
Sending can be turned off at any time — see Opting out.
How your identity is protected
Every event is tagged with an anonymous installation ID constructed as follows:
- A random ID is generated the first time DirWarden runs and stored in
%AppData%\DirWarden\telemetry-id.txt. - That ID and the Windows machine GUID (from
HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid) are combined and hashed with SHA-256. - The result (
anon-<64 hex characters>) is used as the event identifier.
The hash cannot be reversed. It does not contain your username, machine name, domain, or any other identifiable information. Deleting telemetry-id.txt resets it permanently.
Events sent
Every event includes these envelope fields:
| Field | Value | Notes |
|---|---|---|
distinct_id | anon-<64 hex chars> | Anonymous installation hash |
timestamp | UTC ISO-8601 | When the event occurred |
$lib | dirwarden | Identifies the sending app |
$lib_version | e.g. 1.8.0 | App version string |
app.launched
Fired once each time the application finishes starting up. No additional fields.
app.onboarding_completed
Fired once per installation when the setup wizard is finished.
| Field | Value |
|---|---|
first_use_at_utc | UTC timestamp of wizard completion |
app.crash_occurred
Fired when an unhandled fatal error is caught, immediately before the crash report window appears.
| Field | Value |
|---|---|
source | Which crash handler caught the error (dispatcher, thread, or domain) |
stage | The last recorded startup stage at time of crash |
No exception message, stack trace, or user data is included here. A separate crash report (with a sanitised stack trace) is sent to Sentry — see Crash reports.
users.load
Fired each time the user list is loaded or refreshed. Only the count of accounts returned is sent — no names, OUs, or attributes.
ui.page_navigate
Fired each time a page is opened. Contains only the page name (e.g. Users, Audit, Settings).
ui.safety_lock_toggle
Fired when the safety lock is turned on or off. Contains engaged: true/false.
AD operation events
Fired when an operation is successfully applied. Only the count of accounts affected is sent — never account names, OUs, or any attribute.
| Event | Operation |
|---|---|
users.unlock | Account unlocked |
users.enable | Account enabled |
users.disable | Account disabled |
users.reset_password | Password reset |
users.force_reset_at_logon | ”Must change password at next logon” set |
users.password_never_expires | Password-never-expires enabled |
users.password_expires | Password expiry re-enabled |
The first time each operation type is used per installation, an additional first_use_at_utc timestamp is also sent.
What is never sent
- Usernames, SAMAccountNames, display names, or email addresses
- Distinguished names or OU paths
- Domain names or hostnames
- Any password or credential
- Any Active Directory attribute value
- Audit log entries or report content
- IP addresses
Crash reports
When a fatal error occurs, DirWarden sends a crash report to Sentry (separately from PostHog). Before transmission, the report is scrubbed of:
- Usernames and account names
- Hostnames and Distinguished Names
The scrubbed stack trace and exception type are sent so the crash can be located and fixed. No AD data is included.
Data processors
| Data | Processor | Privacy policy |
|---|---|---|
| Usage events | PostHog Cloud (https://app.posthog.com/capture/) | posthog.com/privacy |
| Crash reports | Sentry (https://sentry.io) | sentry.io/privacy |
DirWarden does not operate any analytics infrastructure itself.
Opting out
During setup: uncheck “Help improve DirWarden by sending anonymous usage data” on the final step of the setup wizard. This prevents even the first app.launched event from being sent.
After setup: open Settings → Privacy and set “Share usage data” to Off. The change takes effect immediately.
The preference is stored in %AppData%\DirWarden\preferences.json and persists across sessions and updates.