Epochly Security: Telemetry Data Flow

This page summarizes Epochly's outbound network traffic. It is the public companion to the Security Policy and the Threat Model.

Controls

Telemetry behavior is controlled by environment variables:

• EPOCHLY_OFFLINE_MODE=1 — go fully offline; license and telemetry endpoints are suppressed.
• EPOCHLY_DISABLE_TELEMETRY=1 — opt out of telemetry-class endpoints only; licensing endpoints remain reachable.
• EPOCHLY_TELEMETRY=0 — explicit telemetry opt-out, equivalent to EPOCHLY_DISABLE_TELEMETRY=1.

One opt-in alters a single payload:

• EPOCHLY_SEND_RAW_FINGERPRINT=1 — restores the raw hardware-fingerprint attributes in the device-registration payload. Off by default.

What we send

By default, Epochly sends:

• Scrubbed anonymous telemetry: session start, routing decisions, and JIT/worker/GPU/allocator/workload resource events.
• Device-registration metadata for licensing: a node identifier, a SHA-256 machine_fingerprint, a package version string, and server-validated proof tokens.

The Lens heartbeat (a host hash, version, pid, and uptime) is sent only when you opt in with EPOCHLY_TELEMETRY_OPT_IN=1.

What we never send

Across all endpoints, the following is never transmitted — even with every opt-in flag enabled:

• Function inputs or outputs of optimized callables.
• User datasets, dataframes, tensors, or array contents.
• Source trees, project directories, or arbitrary local files.
• Environment secrets (API keys, tokens) outside the explicit Lens heartbeat flow.
• Plaintext usernames, home-directory paths, IP addresses, or MAC addresses; payloads pass through a scrubber before transmission.

How to verify locally

You can audit the wire payload yourself:

# Telemetry off, licensing on (default behavior for paid users)
export EPOCHLY_DISABLE_TELEMETRY=1
python -c "import epochly; print(epochly.__version__)"