Telemetry & privacy

Every Mash install periodically phones home to verify integrity and license status. This page describes exactly what we collect, why, how long we keep it, and how to request deletion. Last updated May 10, 2026.

What we collect

Every Mash install with anti-piracy enabled sends a small heartbeat ping to POST /api/v1/heartbeat on this server. Each ping carries the following fields, and only these fields:

FieldExampleWhy we need it
install_id 9f8c…1d2a A random UUID generated at install time. Lets us count distinct installs without identifying you.
license_id 4242 The numeric id of the license you bought. Lets us detect mass-sharing of one license.
domain example.com The hostname Mash is running under. Used for license-domain validation.
version + core_version 1.4.2 So we know whether to push you an upgrade banner or a security advisory.
manifest_hash sha256:… A hash of your installed file set. Lets us detect tampering. We never see the files themselves.
ip_hash sha256:… A daily-salted hash of your server IP. Used to flag implausible install-count spikes. Cannot be reversed to your real IP.
ua Mash/1.4.2 The HTTP User-Agent string. Used for support diagnostics.
What we do NOT collect. We never receive: customer data, file contents, queries, request bodies, browser cookies, end-user identifiers, raw IP addresses, geo location, hardware fingerprints, or any data your customers put into your Mash install.

Why we collect it

  • Integrity verification. The manifest_hash tells us whether the code you're running is the same code we shipped to you. If it isn't, we can detect tampering or a corrupted install and warn you.
  • License enforcement. The license_id + install_id pair lets us detect when a single license is being used on dozens of distinct installs simultaneously — a strong signal of mass redistribution.
  • Update notifications. The version tells us when to surface security-advisory banners on your dashboard.
  • Operator audit. Every heartbeat-derived integrity anomaly is reviewed by a human operator before any action is taken — we never auto-revoke or auto-degrade based on telemetry alone.

How long we keep it

  • Raw heartbeats: 90 days, then deleted.
  • Aggregated install state (latest version, last-seen, total ping count): kept for the life of the license.
  • Integrity anomaly reviews: 18 months for audit, then archived.
  • Operator action audit: 7 years (we are required to keep this for legal defence of any DMCA action).

Opt-out and deletion

Anti-piracy telemetry is part of the Mash license terms — disabling it is equivalent to running an unlicensed install. However, you have two clear levers:

  • Stop running Mash. The pings stop immediately; we delete the raw heartbeats after 90 days and the aggregated state after the license-end date.
  • Request a data-deletion report. If you have stopped running Mash and want a confirmation of deletion, see the link below.

Request data deletion

If you have stopped running Mash and want written confirmation that we have deleted your install's telemetry, submit a request at the link below. We respond within 30 days as required by GDPR / CCPA.

Submit a data-deletion request →

Who has access

Heartbeat data is accessible only to Mash operators with the anti-piracy.installs.view permission. Every operator action (override, warn, revoke) is recorded in an append-only audit log with actor + before/after state + IP. Customers can request a copy of their install's audit trail via the data-deletion endpoint above.

Contact

Questions about this page? Email privacy@mash.example. Questions about a specific install or license? Use the in-app support widget so we can tie your message to your license id.

This page is part of the public Mash trust documentation.

Return to homepage