Privacy

Watchfire itself does not phone home. There is no telemetry, no analytics, no usage reporting, no crash reporting, and no automatic update check that sends your data anywhere. The daemon does not open an outbound connection on your behalf unless you have explicitly configured one.

Project files, task YAML, prompts, terminal transcripts, and worktree contents stay on your machine. Nothing about your tasks or your code leaves your filesystem unless you configure an outbound integration (a webhook, Slack, Discord, or GitHub auto-PR) or invoke an agent backend that talks to a remote provider.

When you invoke an agent backend — Claude Code, OpenAI Codex, opencode, Gemini CLI, or GitHub Copilot CLI — the prompts, file contents, and tool outputs that backend needs are sent to that backend's provider, governed by that provider's own terms and privacy policy. Watchfire does not interpose, log, or copy that traffic beyond what the agent CLI itself writes to disk in your worktree (transcripts, tool call logs, etc.).

For the threat model and sandbox guarantees that back these claims, see /docs/security.

None of these adapters are wired by default. They activate only when you configure a destination URL, bot token, or signing secret through the GUI, the CLI, or your project configuration. With no integrations configured, the daemon makes no outbound calls of any kind.

Outbound webhooks are signed with HMAC-SHA256 over the raw request body, using a secret you supply. The signature is sent in the X-Watchfire-Signature header, so receivers can prove the call came from your daemon and not a third party. Slack, Discord, and the GitHub auto-PR adapter use the provider's own auth (bot token, webhook URL, or local gh CLI session).

Recipients receive the fields you opt into. The exact payload schema, including which task and project metadata is sent, is documented at /docs/concepts/integrations. Your code, your transcripts, and your task contents are not included unless the payload schema explicitly says so.

The inbound HTTP server is opt-in. With no provider configured, the daemon does not bind a port at all. When you do enable a provider, the server listens on the loopback interface (127.0.0.1:8765) by default — nothing is reachable from the network until you change that bind address yourself.

Every inbound request is verified with a constant-time signature check (HMAC-SHA256 for GitHub and Slack, Ed25519 for Discord) and de-duplicated through an in-process replay cache, so a forged or replayed delivery is rejected before it can drive any action. Watchfire never opens a port automatically, never registers a public URL on your behalf, and never relays inbound traffic to a third party.

For the full setup walkthrough and the verifier matrix, see /docs/concepts/integrations.

Hosting.The site is built with Next.js and deployed on Vercel. Vercel terminates TLS and serves the static and server-rendered output. As with any HTTP request, Vercel's edge will see your IP address and your browser's User-Agent header for the duration of the request. We do not maintain a separate access log on top of what Vercel collects.

Fonts. The site uses three Google Fonts: Outfit (UI and body), JetBrains Mono (code), and Syne (the wordmark, on the /brand page only). They are loaded through Next.js's next/font helper, which downloads font files at build time and serves them from the same origin as the rest of the site. Your browser does not contact fonts.googleapis.com or fonts.gstatic.com at runtime when you load a page on this site.

Documentation search.The docs use Fumadocs's built-in search. When you type a query into the ⌘K modal, the request goes to /api/search on this same site — never to a third-party search provider. Queries are not logged beyond Vercel's standard request logs.

GitHub stars counter. The star count in the header is fetched from the public GitHub API on the server, cached, and re-rendered into the page. Your browser does not talk to GitHub for the counter, so your IP and identity are not sent to GitHub when you open this site.

What is not here. No third-party advertising. No cross-site identifiers. No behavioral tracking. No marketing pixels (Facebook, LinkedIn, X, etc.). No session-replay tooling. No A/B testing platforms.

GA4 is loaded through the standard gtag.js snippet served from googletagmanager.com. When it loads, GA4 typically sets two first-party cookies in your browser:

• _ga — a randomly generated client identifier (default expiry: 2 years).
• _ga_<property-id> — a per-property session and engagement counter (default expiry: 2 years).

We use GA4 only to understand which docs pages are useful and where readers drop off. We do not use GA4 audiences for ads, do not link Google Ads or Google Signals to the property, and do not export data to other Google services for re-targeting. Google's own handling of the data it receives is governed by Google's privacy policy.

Opting out. You can prevent GA4 from running on this site in any of the following ways:

• Install the Google Analytics opt-out browser add-on.
• Use a tracker-blocking extension such as uBlock Origin, Privacy Badger, or DuckDuckGo Privacy Essentials.
• Enable your browser's tracking-protection or strict content-blocking mode (Firefox, Brave, and Safari ship this on by default).
• Block third-party scripts at the network level (Pi-hole, NextDNS, AdGuard, etc.).

Browser “Do Not Track” signals are honored to the extent the GA4 client honors them; we recommend the methods above as more reliable.

Watchfire has no account system. The site does not have logins, profiles, newsletters, or comment threads, so there is no per-user record to export, correct, or delete.

For the GA4 analytics described above, the data point that identifies you is the random _ga cookie value. Clearing your site cookies (or using one of the opt-out methods above) is the most direct way to remove that identifier from your browser. To request deletion of already-collected analytics data tied to your client identifier, contact us at the address below; bring your _ga cookie value with you so we can locate the relevant rows.

For privacy questions, reach the maintainers at info@watchfire.io. For things that should not be filed publicly — security vulnerabilities especially — use security@watchfire.io instead. The disclosure timeline is published on the Security page.

Non-sensitive privacy questions are also welcome on GitHub Discussions or as an issue tagged privacy in the main repo.

Last updated: 2026-05-04