agent-recon 1.0.1

package/LICENSE

@@ -0,0 +1,287 @@
+Agent Recon™ — Open-Core License
+
+Copyright 2026 PNW Great Loop LLC. All rights reserved.
+
+Agent Recon™ is an independent product and is not affiliated with, endorsed by,
+or sponsored by Anthropic PBC. Claude, Claude Code, and the Anthropic name and
+logo are trademarks of Anthropic PBC. Agent Recon™ is a trademark of PNW Great
+Loop LLC.
+
+=============================================================================
+OPEN-CORE LICENSING OVERVIEW
+=============================================================================
+
+This repository uses a dual-license model:
+
+  1. CORE COMPONENTS — Licensed under the Apache License, Version 2.0
+     (see below). You may freely use, modify, and redistribute these
+     components subject to the Apache 2.0 terms.
+
+  2. PROPRIETARY COMPONENTS — Licensed under a separate commercial license
+     (see LICENSE-COMMERCIAL). These components may not be used, copied, or
+     distributed except under the terms of a valid Agent Recon™ license.
+
+  3. HOOK SCRIPTS — Licensed under the MIT License (see headers in
+     individual files). These may be freely used, modified, and
+     redistributed with minimal restriction.
+
+See the header comment in each source file to determine which license
+applies. Files without a license header are covered by the Apache License,
+Version 2.0.
+
+=============================================================================
+CORE COMPONENTS — Covered files include:
+=============================================================================
+
+  - server/server.js          Event ingestion server
+  - server/db.js              SQLite database layer
+  - server/db-migrations.js   Schema migrations
+  - server/tokens.js          Token cost tracking
+  - server/event-types.js     Event type constants
+  - server/start.js           Startup wrapper
+  - server/platform.js        Cross-platform utilities
+  - server/routes.js          HTTP route definitions
+  - server/providers/         LLM provider abstraction (base layer)
+  - src/js/00-config.js       Frontend configuration
+  - src/js/01-categories.js   Event categorization
+  - src/js/02-security-engine.js  Regex security engine
+  - src/js/03-session-colors.js   Session display utilities
+  - src/js/04-sound.js        Sound engine
+  - src/js/05-state.js        Frontend state
+  - src/js/06-dom.js          DOM references
+  - src/js/07-stats-bar.js    Statistics bar
+  - src/js/08-feed.js         Event feed
+  - src/js/10-event-handler.js    Event routing
+  - src/js/11-websocket.js    WebSocket client
+  - src/js/12-controls.js     UI controls
+  - src/js/13-canvas.js       Waveform timeline
+  - src/js/14-env-widget.js   Environment widget
+  - src/js/15-main.js         App entry point
+  - src/js/16-tokens-view.js  Token display
+  - src/js/20-accessibility.js    Accessibility
+  - src/template.html         HTML template
+  - src/css/                  All CSS source files
+  - build.js                  Build system
+  - public/index.html         Built SPA
+  - setup.ps1                 Windows setup script
+  - setup-wsl.sh              WSL setup script
+  - setup-macos.sh            macOS setup script
+  - setup-linux.sh            Linux setup script
+  - package.json              Package manifest
+  - server/tests/             All test files
+  - test/                     Platform test infrastructure
+
+=============================================================================
+PROPRIETARY COMPONENTS — See LICENSE-COMMERCIAL for terms:
+=============================================================================
+
+  - server/security-llm.js        LLM security chain analysis
+  - server/insights-llm.js        LLM session insight analysis
+  - server/environment-llm.js     LLM environment recommendations
+  - server/prompt-analysis-llm.js LLM prompt quality analysis
+  - server/session-history-llm.js LLM session history narratives
+  - server/telemetry.js           Telemetry system
+  - server/archiver.js            Encrypted archive management
+  - server/process-monitor.js     Process observability
+  - server/otel-exporter.js       OTLP export
+  - server/tls-setup.js           TLS certificate management
+  - installer/                    Guided installer (all files)
+  - azure/                        Azure telemetry infrastructure
+
+=============================================================================
+HOOK SCRIPTS — MIT License (see file headers):
+=============================================================================
+
+  - .claude/hooks/send-event.py       Cross-platform hook forwarder
+  - .claude/hooks/send-event-wsl.py   WSL-specific hook forwarder
+
+=============================================================================
+
+                              Apache License
+                        Version 2.0, January 2004
+                     http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+   "License" shall mean the terms and conditions for use, reproduction,
+   and distribution as defined by Sections 1 through 9 of this document.
+
+   "Licensor" shall mean the copyright owner or entity authorized by
+   the copyright owner that is granting the License.
+
+   "Legal Entity" shall mean the union of the acting entity and all
+   other entities that control, are controlled by, or are under common
+   control with that entity. For the purposes of this definition,
+   "control" means (i) the power, direct or indirect, to cause the
+   direction or management of such entity, whether by contract or
+   otherwise, or (ii) ownership of fifty percent (50%) or more of the
+   outstanding shares, or (iii) beneficial ownership of such entity.
+
+   "You" (or "Your") shall mean an individual or Legal Entity
+   exercising permissions granted by this License.
+
+   "Source" form shall mean the preferred form for making modifications,
+   including but not limited to software source code, documentation
+   source, and configuration files.
+
+   "Object" form shall mean any form resulting from mechanical
+   transformation or translation of a Source form, including but not
+   limited to compiled object code, generated documentation, and
+   conversions to other media types.
+
+   "Work" shall mean the work of authorship, whether in Source or
+   Object form, made available under the License, as indicated by a
+   copyright notice that is included in or attached to the work.
+
+   "Derivative Works" shall mean any work, whether in Source or Object
+   form, that is based on (or derived from) the Work and for which the
+   editorial revisions, annotations, elaborations, or other modifications
+   represent, as a whole, an original work of authorship. For the
+   purposes of this License, Derivative Works shall not include works
+   that remain separable from, or merely link (or bind by name) to the
+   interfaces of, the Work and Derivative Works thereof.
+
+   "Contribution" shall mean any work of authorship, including the
+   original version of the Work and any modifications or additions to
+   that Work or Derivative Works thereof, that is intentionally submitted
+   to the Licensor for inclusion in the Work by the copyright owner or by
+   an individual or Legal Entity authorized to submit on behalf of the
+   copyright owner. For the purposes of this definition, "submitted"
+   means any form of electronic, verbal, or written communication sent to
+   the Licensor or its representatives, including but not limited to
+   communication on electronic mailing lists, source code control systems,
+   and issue tracking systems that are managed by, or on behalf of, the
+   Licensor for the purpose of discussing and improving the Work, but
+   excluding communication that is conspicuously marked or otherwise
+   designated in writing by the copyright owner as "Not a Contribution."
+
+   "Contributor" shall mean Licensor and any individual or Legal Entity
+   on behalf of whom a Contribution has been received by the Licensor and
+   subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   copyright license to reproduce, prepare Derivative Works of, publicly
+   display, publicly perform, sublicense, and distribute the Work and
+   such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of this
+   License, each Contributor hereby grants to You a perpetual, worldwide,
+   non-exclusive, no-charge, royalty-free, irrevocable (except as stated
+   in this section) patent license to make, have made, use, offer to
+   sell, sell, import, and otherwise transfer the Work, where such
+   license applies only to those patent claims licensable by such
+   Contributor that are necessarily infringed by their Contribution(s)
+   alone or by combination of their Contribution(s) with the Work to
+   which such Contribution(s) was submitted. If You institute patent
+   litigation against any entity (including a cross-claim or counterclaim
+   in a lawsuit) alleging that the Work or a Contribution incorporated
+   within the Work constitutes direct or contributory patent
+   infringement, then any patent licenses granted to You under this
+   License for that Work shall terminate as of the date such litigation
+   is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the Work
+   or Derivative Works thereof in any medium, with or without
+   modifications, and in Source or Object form, provided that You meet
+   the following conditions:
+
+   (a) You must give any other recipients of the Work or Derivative
+       Works a copy of this License; and
+
+   (b) You must cause any modified files to carry prominent notices
+       stating that You changed the files; and
+
+   (c) You must retain, in the Source form of any Derivative Works that
+       You distribute, all copyright, patent, trademark, and attribution
+       notices from the Source form of the Work, excluding those notices
+       that do not pertain to any part of the Derivative Works; and
+
+   (d) If the Work includes a "NOTICE" text file as part of its
+       distribution, then any Derivative Works that You distribute must
+       include a readable copy of the attribution notices contained
+       within such NOTICE file, excluding any notices that do not
+       pertain to any part of the Derivative Works, in at least one of
+       the following places: within a NOTICE text file distributed as
+       part of the Derivative Works; within the Source form or
+       documentation, if provided along with the Derivative Works; or,
+       within a display generated by the Derivative Works, if and
+       wherever such third-party notices normally appear. The contents of
+       the NOTICE file are for informational purposes only and do not
+       modify the License. You may add Your own attribution notices
+       within Derivative Works that You distribute, alongside or as an
+       addendum to the NOTICE text from the Work, provided that such
+       additional attribution notices cannot be construed as modifying
+       the License.
+
+   You may add Your own copyright statement to Your modifications and
+   may provide additional or different license terms and conditions for
+   use, reproduction, or distribution of Your modifications, or for any
+   such Derivative Works as a whole, provided Your use, reproduction,
+   and distribution of the Work otherwise complies with the conditions
+   stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+   any Contribution intentionally submitted for inclusion in the Work by
+   You to the Licensor shall be under the terms and conditions of this
+   License, without any additional terms or conditions. Notwithstanding
+   the above, nothing herein shall supersede or modify the terms of any
+   separate license agreement you may have executed with Licensor
+   regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+   names, trademarks, service marks, or product names of the Licensor,
+   except as required for reasonable and customary use in describing the
+   origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or agreed
+   to in writing, Licensor provides the Work (and each Contributor
+   provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES
+   OR CONDITIONS OF ANY KIND, either express or implied, including,
+   without limitation, any warranties or conditions of TITLE,
+   NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR
+   PURPOSE. You are solely responsible for determining the appropriateness
+   of using or redistributing the Work and assume any risks associated
+   with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+   whether in tort (including negligence), contract, or otherwise, unless
+   required by applicable law (such as deliberate and grossly negligent
+   acts) or agreed to in writing, shall any Contributor be liable to You
+   for damages, including any direct, indirect, special, incidental, or
+   consequential damages of any character arising as a result of this
+   License or out of the use or inability to use the Work (including but
+   not limited to damages for loss of goodwill, work stoppage, computer
+   failure or malfunction, or any and all other commercial damages or
+   losses), even if such Contributor has been advised of the possibility
+   of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing the
+   Work or Derivative Works thereof, You may choose to offer, and charge
+   a fee for, acceptance of support, warranty, indemnity, or other
+   liability obligations and/or rights consistent with this License.
+   However, in accepting such obligations, You may act only on Your own
+   behalf and on Your sole responsibility, not on behalf of any other
+   Contributor, and only if You agree to indemnify, defend, and hold each
+   Contributor harmless for any liability incurred by, or claims asserted
+   against, such Contributor by reason of your accepting any such
+   warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+Copyright 2026 PNW Great Loop LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

package/LICENSE-COMMERCIAL

@@ -0,0 +1,241 @@
+Agent Recon™ — Commercial License
+
+Copyright 2026 PNW Great Loop LLC. All rights reserved.
+
+Agent Recon™ is an independent product and is not affiliated with, endorsed by,
+or sponsored by Anthropic PBC. Claude, Claude Code, and the Anthropic name and
+logo are trademarks of Anthropic PBC. Agent Recon™ is a trademark of PNW Great
+Loop LLC.
+
+=============================================================================
+COMMERCIAL LICENSE AGREEMENT
+=============================================================================
+
+This Commercial License Agreement ("Agreement") governs the use of the
+proprietary components of Agent Recon™ software ("Proprietary Software")
+developed and owned by PNW Great Loop LLC ("Licensor").
+
+By using, installing, or accessing the Proprietary Software, you ("Licensee")
+agree to be bound by the terms of this Agreement. If you do not agree, you
+may not use, install, or access the Proprietary Software.
+
+=============================================================================
+1. COVERED COMPONENTS
+=============================================================================
+
+This license applies to the following files, directories, and their contents:
+
+  LLM Analysis Pipelines:
+    - server/security-llm.js        LLM security chain analysis
+    - server/insights-llm.js        LLM session insight analysis
+    - server/environment-llm.js     LLM environment recommendations
+    - server/prompt-analysis-llm.js LLM prompt quality analysis
+    - server/session-history-llm.js LLM session history narratives
+
+  Infrastructure:
+    - server/telemetry.js           Telemetry system
+    - server/archiver.js            Encrypted archive management
+    - server/process-monitor.js     Process observability
+    - server/otel-exporter.js       OTLP export
+    - server/tls-setup.js           TLS certificate management
+
+  Installer:
+    - installer/                    All files in the installer directory
+
+  Azure Telemetry Infrastructure:
+    - azure/                        All files in the azure directory
+
+  Future Additions:
+    - Any files added to this repository bearing the header
+      "Licensed under LICENSE-COMMERCIAL" or "Agent Recon™ Commercial License"
+
+All other files in this repository are licensed under the Apache License,
+Version 2.0 (see LICENSE) or the MIT License (see individual file headers).
+
+=============================================================================
+2. LICENSE TIERS
+=============================================================================
+
+The Proprietary Software is available under three license tiers. Feature
+access is identical for Personal and Professional tiers; the distinction is
+legal terms governing the context of use.
+
+  COMMUNITY TIER (Free)
+    - Proprietary components are included in the distribution but operate
+      in a limited mode:
+      - LLM-powered analysis features are disabled (security chains,
+        insights, prompt coaching, hallucination scoring, environment
+        recommendations, session history narratives)
+      - Data retention limited to 7 days
+      - OTEL export, encrypted archives, and TLS are disabled
+      - Multi-environment support is disabled
+    - The Licensee may use the Community tier for personal, non-commercial
+      development purposes without a license key.
+    - The Community tier may not be redistributed as part of a commercial
+      product or service.
+
+  PERSONAL TIER ($9.99/month or $84/year)
+    - Full access to all Proprietary Software features.
+    - Must be purchased with the Licensee's personal funds.
+    - May NOT be reimbursed by or purchased through an employer, client,
+      or other business entity.
+    - Licensed to a single individual for personal development use.
+
+  PROFESSIONAL TIER ($29/month or $279/year)
+    - Full access to all Proprietary Software features.
+    - Required when:
+      (a) Use occurs in an employment or contractor context, OR
+      (b) Purchase is made by or reimbursed by an employer, client, or
+          other business entity, OR
+      (c) Use supports revenue-generating commercial activities.
+    - Licensed to a single individual.
+    - Includes invoice billing and priority support.
+
+=============================================================================
+3. LICENSE KEY
+=============================================================================
+
+Personal and Professional tier access requires a valid license key obtained
+through the authorized Agent Recon™ storefront. License keys are:
+  - Bound to a single Licensee
+  - Validated periodically via the Licensor's API
+  - Cached locally for offline operation
+  - Non-transferable without written consent from the Licensor
+
+Complimentary license keys may be issued at the Licensor's discretion for
+beta testing, community contributions, or promotional purposes. Such keys
+are functionally identical to purchased keys.
+
+=============================================================================
+4. RESTRICTIONS
+=============================================================================
+
+The Licensee SHALL NOT:
+
+  (a) Copy, redistribute, sublicense, sell, lease, or otherwise transfer
+      the Proprietary Software or any portion thereof to any third party,
+      except as part of a lawful installation on a machine the Licensee
+      controls.
+
+  (b) Reverse engineer, decompile, disassemble, or otherwise attempt to
+      derive the source code of the Proprietary Software, except to the
+      extent expressly permitted by applicable law notwithstanding this
+      limitation.
+
+  (c) Remove, alter, or obscure any proprietary notices, labels, license
+      headers, or trademarks in the Proprietary Software.
+
+  (d) Remove or disable the telemetry system except through the provided
+      opt-out mechanism (Settings > Telemetry > Disable, or
+      telemetry_enabled=false in the database).
+
+  (e) Use the Proprietary Software to create a competing product or
+      service that substantially replicates the functionality of
+      Agent Recon™.
+
+  (f) Use the Proprietary Software in any manner that violates applicable
+      law or regulation.
+
+=============================================================================
+5. LLM API KEYS AND THIRD-PARTY SERVICES
+=============================================================================
+
+The Licensee supplies their own API key(s) for LLM providers (Anthropic,
+OpenAI, Google, or any other supported provider). The Licensor does not
+provide LLM API access. All LLM usage costs — for both the observed AI
+coding agent and Agent Recon™'s analysis pipelines — are the sole
+responsibility of the Licensee.
+
+The Licensor is not responsible for the availability, pricing, terms, or
+performance of any third-party LLM provider.
+
+=============================================================================
+6. INTELLECTUAL PROPERTY
+=============================================================================
+
+The Proprietary Software, including all modifications, enhancements, and
+derivative works, remains the exclusive property of PNW Great Loop LLC.
+This Agreement does not transfer any ownership rights to the Licensee.
+
+"Agent Recon" and the Agent Recon™ logo are trademarks of PNW Great Loop
+LLC. The Licensee may not use these marks except to identify their
+authorized use of the software.
+
+=============================================================================
+7. DISCLAIMER OF WARRANTIES
+=============================================================================
+
+THE PROPRIETARY SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT.
+
+THE LICENSOR DOES NOT WARRANT THAT THE SOFTWARE WILL BE UNINTERRUPTED,
+ERROR-FREE, OR FREE OF HARMFUL COMPONENTS. THE LICENSOR DOES NOT WARRANT
+THE ACCURACY, COMPLETENESS, OR RELIABILITY OF ANY LLM-GENERATED ANALYSIS,
+INCLUDING BUT NOT LIMITED TO SECURITY CLASSIFICATIONS, INSIGHTS, PROMPT
+QUALITY ASSESSMENTS, OR ENVIRONMENT RECOMMENDATIONS.
+
+=============================================================================
+8. LIMITATION OF LIABILITY
+=============================================================================
+
+IN NO EVENT SHALL PNW GREAT LOOP LLC, ITS OFFICERS, DIRECTORS, EMPLOYEES,
+OR AGENTS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL,
+OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA,
+USE, GOODWILL, OR OTHER INTANGIBLE LOSSES, ARISING OUT OF OR IN CONNECTION
+WITH THE USE OR INABILITY TO USE THE PROPRIETARY SOFTWARE, EVEN IF THE
+LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+THE LICENSOR'S TOTAL AGGREGATE LIABILITY SHALL NOT EXCEED THE AMOUNT PAID
+BY THE LICENSEE FOR THE PROPRIETARY SOFTWARE IN THE TWELVE (12) MONTHS
+PRECEDING THE CLAIM.
+
+=============================================================================
+9. TERMINATION
+=============================================================================
+
+This Agreement is effective until terminated.
+
+  (a) The Licensee may terminate at any time by uninstalling the
+      Proprietary Software and destroying all copies.
+
+  (b) The Licensor may terminate this Agreement if the Licensee breaches
+      any term and fails to cure the breach within thirty (30) days of
+      written notice.
+
+  (c) Upon termination, the Licensee must cease all use of the
+      Proprietary Software and destroy all copies. Sections 4, 6, 7, 8,
+      and 10 survive termination.
+
+  (d) Subscription cancellation reverts the installation to Community
+      tier functionality. No data is deleted upon downgrade.
+
+=============================================================================
+10. GOVERNING LAW
+=============================================================================
+
+This Agreement shall be governed by and construed in accordance with the
+laws of the State of Washington, United States, without regard to its
+conflict of law provisions. Any dispute arising under this Agreement shall
+be resolved in the state or federal courts located in Washington State,
+and the parties consent to the personal jurisdiction of such courts.
+
+=============================================================================
+11. ENTIRE AGREEMENT
+=============================================================================
+
+This Agreement constitutes the entire agreement between the parties
+concerning the Proprietary Software and supersedes all prior agreements,
+understandings, negotiations, and discussions, whether oral or written.
+No amendment to this Agreement shall be effective unless in writing and
+signed by both parties.
+
+=============================================================================
+12. CONTACT
+=============================================================================
+
+PNW Great Loop LLC
+Email: license@agent-recon.net
+Web:   https://agentrecon.dev
+
+Effective Date: March 2026

package/PRIVACY.md

@@ -0,0 +1,115 @@
+# Agent Recon™ Privacy Policy
+
+**Effective date:** March 24, 2026
+
+Agent Recon™ respects your privacy. This policy explains what data we collect, how we use it, and your rights.
+
+---
+
+## 1. What We Collect
+
+When telemetry is enabled, Agent Recon sends a single heartbeat on startup and once daily. Each heartbeat contains the following fields:
+
+- **`install_id`** — a randomly generated UUID, not derived from any personal information (not from hardware IDs, MAC addresses, usernames, or hostnames)
+- **`version`** — the Agent Recon version string (e.g., `"1.5.0"`)
+- **`platform`** — operating system and CPU architecture (e.g., `"darwin-arm64"`)
+- **`timestamp`** — ISO-8601 datetime of the heartbeat
+
+Additionally, your source IP address is captured server-side by the Azure infrastructure when the heartbeat is received. The client never sends IP information.
+
+## 2. What We Do NOT Collect
+
+Agent Recon does **not** collect any of the following:
+
+- No session content (prompts, tool inputs, tool outputs, file contents, code)
+- No personally identifiable information (names, email addresses, usernames, hostnames)
+- No API keys, credentials, or authentication tokens
+- No usage metrics (token counts, session durations, event counts, model names)
+- No file paths, working directories, or project names
+- No browsing history or network activity
+- No hardware identifiers (MAC addresses, serial numbers, device IDs)
+
+## 3. How We Use Collected Data
+
+We use the data described in Section 1 for the following purposes:
+
+- **Aggregate install counts** — measuring daily active installs
+- **Version distribution analysis** — prioritizing updates and deprecation schedules
+- **Platform distribution analysis** — prioritizing platform support and compatibility testing
+- **IP-to-ASN mapping** — identifying corporate network clusters for license compliance
+
+We do **not** sell, rent, or share your data with third parties. We do **not** use your data for advertising or profiling.
+
+## 4. Data Retention
+
+- Heartbeat records are retained for **90 days**, then permanently deleted.
+- IP-to-ASN mapping data is retained for **90 days**.
+- After the retention period, data is purged and cannot be recovered.
+
+## 5. How to Opt Out
+
+You can disable telemetry at any time:
+
+1. Open the Agent Recon dashboard in your browser.
+2. Click the gear icon to open **Settings**.
+3. Toggle **"Send anonymous usage statistics"** to disabled.
+
+When disabled, zero telemetry is sent — no heartbeat, no version check, nothing. The opt-out takes effect immediately.
+
+You can also set `telemetry_enabled` to `false` directly in the SQLite database settings table.
+
+## 6. How to Delete Your Data
+
+Self-service data deletion is built into the dashboard:
+
+1. Open the Agent Recon dashboard in your browser.
+2. Click the gear icon to open **Settings**.
+3. Click **"Delete My Data"** in the telemetry section.
+4. Confirm when prompted.
+
+Deletion is **immediate and permanent** — deleted data cannot be recovered. Telemetry is automatically disabled after deletion to prevent new records from being created.
+
+## 7. Your Rights Under GDPR
+
+If you are in the European Economic Area, you have the right to:
+
+- **Access** — request what data we hold about your install ID
+- **Erasure** — delete all data associated with your install ID (see Section 6)
+- **Object** — opt out of data collection at any time (see Section 5)
+- **Portability** — request your data in a machine-readable format via GitHub Issues
+- **Rectification** — your data consists only of automatically generated fields; there is nothing to correct
+
+To exercise these rights, use the self-service deletion endpoint (Section 6) or open a GitHub Issue.
+
+## 8. Your Rights Under CCPA
+
+If you are a California resident:
+
+- **Right to Know** — you can request what data we collect (described in Section 1)
+- **Right to Delete** — use the self-service deletion endpoint (Section 6)
+- **Right to Opt Out of Sale** — we do not sell your personal information to any third party
+- **Non-Discrimination** — we will not discriminate against you for exercising your rights
+
+## 9. Data Security
+
+- All heartbeat data is transmitted over **HTTPS** (TLS encryption in transit).
+- Server-side data is stored in **Azure Table Storage** with managed identity access controls.
+- Secrets (API tokens) are stored in **Azure Key Vault**.
+- Network access to storage and key vault is restricted via **Azure Virtual Network** and firewall rules.
+- No shared access keys — all access uses **Azure Managed Identity** with role-based access control (RBAC).
+
+## 10. Children's Privacy
+
+Agent Recon is a software development tool not directed at children under 13. We do not knowingly collect data from children.
+
+## 11. Contact
+
+For privacy questions or requests, open a GitHub Issue at:
+
+[https://github.com/genxcoder1999/agent-recon/issues](https://github.com/genxcoder1999/agent-recon/issues)
+
+## 12. Changes to This Policy
+
+We may update this policy from time to time. Material changes will be noted in release notes and the effective date will be updated. Continued use of Agent Recon after changes constitutes acceptance of the revised policy.
+
+---