> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lighton.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Telemetry & Diagnostics

> This module enables proactive maintenance and accelerates incident resolution. Disabled by default, it relies on a purely technical and anonymized data collection process, guaranteeing the absolute confidentiality of your data through strict local scrubbing before secure transmission to servers hosted in the EU.

**Feature introduced in:** Unique Urchin

## 1. Why activate this module?

Until now, analyzing a technical incident often required manual log extractions and long investigation times.

By consenting to the activation of telemetry, you allow our support teams to receive technical metadata in real-time.

**Your immediate benefits:**

* **Proactive Support:** We can identify and fix technical bugs before your users even notice them.
* **Accelerated Resolution:** Drastic reduction in Mean Time To Resolve (MTTR) thanks to immediate technical context.
* **Total Confidentiality:** Diagnostics are performed without ever needing access to your documents or search content.

## 2. Security & Privacy (Privacy by Design)

We are fully aware that you operate in sensitive industries. The architecture of this module has been designed to guarantee that **no business data leaves your infrastructure**, even when telemetry is enabled.

### What is STRICTLY EXCLUDED from collection

Our system integrates a **local scrubbing** mechanism. The following data is **deleted at the source** before any transmission occurs:

* ❌ **Document Content:** No text, images, or indexed data is collected.
* ❌ **Prompts and Queries:** Questions asked by your users remain private (conversation content is not transmitted to the telemetry module).
* ❌ **Personal Data (PII):** Any data detected as PII (e.g., email address, IP address, name, payment details) is automatically filtered out.
* ❌ **Full Logs:** We do not retrieve raw logs, only specific error traces.

### What is COLLECTED (Technical Scope)

Telemetry focuses solely on software health:

* ✅ **Stack Traces:** The specific technical line of code that generated the error.
* ✅ **Environment Context:** Library versions (Python, Django), OS.
* ✅ **Performance Metadata:** Technical response times.
* ✅ **Technical Identifiers:** A Company ID and a User ID (only if you check the specific option, see Section 4).

## 3. Architecture & Data Flow

The transmission process is secure and follows the strictest standards:

1. **Local Filtering (Sidecar):** A "relay" module located within your infrastructure intercepts the error and performs sensitive data scrubbing.
2. **Encrypted Transmission:** Anonymized data is transmitted via **HTTPS over port 443** (Outbound/Egress).
3. **Protocol:** Use of **TLS 1.2+** to guarantee flow integrity.
4. **Hosting:** Diagnostic data is stored exclusively on **servers hosted in the European Union**.

## 4. Control & Activation (Opt-in)

In accordance with our security commitments, this module operates on an **explicit consent** model. By default, no data is transmitted.

Activation requires **two strict steps**:

### Step 1: Global Technical Activation (System Admin)

The System Administrator must first authorize the module's capability at the instance level via the global configuration (`Admin/configkey`).

* **Variable:** `TELEMETRY_ENABLED`
* **Action:** Set value to `True`.
* *Note:* This action alone **does not send any data**. It simply unlocks the ability for each entity to provide consent in Step 2.

### Step 2: Entity Consent (Company Admin)

Once the module is technically enabled globally, the administrator of each company must explicitly activate collection for their specific scope.

**Path:** `Authentication > Companies > [Your Entity]`

You have two options:

1. **Check "Technical telemetry enabled" (Essential)**
   * *Action:* Authorizes the sending of anonymized error reports (Stack traces).
   * *Guarantee:* If this box is checked alone, no user data is collected.
2. **Check "Technical telemetry IDs allowed" (Recommended)**
   * *Action:* Allows the inclusion of the technical Company ID and User ID in the report.
   * *Advantage:* Allows our teams to immediately know if a bug is isolated to a single user or affects the entire company, significantly speeding up diagnosis.

> **Note:** You can revoke this consent at any time by unchecking these options. The cessation of data transmission is immediate.

## Summary for SecOps Teams

| **Criteria**       | **Specification**                                     |
| :----------------- | :---------------------------------------------------- |
| **Network Flow**   | Outbound only (Egress), HTTPS (TCP/443)               |
| **Encryption**     | TLS 1.2 minimum                                       |
| **Destination**    | SaaS Infrastructure hosted in the EU (GDPR Compliant) |
| **Content**        | Technical metadata and Stack Traces only              |
| **Sensitive Data** | Filtered locally (On-premise) before emission         |

For any questions regarding the updated Data Processing Agreement (DPA) including this technical sub-processor, please contact your dedicated CSM.