We use Plausible as our analytics host, due to their privacy-focused approach. This can be verified by reading what kind of data they collect, where their servers are hosted, which hosting providers they use, etc - all can be found here. They primarily use Hetzner-hosted servers for their infrastructure, which means all data collected falls under the EU's pretty strict privacy laws!
We do have a "bare minimum" category of telemetry, and this is purely
ping requests - this lets us know how many active users we have. A single ping request is sent every 4 minutes and 30 seconds, to ensure that we're not fighting with Plausible's 5 minute "user timeout" duration (so active users are always considered active). This equates to 320 rather small network requests over the course of a 24-hour period, and we are always looking for ways to better streamline this implementation.
Optional telemetry consists of
pageview events, as well as when a location, library, tag or anything similar was added/deleted/etc (a full list as of 2023-11-06 can be found here). Page view events do not contain any PII, and every UUID is removed before we ever receive any data - locations are sorted by the location ID, and that is an integer (we remove this also). A typical path that we receive looks like:
/:libraryId/location/:id/. We can only see what page in the app you're viewing, and we remove anything that could possibly be used to identify users before it ever leaves their device. You may find a demo here, which hopefully provides a bit of insight into the data that we receive.
We additionally receive information about: whether or not the app is in debug mode, which core version the app is using, which commit hash is being used (in case the version doesn't help), which platform is being used, etc.