calctext/_bmad-output/implementation-artifacts/16-1-privacy-respecting-analytics.md

---
epic: 16
story: 16.1
title: "Privacy-Respecting Analytics"
status: draft
---

## Epic 16 — Analytics, Feedback & Iteration
**Goal:** Learn from usage to improve CalcPad while respecting user privacy.

### Story 16.1: Privacy-Respecting Analytics

As the CalcPad product team,
I want anonymous, privacy-respecting analytics on feature usage and error rates,
So that we can make data-informed decisions without compromising user trust.

**Acceptance Criteria:**

**Given** analytics are implemented in CalcPad
**When** any analytics event is recorded
**Then** no personally identifiable information (PII) is included -- no names, emails, IP addresses, or sheet contents
**And** events are limited to: feature usage counts, session duration, error type and frequency, and platform/version metadata

**Given** the macOS application
**When** analytics are active
**Then** events are sent via TelemetryDeck or PostHog (self-hosted or privacy mode)
**And** the SDK is configured to anonymize all identifiers

**Given** the web application
**When** analytics are active
**Then** events are sent via Plausible or PostHog (self-hosted or privacy mode)
**And** no cookies are used for analytics tracking

**Given** a user who does not want to participate in analytics
**When** they navigate to Settings > Privacy
**Then** an "Opt out of analytics" toggle is available
**And** disabling the toggle immediately stops all analytics collection with no data sent after opting out
**And** the opt-out preference persists across sessions and application updates

**Given** CalcPad's analytics implementation
**When** reviewed for regulatory compliance
**Then** it complies with GDPR (no data collected without legal basis, opt-out honored, no cross-site tracking)
**And** it complies with CCPA (user can opt out of data sale -- though no data is sold)
**And** a clear privacy policy is accessible from Settings > Privacy describing exactly what is collected