Privacy

Does Stockyard phone home?

No telemetry, no analytics beacons, no usage reporting, no update checks. On paid tiers, the only Stockyard-directed call is license validation on startup. Everything else stays on your server.

What the binary does

Proxies requests to the LLM providers you configure (OpenAI, Anthropic, etc.)
Stores traces, costs, and audit logs in a local SQLite file on your server
Serves the web console and API on your local network
Exports OTEL spans if you set OTEL_EXPORTER_OTLP_ENDPOINT (optional, you choose the destination)
Validates license keys against Stockyard's license server on paid tiers

What the binary does not do

Send usage data, analytics, or telemetry to Stockyard or any third party
Phone home for update checks or version pings
Transmit your prompts, responses, or API keys anywhere except the providers you configure
Include tracking pixels, analytics scripts, or beacon endpoints
Log to any external service unless you explicitly configure OTEL export
Require an internet connection to run (except to reach your LLM providers)

Verify it yourself

You do not have to take our word for it. Monitor outbound traffic from the Stockyard process and confirm it only connects to the providers you have configured.

# Watch all outbound connections from Stockyard
ss -tnp | grep stockyard

# Or use tcpdump to see exactly what leaves your machine
sudo tcpdump -i any -n host $(hostname -I | awk '{print $1}') and not port 4200
  

You will see connections to api.openai.com, api.anthropic.com, and whichever other providers you have keys configured for. Nothing else.

License validation

On paid tiers, Stockyard validates your license key on startup. This is the only outbound call that is not directed at an LLM provider. On the free Community tier, there is no license check and no outbound calls to Stockyard infrastructure at all.

Key storage

Provider API keys are encrypted at rest using AES-256-GCM. The encryption key is either derived from STOCKYARD_ENCRYPTION_KEY (if you set one) or auto-generated and stored in the SQLite database. Keys never appear in logs, API responses, or error messages.

For the full security picture, see the security page.

Self-hosted means self-hosted.

Your server, your data, your network. Stockyard is a tool that runs on your infrastructure, not a service that reports back to ours.

Install Stockyard

Security details → Why single binary? →