Data and Privacy
Vegha is local-first and built around a simple principle: your data stays on your machine. This page describes exactly what Vegha stores, where, and the only network traffic it ever issues.
Zero telemetry
Section titled “Zero telemetry”Vegha has zero telemetry, zero crash reporting, and zero phone-home behavior. There is no opt-out toggle because there is nothing to opt out of — the app does not collect usage data, analytics, or crash reports.
The only outbound traffic
Section titled “The only outbound traffic”The only network traffic Vegha ever issues is:
- The test requests you explicitly send — the HTTP/SOAP requests in your collections.
- The auth flows you explicitly initiate — for example OAuth2 and OIDC discovery.
- Update checks (direct-download builds only) — periodic Velopack update checks against the GitHub releases feed.
Microsoft Store (MSIX) and Mac App Store (MAS) builds skip step 3 entirely; updates for those builds are handled by the store.
Where your data lives
Section titled “Where your data lives”Your collections, environments, and history stay on your machine. Settings are stored per-user:
| OS | Settings location |
|---|---|
| Windows | %AppData%\Vegha |
| macOS | ~/Library/Application Support/Vegha |
| Linux | ~/.config/Vegha |
Collections themselves are plain-text .bru files in the workspace folder you choose, so you control where they live and can commit them to version control.
Secrets and tokens
Section titled “Secrets and tokens”OAuth2 tokens and other secrets are stored in your operating system’s keystore rather than in plain files:
| OS | Keystore |
|---|---|
| Windows | Windows Credential Manager |
| macOS | macOS Keychain |
| Linux | Secret Service |
Auditable source
Section titled “Auditable source”Vegha is MIT-licensed and its source is public. You can verify these claims yourself in the repository at github.com/vegha-ai/Vegha.