Recorded traffic stays local by default.

Wraith is a local developer tool for API mocking from recorded traffic. The privacy rule is simple: your recordings, scrub rules, synthesized models, reports, and local twins live in your workspace unless you explicitly share them.

What Wraith writes locally

• Recordings API exchanges are written as WREC files inside the twin workspace after scrubbing rules run.
• Models Synthesized symbols, state, route metadata, and conformance reports stay in the local `twins/<name>/` directory.
• Trace logs Runtime trace buffers exist only when `wraith serve --trace` is enabled.

Scrubbing and secrets

Wraith applies header redaction, body pattern matching, and user-configured scrub rules before recordings hit disk. Treat scrub configuration as a safety layer, not a substitute for reviewing the data you choose to record. If an API carries unusual secret formats, add explicit rules in `scrub.toml` before recording.

Telemetry

The public website may measure page views, CTA clicks, docs search, install command copies, and `/install.sh` requests so the project can learn whether visitors reach the quickstart and install path. Wraith CLI product telemetry should remain off unless explicitly documented and enabled by the user.

Retention and deletion

Local recordings and models are deleted when you delete the twin workspace. Website logs, if enabled by the hosting provider or analytics setup, should be treated as operational logs and retained only as long as needed to understand acquisition and install health.

Contact

Questions about data handling, security, or team evaluation can go to [email protected].