Privacy

Troy is built with privacy by design — no tracking, no domain collection, no data you don't control.

Privacy by Design, Not by Policy

Most update systems collect data because they can. Some plugins collect domain names, IP addresses, all plugins and themes, settings, admin and user email-addresses, sales revenue—all funneled to someone else's servers.

Troy works differently. It can't leak data it never collects.

Privacy isn't a setting you toggle. It's baked into the architecture.

Troy Client

Troy Client runs on sites that receive updates. Here's exactly what it sends to Troy Servers:

Rotating Site ID

A random identifier that changes weekly. No persistent fingerprinting.

Plugin Slugs & Versions

Only plugins and themes registered with the repository—not your entire install list.

Locale Preferences

Which translations you need, so servers can provide language packs.

PHP & WordPress Versions

Used to determine compatibility before offering updates.

That's the complete list. Troy Client never sends:

  • Domain names — Your site URL never leaves your server
  • Email addresses — Admin emails, user emails, customer emails stay local
  • Usernames or display names — Nothing about who runs the site
  • IP addresses — Troy Client doesn't transmit them
  • Settings or configuration — Your site options are yours alone
  • Full plugin or theme lists — Only Troy-enabled plugins and themes, nothing else

Troy Client also filters data sent to other update systems. When WordPress checks for updates with WordPress.org, Troy removes its plugins from the request—so even WordPress.org never learns which Troy plugins you have installed.

Troy Server

Troy Server runs on your infrastructure and receives update requests. Here's what you see as a plugin author:

Data you receive:

  • Update request counts — How many sites are checking for updates
  • Version distribution — What versions are currently deployed
  • Download counts — How many times packages were fetched
  • PHP & WordPress versions — Aggregate compatibility data
  • Locales — Which translations are requested

Data you don't receive:

  • Domain names of sites using your plugin
  • User information from those sites
  • Any data that could identify individual installations

Each repository only sees requests for plugins and themes registered with it. You never see requests meant for other servers.

This is intentional. You don't need identifying data to ship good software.

HTTPS-Only Communication

All communication between Troy Client and Troy Server happens over HTTPS. No exceptions.

Update checks, package downloads, header verification—everything is encrypted in transit. This isn't optional. Troy rejects insecure connections by design.

Self-Hosted Means Self-Controlled

Cloud services promise privacy policies. Self-hosting gives you actual control.

With Troy Server on your infrastructure:

  • Logs stay on your servers — Review, rotate, or delete them as you see fit
  • No third-party processing — Update requests never touch external infrastructure
  • Compliance is your choice — Meet GDPR, CCPA, or any standard without depending on vendor compliance
  • No terms of service — The code is MIT licensed; your data governance is up to you

An Indie Dev's Approach to Privacy

Troy has no investors demanding growth metrics. No advertising model that needs user profiles. No "data-driven" roadmap requiring behavioral analytics.

Data is a liability. It attracts hackers. It creates compliance headaches. And it erodes the trust users place in developers.

I designed Troy to never collect anything personally identifiable in the first place. You trusted me with your update infrastructure—you shouldn't have to trust me with your data.

Want to verify these claims?