PRIVACY.md
A complete, current list of every network call Etherpad's own code makes to a third party, plus how to turn each one off. Plugins are out of scope — audit any plugin you install.
Etherpad ships with two outbound calls to etherpad.org. Both are
documented below. Both can be disabled with a single config value each.
No analytics, no usage pings, no third-party SDKs at runtime.
| URL | https://static.etherpad.org/info.json (override via updateServer) |
| Frequency | hourly while the server runs |
| Payload | GET only; User-Agent: Etherpad/<version> |
| Purpose | surface an "update available" notice in the admin panel |
| Disable | set privacy.updateCheck: false in settings.json |
| Source | src/node/utils/UpdateCheck.ts |
| URL | https://static.etherpad.org/plugins.json (override via updateServer) |
| Frequency | on admin-plugins page load (cached 10 min) |
| Payload | GET only; same User-Agent |
| Purpose | list installable ep_* plugins in the admin UI |
| Disable | set privacy.pluginCatalog: false in settings.json (manual install via CLI still works) |
| Source | src/static/js/pluginfw/installer.ts |
swagger-ui-express was dropped because the upstream npm package
injects a Scarf analytics pixel that cannot be disabled at install or
runtime (see swagger-api/swagger-ui#10573).
/api-docs is now served by a vendored copy of Scalar
(MIT) with no outbound calls. The shell explicitly opts out of Scalar's
default font fetch (withDefaultFonts: false) and analytics
(telemetry: false), and pins a system-font stack via CSS.
@scarf/scarf is listed under ignoredBuiltDependencies in
pnpm-workspace.yaml, so its postinstall pixel is suppressed even if a
future transitive dep pulls Scarf in.
Third-party plugins are out of this guarantee. Plugins run in your Etherpad process with full access; audit any plugin you install.
Found an outbound call this doc doesn't list? Open an issue with the
label privacy.