Skip to content

Data We Collect

Transparency is a core F7 value. This page provides a complete breakdown of what the F7 agent captures, what it never captures, and why each data point exists.

What We Capture

Data CategoryExamplesWhy We Capture It
Application focusApp name, app category, foreground/background transitionsUnderstand which tools people use and how they divide their time
Input activityClick count, keystroke count, scroll events, idle periodsMeasure engagement levels without recording what was typed
Network metadataDestination domain, port, detected AI providerIdentify which AI tools are being used and how frequently
Session structureSession start/end, duration, focus time, context switchesUnderstand work patterns, deep work vs. fragmented time
AI interaction metadataAI provider name, turn count, request/response sizes, time-to-first-responseMeasure depth and sophistication of AI usage
Git metadataCommit count, files changed count, insertions/deletionsCorrelate AI usage with development output (via webhook, not agent)

Employer-Provided Data

In addition to agent-captured metadata, F7 processes organization-provided workforce data such as identity, role, and hierarchy fields when the deploying organization configures those syncs.

Data CategoryExamplesWhy It's Used
Job metadataJob title, employment type, cost center, locationTeam-level analytics and segmentation
Org hierarchyDepartment, division, team, managerReporting structure and rollup views
Employment lifecycleHire date, termination date, active statusAccurate headcount and tenure analysis
IdentityEmail, display name, user principal nameAccount linkage and HRIS/IdP sync

Employer-Controlled Data

F7 does not independently collect workforce directory data — it is provided entirely by the deploying organization. The organization decides which supported fields to sync and can disable those syncs at any time.

Third-Party Event Integrations

With your organization's authorization, F7 can ingest event metadata from configured controller integrations. This provides richer analytics without relying solely on network-level observation from the agent.

Integration CategoryImplemented SourcesData Retrieved
Source controlGitHub, GitLab, BitbucketCommit, pull request, branch, and review event metadata
Issue/project managementJira, Linear, AsanaTicket and sprint event metadata
CI/CDJenkins, GitHub Actions, GitLab CI, CircleCIBuild, test, and deployment event metadata
Calendar/support/feature flagsGoogle Calendar, Microsoft Outlook, Zendesk, LaunchDarklyMeeting, support-ticket, and flag-change event metadata
Custom workflowsGeneric webhooksCustomer-defined event metadata

Metadata Only — Never Content

Third-party integrations retrieve event metadata only — never document contents, message text, prompt/response text, code diffs, repository contents, calendar descriptions, support conversation bodies, or file contents. F7 requests only the minimum scopes required for the configured event source.

Opt-In Only

Third-party integrations are not enabled by default. Each integration must be explicitly authorized by an organization administrator, who grants the specific API credentials and scopes. Integrations can be disconnected at any time.

Important Details

  • Keystroke count, not keystrokes. We count how many keys were pressed. We never record which keys or what was typed.
  • App name, not window title. For non-work applications, we capture only the app name and category.
  • Domain plus AI-provider endpoint path, not full URL. We record the destination domain and, for AI-provider API calls, the endpoint path used for classification. We never capture query parameters, request bodies, response content, or page content.
  • Sizes, not content. For AI interactions, we record how large requests and responses were. Never the actual prompt or response text.

What We Never Capture

CategoryGuarantee
Prompt and response textNever captured — not even with advanced features enabled
File contentsNever read — only metadata like file count and type
Email and chat contentNever captured — only time-in-app and domain
ScreenshotsNever transmitted off the device — if the optional vision model is enabled, frames are processed locally; current macOS capture streams PNG bytes through stdout and the agent scrubs stale legacy temp files on startup
Clipboard contentsNever captured under any circumstances
Passwords or credentialsNever accessed or stored
Browsing historyOnly the active destination domain is captured, with AI-provider API endpoint paths used for classification — never full URLs, query parameters, request bodies, response content, or page content
Personal app activityApps on the exclusion list generate zero telemetry
Individual keystrokesOnly aggregate counts — never what was typed

Where Data Lives

LocationWhat's StoredEncryption
Employee's deviceRaw observations + classified sessions (temporary)AES-256 encrypted local database
F7 ControllerStructured metadata + computed scoresEncrypted at rest, tenant-isolated
DashboardsRendered analytics (not stored separately)Served over HTTPS

Data Retention

Data TypeDefault RetentionConfigurable?
Raw telemetry90 daysYes — per organization
Daily/weekly rollups12 monthsYes — per organization
Audit logs24 monthsMinimum 24 months
Agent local dataSynced then prunedAutomatic

Organizations can configure retention periods. When data is deleted, it is permanently removed from all storage — not archived.

Right to Erasure

Any employee's data can be fully erased on request:

  1. The organization issues an erasure command through the admin interface
  2. The controller deletes all records for that individual
  3. The agent receives a remote command to wipe all local data
  4. An audit trail of the erasure itself is retained (for compliance — without the original data)

For Procurement Teams

This page is designed to answer common vendor security questionnaire items about data collection scope. For encryption and access control details, see the Security Overview.

Published by F7 Platform, Inc.