Analytics on Koder Public Surfaces

mandatory

Privacy-respecting analytics policy for Koder public surfaces (kds.koder.dev, www.koder.dev, hub.koder.dev, <slug>.koder.dev, product landings). Defines what may be collected, what must NOT be collected, the required tooling stance (self-hosted only), DNT respect, retention windows, dashboard access, and the contract with visitors. Companion policy to security.kmd and the multi-tenancy contract.

Status: ratified 2026-05-10 by owner as part of Koder Design Sprint 9.7 (#016). Applies to all koder.dev surfaces — landings, docs sites, app shells, OAuth consent screens, error pages.

User-specific telemetry from authenticated apps (kall, koru, eye, …) is governed separately by specs/errors/reporting.kmd (opt-in error reports) and specs/multi-tenancy/contract.kmd (tenant-scoped audit logs). This policy covers anonymous public surface analytics only.

R1 — Self-hosted only

Analytics tooling must be self-hosted on Koder infra (`infra/observe