docs: usage data collection (#6822)

Author: dianed-square

documentation/docs/guides/config-files.md

@@ -20,6 +20,10 @@ The configuration files allow you to set default behaviors, configure language m
 - **secrets.yaml** - API keys and secrets (only when keyring is disabled)
 - **permissions/tool_permissions.json** - Runtime permission decisions (auto-managed)
 
+In addition to editing configuration files directly, many settings can be managed from goose Desktop and goose CLI:
+- **goose Desktop**: From the `Settings` page and the bottom toolbar
+- **goose CLI**: Run the `goose configure` command
+
 ## Global Settings
 
 The following settings can be configured at the root level of your config.yaml file:
@@ -51,6 +55,7 @@ The following settings can be configured at the root level of your config.yaml f
 | `SECURITY_PROMPT_CLASSIFIER_ENABLED` | Enable ML-based prompt injection detection for advanced threat identification | true/false | false | No |
 | `SECURITY_PROMPT_CLASSIFIER_ENDPOINT` | Classification endpoint URL for ML-based prompt injection detection | URL (e.g., "https://api.example.com/classify") | None | No |
 | `SECURITY_PROMPT_CLASSIFIER_TOKEN` | Authentication token for `SECURITY_PROMPT_CLASSIFIER_ENDPOINT` | String | None | No |
+| `GOOSE_TELEMETRY_ENABLED` | Enable [anonymous usage data](/docs/guides/usage-data) collection | true/false | false | No |
 
 ## Experimental Features
 

documentation/docs/guides/environment-variables.md

@@ -287,9 +287,9 @@ export GOOSE_EDITOR_HOST="http://localhost:8000/v1"
 export GOOSE_EDITOR_MODEL="your-model"
 ```
 
-## Security Configuration
+## Security and Privacy
 
-These variables control security related features.
+These variables control security features, credential storage, and anonymous usage data collection.
 
 | Variable | Purpose | Values | Default |
 |----------|---------|---------|---------|
@@ -300,6 +300,7 @@ These variables control security related features.
 | `SECURITY_PROMPT_CLASSIFIER_ENABLED` | Enable ML-based prompt injection detection for advanced threat identification | true/false | false |
 | `SECURITY_PROMPT_CLASSIFIER_ENDPOINT` | Classification endpoint URL for ML-based prompt injection detection | URL (e.g., "https://api.example.com/classify") | Unset |
 | `SECURITY_PROMPT_CLASSIFIER_TOKEN` | Authentication token for `SECURITY_PROMPT_CLASSIFIER_ENDPOINT` | String | Unset |
+| `GOOSE_TELEMETRY_ENABLED` | Enable or disable [anonymous usage data collection](/docs/guides/usage-data) | true/false | false |
 
 **Examples**
 
@@ -316,6 +317,10 @@ export SECURITY_PROMPT_ENABLED=true
 export SECURITY_PROMPT_CLASSIFIER_ENABLED=true
 export SECURITY_PROMPT_CLASSIFIER_ENDPOINT="https://your-endpoint.com/classify"
 export SECURITY_PROMPT_CLASSIFIER_TOKEN="your-auth-token"
+
+# Control anonymous usage data collection
+export GOOSE_TELEMETRY_ENABLED=false  # Disable telemetry
+export GOOSE_TELEMETRY_ENABLED=true   # Enable telemetry
 ```
 
 :::tip
@@ -513,9 +518,8 @@ When deploying goose in enterprise environments, administrators might need to co
 - [Advanced Provider Configuration](#advanced-provider-configuration) - Point to internal LLM endpoints (e.g., Databricks, custom deployments)
 - [Model Context Limit Overrides](#model-context-limit-overrides) - Configure context limits for LiteLLM proxies and custom models
 
-**Security and Access Control** - Manage which extensions can run and how secrets are stored:
-
-- [Security Configuration](#security-configuration) - Control extension loading (`GOOSE_ALLOWLIST`) and secrets management (`GOOSE_DISABLE_KEYRING`)
+**Security and Privacy** - Control security and privacy features:
+- [Security and Privacy](#security-and-privacy) - Manage security and privacy settings such as extension loading, secrets storage, and usage data collection
 
 **Compliance and Monitoring** - Track usage and export telemetry for auditing:
 

documentation/docs/guides/usage-data.md

@@ -0,0 +1,68 @@
+---
+title: Anonymous Usage Data
+sidebar_label: Usage Data
+sidebar_position: 66
+---
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+import { PanelLeft } from 'lucide-react';
+
+On first use, goose asks for permission to collect anonymous usage data to help improve the product. You can change this setting at any time.
+
+## Usage data collected
+
+To respect your privacy, goose collects only anonymous usage metrics when you opt in. If enabled, the following data is collected:
+
+- Operating system, version, and architecture
+- goose version and install method
+- Provider and model used
+- Extensions and tool usage counts (names only)
+- Session metrics (duration, interaction count, token usage)
+- Error types (e.g., "rate_limit", "auth" - no details)
+
+Collected usage data doesn't include your conversations, code, tool arguments, error messages, or any personal data.
+
+:::info Provider Data Handling
+Depending on the [LLMs](/docs/getting-started/providers) you use with goose, your conversations, prompts, and information accessed by goose might be sent to the provider and subject to their data retention and privacy policies.
+:::
+
+## Change Your Preference
+
+To change your usage data collection preference:
+
+<Tabs groupId="interface">
+  <TabItem value="ui" label="goose Desktop" default>
+    1. Click the <PanelLeft className="inline" size={16} /> button in the top-left to open the sidebar
+    2. Click `Settings` in the sidebar
+    3. Click the `App` tab
+    4. In the `Privacy` section, toggle `Anonymous usage data` on or off
+  </TabItem>
+  <TabItem value="cli" label="goose CLI">
+    Use the arrow keys to move through the options and press `Enter` to select. A solid dot shows your current selection.
+    1. Run `goose configure`
+    2. Choose `goose settings`
+    3. Choose `Telemetry`
+    4. Your current telemetry status is shown. Select `Yes` to enable anonymous usage data collection or `No` to disable it.
+    
+    ```sh
+    ┌   goose-configure 
+    │
+    ◇  What would you like to configure?
+    │  goose settings 
+    │
+    ◇  What setting would you like to configure?
+    │  Telemetry 
+    │
+    ●  Current telemetry status: Disabled
+    │  
+    ◇  Share anonymous usage data to help improve goose?
+    │  Yes 
+    │
+    └  Telemetry enabled - thank you for helping improve goose!
+    └  Configuration saved successfully to /Users/julesv/.config/goose/config.yaml
+    ```
+  </TabItem>
+</Tabs>
+
+You can also set the `GOOSE_TELEMETRY_ENABLED` variable directly in your [`config.yaml` file](/docs/guides/config-files), or use it as an [environment variable](/docs/guides/environment-variables#security-and-privacy) to set telemetry status for a given session.