[RFC] Introducing Anonymous Telemetry in Sylius

[CoderMaggie]

Description

Q	A
Status?	Public RFC – open for community comments
Target Versions?	Sylius 1.12, 1.13, 1.14, and all 2.x versions

TL;DR 🚀

Sylius is introducing anonymous, privacy-safe telemetry to help the whole community understand how Sylius is used in real-world projects without collecting any personal or sensitive data.

It will gather technical metadata (PHP/Symfony versions, plugins, DB engines) and broad ranges of business indicators (e.g., store size), sent once per week.
Everything is anonymous, aggregated, open-source, and compliant with GDPR/ePrivacy.

Telemetry helps:

• maintainers prioritise issues and performance work
• plugin authors understand real compatibility needs
• agencies guide clients with better information
• the whole community advocate for stronger official integrations

Opt-out (full or partial) will always be available.
We’re now in the public RFC phase, welcoming community feedback before implementation. 🙌

---

0. Introduction

Status: Public RFC – open for community comments
Target Versions: Sylius 1.12, 1.13, 1.14, and all 2.x versions

Sylius needs a clearer understanding of how it is used in real-world environments.
Anonymous telemetry will give the community shared insights that help improve the platform, strengthen integrations, and support better decision-making across the ecosystem. 💡

This proposal has already been discussed with Sylius Key Contributors, selected partner agencies, and several customers.
We received positive feedback, applied suggestions, and are now opening the RFC to the wider community. 🙌

1. Summary

Today, many product and technical decisions across the ecosystem rely on experience rather than verified data.
Telemetry aims to provide anonymous, aggregated insights that help us build a faster, more stable, and more predictable Sylius together. 🤝

The design is privacy-safe by default and aligned with modern compliance expectations.
We are now in the public RFC phase, gathering input from the whole community.

2. Why We Need Telemetry

At the moment, we cannot reliably answer essential questions, such as:

• How many installations are active in production?
• Which versions of PHP, Symfony, or databases are most common?
• Which plugins and providers are used in real stores?
• What is the typical scale of Sylius projects?
• Which infrastructures (Docker, VPS, cloud) dominate?

Packagist downloads are not reliable (they include CI, bots, dev setups, abandoned projects), and the update checker only confirms an installation — not how it’s configured.

This leaves the community without insights that would benefit everyone. 🌍

3. Impact of Missing Data

A lack of reliable usage data affects the entire ecosystem: maintainers, plugin authors, agencies, integration partners, and the merchants who rely on Sylius every day. ❤️‍🩹

3.1 Technical Impact

• Hard to know which issues affect the most real installations
• Legacy support decisions rely on assumptions instead of usage
• Unexpected plugin and dependency conflicts
• Performance work cannot focus on the most common setups

3.2 Business & Product Impact

• No shared understanding of typical store size or usage patterns
• Roadmap discussions rely on anecdotal knowledge
• Plugin authors must guess which setups to support
• Agencies have less evidence when guiding clients

3.3 Partnerships Impact

• Payment and shipping providers (and similar integration partners) often need ecosystem metrics before investing in official support
• Without shared usage data, it’s harder for the community to advocate for new or improved integrations
• Agencies frequently maintain integrations themselves, generous, but resulting in duplicated work and inconsistent quality
• Reliable telemetry gives the community a stronger, collective voice backed by real numbers, helping partners invest where it matters most 🤝📈

4. What Telemetry Will Collect 📦

Telemetry focuses on anonymous technical metadata and aggregated business indicators.
Nothing personally identifying is ever collected.

4.1 Technical Metadata

• Environment (dev / prod)
• Sylius version
• PHP version
• Symfony version
• Doctrine ORM version
• Twig version
• API Platform version
• Database engine + version
• Webserver
• Docker presence
• Operating system (OS family: Linux, Darwin, Windows)
• System RAM (in GB)
• PHP memory limit
• Public plugins from composer.lock
• Plugin versions

4.2 Aggregated Business Metrics

Most of the number values are collected as ranges, not exact numbers.

• Product count (range only)
• Virtual product variants count (range only)
• Customer count (range only)
• Monthly order count (range only)
• Raw order count (exact number – helps distinguish active production stores from demos/stagings)
• Average order items and order item unit counts (range only)
• GMV (last 30 days, range only)
• AOV (last 30 days, range only)
• Active payment providers
• Usage count for each payment provider (range only)
• Active shipping providers
• Usage count for each shipping provider (range only)
• Enabled channels count
• Enabled countries
• Enabled locales and channels' default locales
• Enabled currencies and channels' base currencies

5. What Sylius Will Never Collect ❌

Sylius will never collect:

• Customer data
• Admin emails or personal identifiers
• IP addresses
• Domain names
• Product names, SKUs, or categories
• Exact transaction values
• Credentials or secrets
• Private plugins or private repositories
• Logs, stack traces, or error messages

These exclusions are strict and permanent.

6. Frequency & Delivery

• Sent once per week
• Triggered by the Admin scheduler
• Up to 3 retry attempts
• Silent failure - no impact if sending fails
• Private repositories are automatically excluded

7. Opt-Out Options ⚙️

Telemetry is enabled by default, but it can be disabled or limited.

Soft Opt-Out (regenerate installation ID)

SYLIUS_TELEMETRY_SALT=new-random-value

Hard Opt-Out (disable entirely)

SYLIUS_TELEMETRY_ENABLED=0

Partial Opt-Out

A mode that sends only technical metadata without business ranges will also be available.

8. Privacy & Compliance 🔐

Telemetry is designed to be safe by default:

• Anonymous architecture
• No personal data
• No IP or domain storage
• Salt-based installation ID
• No per-user tracking
• Transparent code in the Sylius repositories
• Aggregated reporting only
• Intended to comply with GDPR, CCPA, and ePrivacy

Privacy is a core requirement.

9. Community Benefits 🌱

The goal of telemetry is to give value back to the ecosystem:

• Quarterly ecosystem benchmark reports
• Public community statistics
• Compatibility insights for plugin maintainers
• Better data for agencies advising merchants
• Stronger partnership opportunities

Everyone benefits from a clearer picture of the ecosystem.

10. Rollout Plan 🚀

• Supported in: 1.12 → 1.14 and all 2.x
• Telemetry enabled by default
• Delivered as a separate module
• Gradual rollout starting with Sylius 2.x
• Existing update checker remains unchanged

11. Timeline 🗓️

1. Initial concept
2. Consultations with Key Contributors, agencies, and selected customers
3. Updated proposal based on feedback
4. Public RFC
5. Final version after community comments
6. Legal verification
7. Implementation PR
8. Release in upcoming patches (current phase)

12. Documentation 📚

Telemetry will be thoroughly documented across multiple resources:

Resource	Description	Status
RFC (this document)	High-level overview, rationale, and community discussion	✅ Current
"What & Why" documentation	Detailed explanation of collected data and reasoning behind each metric	https://docs.sylius.com/the-book/configuration/telemetry
Cookbook	Technical guide: configuration, opt-out options, customization	https://docs.sylius.com/the-cookbook/configuration/how-to-configure-telemetry-in-sylius
Post-upgrade Notice	First-run CLI notice informing users about telemetry, linking to documentation	✅ Ready
UPGRADE file	Migration notes for existing installations	✅ Ready

All documentation will be publicly available before the feature is released.

Draft PR: #18589

[GracjanJozefczyk]

Great impact for the community 💪

[christopherhero]

A well-described RFC @CoderMaggie , from the perspective of people implementing Sylius for clients, this kind of anonymous telemetry will be really helpful for making tech decisions. The only small thing I’d love to see in the final version is a simple example payload in the docs :)

[shochdoerfer]

Thank you for being transparent and sharing this publicly, as it provides a crucial piece of the puzzle, helping us understand the why and how behind the idea.

What criteria will be used to differentiate between private and public plugins or repositories? I don't think this information is included in the composer.lock file. What is a public plugin for you? Maybe it would to be a good addition to the RFC to describe this.

Will there be a mechanism in place for Admin users to see what data has been sent, perhaps through a log or report in the Admin UI, to ensure transparency and accountability?

[TheMilek]

Hi @shochdoerfer! 😄

Thank you for reaching out! 🚀

Let me address both of your points:

Public vs Private Plugins Detection

In our implementation, we differentiate between public and private plugins using the composer.lock file. Specifically:

A plugin is considered "public" when:

• It exists in the packages section of composer.lock
• AND has notification-url set to https://packagist.org/downloads/

This is a reliable indicator because:

• Packages installed from Packagist always have this notification URL
• Private packages from Private Packagist or local repositories do not have this URL set

You can see the exact implementation here

Transparency Mechanism for Admins

What do you think about some kind of command like for example:

bin/console sylius:telemetry:show

This command will output the complete telemetry payload in JSON format, allowing administrators to:

• Review all collected data
• Audit the exact information that would be transmitted
• Verify compliance with their organization's data policies

We could also expose this as an admin route that you could query with curl. What do you think - would a CLI command be sufficient, or would an route be more useful?

I've also added a link to the draft PR directly in the RFC description to make it more visible for review 😅

[shochdoerfer]

@TheMilek thx for the detailed description. Very much appreciated.

Using notification-url as indicator sounds plausible. I was not aware of that setting.

Regarding the transparency mechanism for admins I think the data should be visible in Admin UI as I don't think many merchants will use the CLI. Ideally, you would even add a setting to the channel configuration to allow or disallow sending the data for that specific channel. Just to make it really transparent what is happening under the hood.

[TheMilek]

@shochdoerfer — regarding the transparency mechanism for admin:

We discussed this internally and we’re planning to give admins access to their telemetry data through a dedicated portal and/or a small section in the Admin Panel. This would let them view their own (read-only, ranges) payload and also see how they compare to the broader ecosystem.

More details about it here: https://docs.sylius.com/the-book/configuration/telemetry#coming-soon-insights-for-merchants-and-plugin-authors

Also, feel free to check out our updated docs 😅:
Configuration overview
What & Why documentation

[gabiudrescu]

How do you make sure this does not crash your Sylius in case telemetry endpoint is down? With the last few downtimes of cloudflare you can't consider anything anymore always online 😃

[TheMilek]

@gabiudrescu Great question!

We tried to cover everything - basically every layer that is responsible for sending catches \Throwable and fails silently:
Example Sender

Same with data collection - each collector is wrapped, if something fails we just skip it:
Example Collector

Plus 5s timeout, listening on kernel.terminate, max 3 retries with 24h backoff.

We'd rather send nothing than break anything 😅

[TheMilek]

Update: Changed telemetry sending interval from monthly to weekly

Based on internal discussions, we've decided to change the telemetry sending interval from 30 days to 7 days.

This change improves reliability — if there are issues on our receiving end, we'll detect them within a week and this still does not affect performance of the projects

The documentation and the RFC description have been updated accordingly.

[TheMilek]

Update: Order count metric and locale from parameter

We're adding a new metric – raw order count (not range). This allows us to see if orders grow over time, which is a key indicator to distinguish real production stores from demos/stagings that remain static. This cannot be determined from anonymized data. We want to filter out such non-production data.

We're also adding the default locale (from parameter) to the technical data.

Everything else remains unchanged – this still doesn't allow us to identify or learn anything sensitive about individual stores.