# Data Sent by Aikido Zen Aikido Zen periodically reports metadata to help analyze security activity and detect attacks in your environment. This data is aggregated, not sent in real-time, and does not include sensitive user data or payloads unless an attack is detected. ## Reporting frequency * On startup – Zen sends a one-time snapshot of your environment. * Every 10 minutes – Zen sends aggregated usage statistics. * When an attack is detected – Zen immediately reports details about the attack and its metadata. ## Data collected ### On startup * Packages – the list of installed dependencies. * System information – OS, architecture, hostname, and machine IP. ### Every 10 minutes * Routes – the list of API routes with their specifications and the total number of hits per route (no individual requests). * Outbound hostnames – aggregated list of hostnames your app connects to and how often. * AI usage – statistics of AI-related operations, this does not contain any prompts * App statistics – counts of requests, operations, and general performance metrics. * Users – last known IP address for each user, but only if user tracking is explicitly enabled via setUser. ### When an attack is detected * Attack metadata – includes request method, endpoint, timestamp, attack vector type, and other diagnostic details required for analysis. ## Privacy and PII Aikido Zen is designed to avoid collecting personally identifiable information (PII). * All regular reports are aggregated and anonymized where possible. * User IPs are only included if explicitly enabled. * No raw data, headers, or payloads are sent during normal operation. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.aikido.dev/zen-firewall/miscellaneous/data-sent-by-aikido-zen.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.