If users are logged into their Insomnia account or if they haven’t opted out of analytics in the desktop application, we collect usage data to help improve the application. The usage analytics are collected to evaluate user behavior for the purpose of guiding product decisions.
Insomnia collects usage data like the following:
The following are data models Insomnia uses:
|
Data Model |
Definition |
|---|---|
M_Account
|
A user that can log in |
M_Resource
|
An entity that can be synced (e.g., Request, Workspace, etc.) |
M_ResourceGroup
|
A group of M_Resource that can be shared as one |
M_Link
|
A relationship linking a M_Account to M_ResourceGroup |
The following are keys and salts Insomnia uses.
|
Name |
Description |
Stored? |
|---|---|---|
PUB_Account
|
Public key for M_Account | |
PRV_Account
|
Private key for M_Account | |
SYM_Account
|
Symmetric key for M_Account | |
SYM_ResourceGroup
|
Symmetric Key for data encryption | |
SYM_Link
|
Encrypted form of SYM_ResourceGroup | |
SLT_Auth_1
|
Salt for PBKDF2 of passphrase for auth | |
SLT_Auth_2
|
Salt for SRP authentication process | |
SLT_Enc
|
Salt for PBKDF2 of passphrase for encryption | |
SEC_PWD_Auth
|
Secret derived from passphrase using SLT_Auth_1 | |
SEC_PWD_Enc
|
Secret derived from passphrase using SLT_Enc | |
SRP_Verifier
|
Verification string used for SRP |
Note: SYM_Link and SYM_ResourceGroup are essentially the same thing, but are defined separately for the purpose of discussion. This will become clear later on.
What specific data does Insomnia collect?
Insomnia collects information like the following JSON:
{
"anonymousId": "device-Specific-UUID-here",
"context": {
"app": {
"name": "Insomnia",
"version": "8.2.0"
},
"library": {
"name": "@segment/analytics-node",
"version": "1.0.0"
},
"os": {
"name": "mac",
"version": "14.0.0"
}
},
"event": "Request Executed",
"integrations": {},
"messageId": "node-next-message-specific-id-here",
"originalTimestamp": "2023-10-10T09:57:53.346Z",
"properties": {
"mimeType": "application/json",
"preferredHttpVersion": "default"
},
"receivedAt": "2023-10-10T09:58:05.056Z",
"sentAt": null,
"timestamp": "2023-10-10T09:57:53.346Z",
"type": "track",
"writeKey": "REDACTED"
}
Do you retain server logs, or event logs?
All server logs stored are kept within GCP and only accessed by engineers authorized to manage the Insomnia servers.
I use the desktop Insomnia app, how do I opt out of data collection?
If you use the Insomnia desktop application without an account, users have the choice to opt out of sending this information in the desktop application user interface. Users can opt out of sharing analytics data with Insomnia via the Insomnia app Preference Page by scrolling down to the Network Activity section and checking or unchecking the box next to Send Usage Statistics.
Do you retain server logs, or event logs?
All server logs stored are kept within GCP and only accessed by engineers authorized to manage the Insomnia servers.
What does end-to-end encryption (E2EE) mean in Insomnia?
End-to-end encryption means that all encryption keys are generated locally on your device. All data is encrypted before being sent and only decrypted after being received. At no point during synchronization can Insomnia servers—or anyone with access to those servers—read your encrypted project data.
What is considered project data in Insomnia?
Project data includes your API design specifications, collections, tests, and other files that you choose to sync and share through Insomnia’s hosted service.
Data used with artificial intelligence tools is not end-to-end encrypted and is excluded from this protection.
What encryption algorithms does Insomnia use?
Insomnia uses randomly generated 256-bit symmetric keys with AES-GCM-256 (Galois Counter Mode) to encrypt project data.
What happens if I forget my passphrase?
If you lose your passphrase, you lose the ability to decrypt your encrypted project data.
If you were part of an organization, you can be re-invited to recover shared data. If you shared data with others, they can re-invite you to restore access.
Are any parts of my encrypted data sent in plaintext?
Yes. While project data is fully encrypted, the id and name of each resource are sent in plaintext along with the encrypted payload.
Is Insomnia project data encrypted on disk?
No. Project data is stored in raw form on disk. E2EE applies only to data transmitted over the network. You should take appropriate measures to secure your local environment from unauthorized access.
Where does Insomnia store application data?
Insomnia stores local data in platform-specific appData directories:
%APPDATA%\Insomnia on Windows$XDG_CONFIG_HOME/Insomnia or ~/.config/Insomnia on Linux~/Library/Application Support/Insomnia on macOSYou can access this via Help > Show App Data Folder in the UI. Files are stored as insomnia.<resource>.db.
Where does Insomnia store logs?
Logs are stored in the following locations:
%APPDATA%\Insomnia\logs on Windows$XDG_CONFIG_HOME/Insomnia/logs or ~/.config/Insomnia/logs on Linux~/Library/Logs/Insomnia on macOSAccess the log folder via Help > Show App Logs Folder.
Where does Insomnia store environment information on a Linux Snap install?
Snap installations store user data and environment settings in the following locations:
/var/snap/: For system-level snap data~/snap/: For user-level, versioned snap dataWhere is my data stored when using Insomnia sync features?
The storage location depends on the sync method you’re using:
us-central1 region.