Disabling Prisma Telemetry
How to disable Prisma telemetry in your projects
While exploring Prisma's security architecture, I discovered that telemetry data is collected after every single CLI command execution. The documentation on Prisma 7 doesn't contain any information on what telemetry data is collected or how to disable it, so I decided to investigate further.
Disabling Prisma Telemetry
Prisma's telemetry is enabled by default and sends a block of data on each CLI command execution. You can easily disable it by setting the following environment variable in your project's environment configuration:
.env file:
CHECKPOINT_DISABLE=1Alternatively, you can disable for the lifetime of your terminal session using the following commands:
Windows (PowerShell):
$env:CHECKPOINT_DISABLE = "1"Unix/Linux/MacOS (Bash):
export CHECKPOINT_DISABLE=1What's Collected?
The primary source of telemetry data is the Prisma CLI. Every time you run a Prisma CLI command, it collects data about the command you ran, the version of Prisma you're using, and some anonymized information about your environment.
The data is dispatched via query string parameters in a GET request to https://checkpoint.prisma.io. The telemetry data includes the following information embedded in the query string:
checkpoint_version: '4'
local_timestamp: '2026-03-13T20:20:15-07:00'
information: ''
schema_providers: postgresql
schema_generators_providers: prisma-client
command: generate
client_event_id: 9789cc5a-d6bc-4482-8225-4dce08b6f333
signature: 445b5a8b-d1a3-40d6-a5e7-9b594d1d22a9
project_hash: 48697f93
cli_path_hash: 42c939e7
arch: x64
os: win32
node_version: v24.13.1
version: 7.5.0
ci: 'false'
ci_name: ''
cli_install_type: local
previous_client_event_id: 858ae69b-0123-470f-997f-38543fc203ad
check_if_update_available: 'false'Of the recorded data, the command field sticks out as concerning. If a dev mistypes a command and runs a Prisma command that contains sensitive information after npx prisma, then that information will be sent via query params to the telemetry endpoint.
The good news is, Prisma has partially remedied this by stripping out certain sensitive arguments from the command string before sending it. The complete list of stripped arguments can be found here in the codebase. Even with the selective stripping, a command typo has the potential to leak sensitive information.
Appendix 1: Collecting Telemetry Data
I used the popular mitmproxy tool (mitmproxy.org) to intercept the telemetry data sent by the Prisma CLI. Adding the NODE_EXTRA_CA_CERTS env var pointed to the mitmproxy certificate allowed me to decrypt the telemetry data and see exactly what was being sent.
