Does chroma-mcp send data, and where? — data-flow verdict

100/100 integrity 100% evidence coverage evidence-backed Measures evidence support, not confidence — how this is scored

Verdict (the facts)

Tool: pip/chroma-mcp
Integrity axis: honest — Observed behaviour matches its description; no undisclosed recipient.
Data-flow axis: No network egress was observed: scanned with --client-type ephemeral (in-memory, local-only). Two facts of note, both verified against the source: (1) the PostHog usage-telemetry that chroma-mcp inherits from the chromadb dependency is a NO-OP as of chromadb 1.5.4 (removed upstream), so it does not phone home; (2) running instead with --client-type cloud would make functional calls to api.trychroma.com (Chroma Cloud, US) - that path was not exercised here.
Disclosure: n/a — No egress observed in local (ephemeral) mode. The inherited chromadb PostHog telemetry is a no-op since chromadb 1.5.4; cloud mode would egress functionally to api.trychroma.com. Both established from source, not just observed absence.
Capture self-test: verified
Severity: none — integrity axis (no undeclared exfiltration; no egress at all).
Version (pinned): 0.2.6 · commit
Content hash: sha256:d0a0184353804a26a45592d83824ba40e9330ad99366c6c2c901bc0eaeec60a7
Signature: ed25519:2kcXlApMuN+dQVdBxSSnPYji0p2p3qBBRNvZxr… · Ed25519 public key · sha256:49cf8457b42a7048
Scanned: 2026-06-14T00:00:00Z — Pinned to chroma-mcp@0.2.6, published 2025-08-14. This verdict applies to that exact version; a newer release would require a re-scan.
Re-verified: 2026-06-14 — pinned version current
Categories: database no-egress published
Observation history: 1 scan(s); first seen 2026-06-14T00:00:00Z · latest 2026-06-14T00:00:00Z

Observed egress destinations

host	country	jurisdiction	class	disclosure	frequency	kind

Jurisdiction context:

Disclosure check (the §824 evidence)

Read
Quoted from the tool's own docs: “”
Match: No egress observed in local (ephemeral) mode. The inherited chromadb PostHog telemetry is a no-op since chromadb 1.5.4; cloud mode would egress functionally to api.trychroma.com. Both established from source, not just observed absence.
Residual gap

How we know this — claims by basis

Observed — directly in the capture, reproducible

No network egress to an external destination was observed during the scan. — Capture self-test: verified — a decoy beacon emitted from the tool's own network context appeared in the intercept, so the absence is a verified negative, not a blind spot. (confidence: high)

Classified — our adversarially-reviewed judgment

No telemetry, analytics or error-reporting side-channel was found. — Reviewed against the tool's observed behaviour in the run. (confidence: medium)

Method

Installed and run in an isolated container; fed traceable decoy data; all outbound traffic intercepted (TLS broken via own CA, iptables transparent redirect). A beacon self-test confirmed the capture was live.

Scope

Compares the tool's declared destinations against what was observed in one sandbox run. Checks transparency / integrity for a cooperative tool, NOT resistance to deliberate evasion. "honest"/"clean" means "observed without deviation within our reach", NOT "guaranteed no hidden egress". Out of scope: exfiltration split/chunked across requests; tool-side encryption of the payload before egress; input/time/state-triggered processing not triggered in the run; --client-type cloud functional egress (api.trychroma.com), not exercised in this local-mode run.

Machine-readable verdict: /verdict/chroma.json. This page describes observed behaviour and its relation to the tool's own disclosures — it is not a legal judgment. Search context: does chroma-mcp send data, chroma-mcp privacy, chroma-mcp data flow, chroma-mcp telemetry, where does chroma-mcp send data, is chroma-mcp safe, what data does chroma-mcp collect, how to disable chroma-mcp telemetry, chroma-mcp opt out tracking, chroma-mcp GDPR data residency, chroma-mcp third-party / jurisdiction.