- Your Salesforce metadata and scan results are processed entirely on your device.
- Only your account profile, optional diagnostics, and optional analytics leave your device, via Google Firebase.
- Your findings, scores, and full scan history are stored only in the local database — none of it is uploaded, and there is no cross-device history.
- The Ask Vita assistant is opt-in and off by default — the only feature that sends org metadata off the device, and only to Anthropic under your own key, never to CloudAlgo. GitHub is involved only for update checks.
1. How data flows
OrgVitals runs as a desktop application on your machine. When you run a scan, it uses your existing Salesforce CLI (sf) authentication to pull a read-only metadata snapshot from your org and stores it, along with all findings and scan history, in a local SQLite database on your device. This processing happens locally. CloudAlgo does not receive your metadata, Apex source, findings, or org identity.
Your findings, scores, and full scan history are stored only in this local database — none of it is uploaded to CloudAlgo, and there is no cross-device scan history.
Separately, a small amount of account and telemetry data is sent to CloudAlgo through Google Firebase. The "Ask Vita" assistant is opt-in and off by default: it is the only feature that sends org metadata off your device, and it does nothing until you add your own Anthropic API key and explicitly acknowledge (via a checkbox, recorded by the ov.consent.vita flag) that your question and the org metadata Vita reads will be sent to Anthropic's Claude API. When enabled and used, that data goes directly from your device to Anthropic under your own API key, never to CloudAlgo. If you never enable Vita, nothing is ever sent to Anthropic.
2. Stays on your device vs. leaves your device
| Stays on your device | Leaves your device |
|---|---|
| Read-only metadata snapshot (Apex, Flows, profiles, permission sets, objects, fields, reports, dashboards, limits, Health Check score, test coverage) | Account profile (uid, email, name, picture, createdAt) — sent to Firebase, required |
| Scan results, scores, finding-level detail, and full scan history (local SQLite database) — never uploaded, no cross-device history | Crash / error diagnostics (app_errors) — sent to Firebase, opt-out (on by default) |
| Your Anthropic API key (stored encrypted) | Product analytics events and device data — sent to Firebase / Google Analytics, opt-in (off by default) |
| — | Ask Vita requests (your question + the org metadata Vita reads: flows, fields, users, permissions, findings, and code) — sent to Anthropic under your own key, only if you enable Vita (opt-in, off by default) and use it; never to CloudAlgo |
OrgVitals does not upload your scan results, scores, findings, scan summaries, scan history, or your Salesforce org metadata or identity to CloudAlgo, and there is no cross-device history.
3. Sub-processors
We use the following sub-processors to provide OrgVitals. Because these providers operate globally, the data they handle may be processed outside India.
| Sub-processor | Purpose | Data | Location |
|---|---|---|---|
| Google / Firebase | Sign-in (OAuth), authentication, diagnostics storage, and analytics | Account profile, crash/error logs, and product analytics events | United States / global |
| Anthropic | "Ask Vita" AI assistant (opt-in, off by default), only if you enable and use it, under your own API key | Your question and the org metadata Vita reads (flows, fields, users, permissions, findings, code) | United States |
| GitHub | Checking GitHub Releases for application auto-updates | Standard request metadata (e.g. IP address, current app version) | United States |
4. International transfers
Data that leaves your device may be transferred to and processed in countries outside India, including the United States, where these sub-processors operate. We rely on the sub-processors' own safeguards and contractual commitments for such transfers, consistent with applicable law.
5. Your controls and rights
You can turn crash diagnostics off and product analytics on or off at any time in the in-app "Privacy & Data" dialog, and you can remove your local data by deleting it or uninstalling the app. For your rights of access, correction, erasure, and consent withdrawal, and for how we handle the data we control, see the Privacy Policy or contact contact@cloudalgo.com.