Legal

Privacy Policy

OrgVitals by CloudAlgo  ·  CloudAlgo Private Limited  ·  Last updated: July 1, 2026

1. Who we are

OrgVitals is a desktop application published by CloudAlgo Private Limited, a company incorporated in India ("CloudAlgo", "we", "us"). For the personal data described in this policy that we control, CloudAlgo Private Limited, at our registered office in India, is the data controller.

For any privacy or data-protection question, contact us at contact@cloudalgo.com.

2. What stays on your device

OrgVitals is a desktop application (built on Electron, available for macOS, Windows, and Linux) that scans the health of a Salesforce org you have already authenticated using the Salesforce CLI (sf). The following data is created and kept locally on your machine, and CloudAlgo cannot access it:

  • The read-only metadata snapshot OrgVitals pulls from your org — Apex, Flows, profiles, permission sets, objects, fields, reports, dashboards, org limits, Health Check score, and test coverage. Access to your org is strictly read-only; OrgVitals never writes to it.
  • All scan results, finding-level detail, and scan history, which are stored in a local SQLite database on your device.
  • Your Anthropic API key (used for the optional Ask Vita assistant), which is stored encrypted on your device.

Raw Salesforce metadata, Apex source, finding-level detail, scores, and your full scan history never leave your device and live only in the local database. OrgVitals does not upload your scan results, scores, findings, scan summaries, or your Salesforce org metadata or org identity to CloudAlgo, and there is no cross-device scan history.

The "Ask Vita" assistant (opt-in, off by default)

Ask Vita is the only feature in OrgVitals that sends org metadata off your device, and it is opt-in and off by default. Before any data is sent to Anthropic, you must both (a) supply your own Anthropic API key (stored encrypted locally) and (b) explicitly acknowledge, via a checkbox on the Vita screen, that your question and the org metadata Vita reads will be sent to Anthropic's Claude API to generate answers. A consent flag (ov.consent.vita) records this acknowledgement.

When Vita is enabled and used, your question plus the specific org metadata it reads — such as flows, fields, users, permissions, findings, and code — are sent directly to Anthropic's Claude API under your own API key to generate answers. This data goes to Anthropic, never to CloudAlgo. You, using your own API key, are the controller of that interaction, which is governed by Anthropic's terms and privacy policy. If you never enable Vita, nothing is ever sent to Anthropic.

3. What we collect and store

A limited set of information does leave your device and reaches CloudAlgo through Google Firebase. It is summarised below.

Both the diagnostics and analytics toggles can be changed at any time in the in-app "Privacy & Data" dialog.

4. Third-party services & international transfers

OrgVitals relies on a small number of third-party services. Because these providers operate globally, your data may be processed on servers outside India, including in the United States.

  • Google — provides sign-in (Google OAuth), Firebase Authentication and Firestore (account profile and diagnostics), and Google Analytics. Governed by Google's privacy policy.
  • Anthropic — powers the "Ask Vita" assistant, which is opt-in and off by default. Only if you enable Vita (by adding your own key and acknowledging the data sharing) and then use it, your question and the specific org metadata Vita reads are sent to Anthropic's Claude API under your own Anthropic API key, never to CloudAlgo. You are the controller of that interaction, which is governed by Anthropic's terms and privacy policy.
  • GitHub — the app checks GitHub Releases for auto-updates, which involves standard request metadata (such as your IP address and current app version).

OrgVitals also reads a remote configuration document (via Firebase) to display maintenance or deprecation notices. This is a read on our side and does not send your data.

5. Legal bases

We process personal data in line with India's Digital Personal Data Protection Act, 2023 (DPDP Act). Our legal bases are:

  • Consent — for your account profile (given when you sign in) and for product analytics (explicit opt-in).
  • Legitimate interest — for crash and error diagnostics, to keep the app stable and secure. You can opt out at any time.

6. Data retention

Your local database and encrypted API key remain on your device until you delete them or uninstall the app. We retain your account profile for as long as your account is active. Diagnostics and analytics data are retained only for as long as needed for the purposes above, after which they are deleted or aggregated. You may request deletion of your account data at any time.

7. Security

Your Anthropic API key is stored encrypted on your device. Data in transit to Google and Anthropic is protected by TLS. Access to the data we hold in Firebase is restricted. Because your metadata and scan results never leave your device, they are not exposed to any server-side breach on our side.

8. Your rights

Subject to applicable law, you may request access to, correction of, or erasure of the personal data we hold about you, and you may withdraw consent. Many controls are available directly in the app: the "Privacy & Data" dialog lets you turn diagnostics and analytics on or off, and your local data can be removed from your device at any time. For requests we handle, or to withdraw consent for our processing, contact contact@cloudalgo.com.

9. Children

OrgVitals is a professional tool intended for business users and is not directed to individuals under 18. We do not knowingly collect personal data from children.

10. Changes to this policy

We may update this policy from time to time. Material changes will be reflected here with a revised "Last updated" date. Continued use of OrgVitals after a change constitutes acceptance of the updated policy.

11. Contact

Questions about this Privacy Policy or your data can be sent to contact@cloudalgo.com.