When you review code with the CLI or MCP server, the files you choose are sent over HTTPS for the single purpose of generating the review. That is the only reason they leave your machine.
We do not retain your source code. Your files are processed in memory to produce the review and then discarded. What we keep is the review itself (the score, issues, and the evidence Sally cites) — not your full source files.
We never train on it, sell it, or share it. The analysis runs through Anthropic's API, which does not train on submitted content.
We only ever process what you explicitly review. Sally does not browse your repository, read files you didn't point her at, or scan your projects or plans. Common secret files (.env, SSH keys, certificates) are skipped on your machine before anything is sent.
Device ID: A random identifier stored in your browser's localStorage. Used for quota tracking and linking purchases. Not tied to your real identity.
Email: Only if you sign up for SuperClub or request a magic link login. Used for authentication, receipts, and subscription management via Stripe.
Submitted content: URLs are crawled to generate feedback. Images and documents are processed in memory and not stored after analysis.
Analysis reports: Full Truth reports are stored in our database linked to your device ID. This allows you to access them later and enables the "performance review" feature.
Events: We track usage events (roast submitted, report viewed, payment completed) for analytics. Events are linked to device IDs, not personal identity.
Payment data: Handled entirely by Stripe. We store your Stripe customer ID and subscription status, but never your payment card details.
We use a single session cookie (sally_session) for authenticated users. No third-party tracking cookies. No ad cookies.
Anthropic (Claude): Powers the AI analysis. Content is sent via API for processing.
Stripe: Handles all payment processing.
Resend: Sends transactional emails (magic links, receipts, PDF reports).
Firecrawl: Crawls submitted URLs to extract content for analysis.
You have the right to access, correct, delete, or export your data. Email bye@cynicalsally.com and we'll handle it. We aim to respond within 30 days.
All services are hosted in Frankfurt, Germany (EU). Your data stays in the EU.
Questions about privacy? Email bye@cynicalsally.com.
Last updated: June 2026