sally← Back

Privacy Policy

Last updated: May 14, 2026

This Privacy Policy explains what information Sally (“Sally”, “we”, “us”) collects, how we use it, and the choices you have. It applies to your use of the Sally web app and related services.

1. Information we collect

We collect only what we need to run the service:

  • Account information. Your email address, and a password hash if you sign up with email and password. If you sign in with a third-party single sign-on provider, we receive your email and basic profile info from that provider.
  • Monitor settings. The URLs, descriptions, schedules, alert settings, names, selectors, rule plans, and other configuration needed to create and run your monitors.
  • Monitor results. Snapshots of the data extracted from the pages you choose to monitor (e.g., titles, prices, links, images), highlighted HTML previews, screenshots or image assets, generated output, suggestions, plus run history and error logs needed to power the dashboard and alerts.
  • Plan usage. Monitor counts, check counts, setup counts, AI scan usage, repair usage, timestamps, and basic operational metrics so we can show usage and detect abuse.
  • Feedback, settings, and analytics. Feedback or support messages you send us, product analytics and performance events, alert-channel preferences, and approximate country or geo defaults inferred from request headers or chosen by you.
  • Technical logs. Standard server logs (IP address, user agent, request paths, timestamps, error traces), kept for a limited period for security and debugging.
  • Payment information. Paid plans are processed by a third-party payment processor. We may receive billing status, customer IDs, subscription details, invoices, tax information, and payment status, but we do not store full card numbers ourselves.

2. How we use your information

We use the information above to:

  • create and operate your account;
  • run your monitors, store their results, and deliver the alerts you ask for;
  • track plan usage and billing status;
  • keep the service secure, debug problems, and prevent abuse;
  • improve Sally (e.g., diagnosing why an AI-generated monitor failed) using aggregated or non-identifying signals where possible;
  • copy and reuse proven monitor settings from healthy, high-confidence simple rule-based monitors when another user asks Sally to monitor the same exact URL.
  • communicate with you about your account or the service.

We do not sell your personal information. When we reuse a proven setup, another user may receive a copied or adapted monitor configuration for the same exact URL, including reusable selectors, rules, extraction settings, alert logic, page snapshots or images, and related setup metadata. We replace personalized fields and do not show other users your identity, raw monitor descriptions or prompts, notification destinations, private account details, custom code, monitor results, run history, or URLs they have not independently submitted exactly.

When Sally offers a proven setup, it is based only on an exact public URL match. The create page may show only a redacted setup summary such as “New items on this page” or “Price updates on this page.” It does not make monitors searchable by domain, keyword, owner, or prompt.

3. Third-party services

Sally relies on a small number of third-party providers to operate. Using Sally means data is shared with them as needed:

  • Authentication, database, and storage providers — used for account data, monitor configuration, run data, snapshots, images, and related service records.
  • AI model providers— used to generate setup, suggestions, reconfiguration, semantic AI scans, and automatic health diagnoses. Depending on the workflow, the data sent may include the URL, your description or prompt, page HTML snippets or outlines, structured page data, generated configuration, notification copy, job IDs, previous configuration, errors, extracted data, alerts, and your feedback.
  • Proxy and browser automation infrastructure — used to load, render, proxy, and optionally fetch pages from chosen geographic regions for the pages you choose to monitor.
  • Email providers— used to deliver account emails, monitor alerts, and digests.
  • Webhook and chat destinations— if you configure one, that provider or endpoint receives the alert payload and metadata needed to deliver the notification.
  • Payment processors— used to process paid plans and customer billing records.
  • Hosting, analytics, and infrastructure providers — used for hosting, serverless or backend infrastructure, logs, product analytics, and performance measurement.
  • Single sign-on providers— only if you choose to sign in through a third-party account.

Each provider has its own privacy practices and may process data in jurisdictions different from yours.

4. Pages you choose to monitor

When you create a monitor, Sally fetches the URL you provide and stores the data points you ask it to extract. You are responsible for making sure you have the right to monitor that page and to store the data you collect from it.

Sally may store highlighted HTML previews, screenshots, and image assets while creating, configuring, repairing, or running a monitor. Some snapshot or asset URLs may be publicly accessible to anyone with the URL. Do not monitor pages containing secrets, private account content, confidential business information, sensitive personal information, or tokenized URLs.

Do not submit secret, tokenized, authenticated, or otherwise sensitive URLs if copying a reusable setup for the same exact URL would be sensitive. Sally does not make monitors searchable, but a user who independently submits the same exact URL may be offered a proven setup when one is available.

Do not use Sally to collect personal data about other people in ways that would violate privacy laws (for example, GDPR, CCPA, or similar laws in your jurisdiction).

If you monitor pages that contain personal information, you are responsible for having a lawful basis, giving any required notices, honoring applicable rights requests, and complying with any laws that apply to your use of that data.

5. Cookies and local storage

Sally uses authentication cookies to keep you signed in. We also use local storage and session storage for limited UI state, test-mode flags in non-production contexts, and analytics de-duplication. Analytics and performance measurement services help us measure product usage and performance. We do not use third-party advertising cookies.

6. Data retention

We keep account and monitor data for as long as your account is active or as needed to provide Sally. If you delete a monitor, it is hidden from your account immediately and may be recoverable for a short period, typically up to seven days, before its account-specific setup and stored results are purged. Deleting your monitor does not delete separate monitors that were already created in other users’ accounts through a proven setup for the same URL.

If you delete your account, we remove your account data within a reasonable period and may cancel your paid subscription, except where we need to retain limited records for legal, security, tax, accounting, chargeback, backup, or abuse-prevention reasons. Billing records may be retained by our payment processor and by us as legally required.

Operational logs are kept for security, debugging, abuse prevention, and reliability, then rotated out according to our operational needs and provider settings. Page snapshots, images, and other storage objects are cleaned on a best-effort basis and may remain longer when they are public-by-URL, shared, content-addressed, referenced by a live monitor, present in backups, or needed for security, debugging, or service integrity.

7. Security

We use industry-standard measures, including TLS in transit, managed authentication, hashed passwords, row-level security for client-facing database paths, and server-side authorization checks for privileged backend operations. Some backend operations use service-role access so Sally can run monitors, billing tasks, account deletion, and maintenance jobs. No system is perfectly secure, however, and we cannot guarantee absolute security. If you become aware of a security issue, please contact us at the address below.

8. Your choices and rights

You can, at any time:

  • edit or delete any monitor from your dashboard;
  • change your alert email or sign-in details;
  • delete your account from account settings when available;
  • request privacy help or deletion support by emailing us.

Depending on where you live, you may have additional rights under laws such as GDPR or CCPA — for example, the right to access, correct, export, or delete your personal data, or to object to certain processing. To exercise any of these rights, email us at the address below.

9. Children

Sally is not directed to children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from them.

10. International users

Sally is operated using providers based in the United States and other regions. By using Sally, you understand that your information may be processed in countries other than your own, which may have different data-protection rules.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by an updated “Last updated” date at the top of this page. Continued use of Sally after a change takes effect means you accept the updated policy.

12. Contact

Questions, requests, or concerns about privacy? Email us at support@sally.app.

See also our Terms of Service.