Privacy and data

• source code
• raw diffs
• raw model transcripts
• raw stdout or stderr
• auth probe output
• secrets or full token values

Metadata bundles can include repository slug, install id, report kinds, event counts, reviewer/lens names, verdicts, useful finding counts, false-positive counts, latency, spend, and lane-policy recommendations when the local tool has that data.

code-mower cloud upload stays in dry-run mode unless a user passes --yes. Report text is not included unless a user explicitly passes --include-reports, and the hosted service may still discard report text depending on retention settings.

The routine code-mower cloud dogfood command follows the same safety posture: it previews metadata by default and uploads only when a user reruns it with --yes.

CodeMower.com uses team ingest tokens. The service stores token hashes and short prefixes, not full token values. Teams can revoke tokens without rotating every local installation.

Signed-in team members can export their team's uploaded metadata from the dashboard. Team owners and admins can delete uploaded team metadata; associated report summaries and benchmark events are removed by database cascade. v0.5 keeps uploaded metadata until a team deletes it or the operator applies a future retention job. Report text storage remains disabled by default.

The public OSS data contract lives in docs/cloud-data-contract.md.

Ready to try it? Follow the early adopter setup.