Privacy Policy

Last Updated: June 2026 (v1.17.0)

This Privacy Policy describes how SFDevTools ("we", "us", or "our") collects, uses, and protects your information when you use our website at sfdevtools.com (the "Site").

INFORMATION WE COLLECT

Authentication Information

  • When you sign in through Google OAuth, we receive your email address, profile information, and name.
  • We only request essential OAuth scopes: email, profile, and openid.
  • Your Google authentication information is securely stored in our database.

Salesforce Connection Information

  • Session-Only Connections: If you select a session-only connection, we receive a temporary access token that is actively purged from our system the moment you log out. We do not request or store refresh tokens for this connection type.
  • Persistent Connections: If you opt for a persistent connection, we store your Salesforce access and refresh tokens to facilitate cross-session connectivity. These tokens are encrypted (AES-256-GCM) and stored securely using row-level security in our database.
  • We do not store Salesforce records. Metadata (like SObject describes) and query execution history are only stored on our servers if you explicitly opt into our caching or cloud-sync features.
  • By default, Salesforce data is streamed directly to your browser.
  • Activity Ledger: We automatically record an immutable log entry for every mutating Salesforce operation you perform through SFDevTools (Data Porter imports, Apex Executor runs, SwitchBoard automation toggles). Each entry captures the org identifier, operation type, and outcome counts (records processed, successes, errors). Your actual Salesforce record payloads are never stored. Activity Ledger entries are retained for 90 days and automatically purged thereafter.

AI Agent Information

  • The AI Agent is an optional chat feature with read-only access to your connected Salesforce org data. It cannot create, update, or delete Salesforce records or metadata.
  • When you use the AI Agent, your chat messages and the results of any read-only data lookups it performs on your behalf are sent to the AI model provider you select (Anthropic or Google) to generate a response.
  • For questions spanning multiple connected orgs, the agent may delegate to sub-agents scoped to a single org; only their summarized answers are returned to the conversation.
  • We store your AI Agent conversations (threads and messages) in our database so you can resume them later. We also track aggregate token/usage counts to maintain your team's shared AI credit balance.
  • You can delete an AI Agent conversation at any time from within the app.
  • The agent can produce Artifacts — self-contained HTML deliverables saved to our database. Artifacts are deleted when their parent conversation is deleted.

AI Dashboards Information

  • AI Dashboards is an optional feature. When you describe a dashboard, your prompt and any read-only tool results used by the builder agent are sent to Anthropic or Google to generate a response.
  • The AI authors a structured layout and typed field bindings; it does not produce free-form SOQL. Actual Salesforce data queries are constructed by our backend from those structured bindings and executed under your own credentials.
  • We store dashboard layouts, field bindings, version history, and builder conversation history in our database, scoped to your team. Your Salesforce record data is never stored.
  • You can delete a dashboard at any time from within the app.

Technical Information

  • We use PostHog for fully anonymous product analytics to understand how features are used. No user identifiers, email addresses, or personal data are included in analytics events. Person profiling is disabled (person_profiles: "never")
  • We collect standard technical information such as browser type, access times, and pages visited.

HOW WE USE YOUR INFORMATION

We use your information solely to:

  1. Authenticate you and maintain your account.
  2. Connect to your Salesforce organizations on your behalf.
  3. Provide our tools and services based on your configured storage preferences.
  4. Improve our website and user experience.
  5. Monitor and maintain the security of our service.

DATA STORAGE AND SECURITY

  • The frontend application is hosted on Cloudflare Pages; all cloud data (database, cache) is stored on Railway infrastructure in the USA.
  • We implement strict security measures including:
  • Application-level tenant isolation on all user data.
  • Encrypted storage of sensitive credentials.
  • Limited backend access to Salesforce tokens.
  • Local Storage: When cloud synchronization for your query and Apex execution history is disabled, this data is stored exclusively in your browser's Local Storage. We do not have access to this locally stored data.
  • Cloud Caching: If enabled, temporary performance data is stored in our Redis cache and automatically purged upon expiration (TTL).

USER RIGHTS AND DATA DELETION

You have the right to:

  • Access your personal information.
  • Delete your account and associated data.
  • Request information about your data.

When you delete your account, we immediately remove:

  • Your user record and Google OAuth information.
  • Salesforce connection details.
  • Any associated cloud data (including synced history and active Redis caches).
  • All Activity Ledger entries associated with your account.
  • All AI Agent conversations and Artifacts associated with your account.
  • All AI Dashboards (including version history and builder conversations) associated with your account.

THIRD-PARTY SERVICES

We use the following third-party services:

  • Google OAuth for authentication.
  • Cloudflare Pages for frontend hosting.
  • Railway for backend API, database, and cache infrastructure.
  • Resend for sending magic link login emails.
  • PostHog for fully anonymous product analytics (no personal data or user identification).
  • Anthropic and Google (Gemini) to power the optional AI Agent chat feature, only when you choose to use it.

These services may collect information as described in their respective privacy policies.

DATA PROTECTION

We do not:

  • Sell your personal information.
  • Share your data with third parties except as necessary to provide our service.
  • Process payments or store payment information.

CONTACT INFORMATION

For any questions about this Privacy Policy, please contact us at: Email: privacy@sfdevtools.com

CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.