Privacy & Terms
The data entered in the login mask, when the extension is active, is sent to the Salesforce servers and partially stored on our server in Germany. When you setup SF HotSwapper, we store the API credentials to your Salesforce instance as well as some configuration data. We do not store any other data. While dealing with personally identifiable information such as the username, we have taken every step to reduce the amount of information transferred and stored to a functional minimum. The service stores the needed OAuth tokens to access Salesforce and activate/deactivate users, as well as create the swappable group upon setup. In order to activate a user, the username is briefly passed from the browser extension to the backend API, and then to Salesforce. For better and optimized compliance with the API rate limits and speed, a non-revertible hash of the username is stored in the backend along with the organization ID. The API is designed not to disclose any information without a valid license key.
| Data | Storage / Transmission | Security Aspect |
|---|---|---|
| User Username | Is transmitted to the backend and further communicated to the Salesforce API. | The username is irreversibly hashed and stored with the organization ID. |
| Organization ID | Is stored on file for managing the OAuth tokens. | |
| OAuth and Refresh Token | Is stored on file for activating and deactivating users, as well as for the initial creation of the swappable group. | The connected app can easily be invalidated by an admin in the target organization. |
| License Key | Is stored on file. | Scoped license keys can be created for specific groups. |
| Organization Identifier | Is stored on file along with the organization ID. | Allows manual recognition of single entries. |
| Admin Username | Is stored in clear text on file. | For compliance and security reasons. |
| Instance URL | Is stored on file. | For the OAuth process. |
| Type of Environment | Is stored on file. | To retrieve the correct login URL. |