SFDevToolsSFDevTools

Privacy Policy

Last Updated: February 2026

This Privacy Policy describes how SFDevTools ("we", "us", or "our") collects, uses, and protects your information when you use our website at sfdevtools.com (the "Site").

INFORMATION WE COLLECT

Authentication Information

  • When you sign in through Google OAuth, we receive your email address, profile information, and name.
  • We only request essential OAuth scopes: email, profile, and openid.
  • Your Google authentication information is securely stored in our database.

Salesforce Connection Information

  • Session-Only Connections: If you select a session-only connection, we receive a temporary access token that is actively purged from our system the moment you log out. We do not request or store refresh tokens for this connection type.
  • Persistent Connections: If you opt for a persistent connection, we store your Salesforce access and refresh tokens to facilitate cross-session connectivity. These tokens are encrypted (AES-256-GCM) and stored securely using row-level security in our database.
  • We do not store Salesforce records. Metadata (like SObject describes) and query execution history are only stored on our servers if you explicitly opt into our caching or cloud-sync features.
  • By default, Salesforce data is streamed directly to your browser.

Technical Information

  • Log data is retained for limited periods:
  • Supabase logs: 1 hour retention
  • Deno logs: 1 day retention
  • We use analytics tools to understand how users interact with our service.
  • We collect standard technical information such as browser type, access times, and pages visited.

HOW WE USE YOUR INFORMATION

We use your information solely to:

  1. Authenticate you and maintain your account.
  2. Connect to your Salesforce organizations on your behalf.
  3. Provide our tools and services based on your configured storage preferences.
  4. Improve our website and user experience.
  5. Monitor and maintain the security of our service.

DATA STORAGE AND SECURITY

  • All cloud data is stored in Supabase's North America region.
  • We implement strict security measures including:
  • Row-level security policies.
  • Encrypted storage of sensitive credentials.
  • Limited service role access to Salesforce tokens.
  • Local Storage: When cloud synchronization for your query and Apex execution history is disabled, this data is stored exclusively in your browser's Local Storage. We do not have access to this locally stored data.
  • Cloud Caching: If enabled, temporary performance data is stored in our Redis cache and automatically purged upon expiration (TTL).

USER RIGHTS AND DATA DELETION

You have the right to:

  • Access your personal information.
  • Delete your account and associated data.
  • Request information about your data.

When you delete your account, we immediately remove:

  • Your user record and Google OAuth information.
  • Salesforce connection details.
  • Any associated cloud data (including synced history and active Redis caches).

THIRD-PARTY SERVICES

We use the following third-party services:

  • Google OAuth for authentication.
  • Supabase for database services.
  • Upstash Redis for optional performance caching.
  • Resend for sending magic link login emails.

These services may collect information as described in their respective privacy policies.

DATA PROTECTION

We do not:

  • Sell your personal information.
  • Share your data with third parties except as necessary to provide our service.
  • Process payments or store payment information.

CONTACT INFORMATION

For any questions about this Privacy Policy, please contact us at: Email: privacy@sfdevtools.com

CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.