SECURITY & PRIVACY.

What this app reads from your Salesforce org

Field metadata (API names, labels, types, formula and encryption flags), page-layout assignments, field-level-security grants, and aggregate record counts (e.g. "how many Account records were modified in the last 30 days").

What this app never reads

The contents of any individual record. The audit engine only ever issues aggregate COUNT() queries and metadata queries — it cannot return a single field value because no query in the engine asks for one.

What this app stores

Your email (from your Salesforce identity), your org ID and instance URL, an encrypted refresh token (so you don't have to log in every time), and the aggregate results of audits you've run (field API names + counts, never values).

How to revoke access

Click Disconnect in the header of this app, or revoke the Connected App from Setup → Connected Apps OAuth Usage in your Salesforce org. Either path immediately invalidates the stored refresh token.

Where the data lives

On the KeelCadence-managed server that runs this app. Reports are kept for 90 days and then purged. Refresh tokens are encrypted at rest with Fernet (AES-128-CBC + HMAC) using a key that lives only in environment configuration.