KEELCADENCE | Impact Awareness

READ ME

This page explains what Impact Awareness collects, how long it keeps it, and how to request deletion. It is written for security reviewers, IT teams, and end users.

What data is collected

Impact Awareness reads Salesforce metadata only — it never reads record data.

  • The list of Salesforce objects you select for analysis
  • Field metadata (names, types, required flags) on those objects
  • Automation metadata: Flow definitions, Apex trigger names, Validation Rule logic, Workflow Rule names
  • Your Salesforce instance URL (e.g. https://yourorg.my.salesforce.com)
  • A temporary Salesforce session token — used only to make API calls, never stored to disk

Not collected: Salesforce record data, opportunity amounts, contact details, user passwords, org credentials beyond the temporary session token, or any data from fields that are not metadata.

Google Analytics 4 receives only anonymised page-path data. Run IDs, session tokens, org URLs, and object names are stripped before any analytics event fires. GA4 is opt-in for EU/EEA/UK/CH/BR visitors and opt-out for all others.

How long reports are retained

Generated XLSX report files and the associated analysis records are automatically deleted 30 days after the analysis was run. Deletion runs daily. After 30 days, neither the report file nor the run record can be recovered.

Session tokens (your Salesforce access token) are held only in server memory for up to 2 hours — the duration of an active analysis session. They are never written to disk or to the database.

How to request early deletion

To request early deletion of a report and its associated run record, email support@keelcadence.com with the subject line Impact Awareness — Deletion Request and include your Report ID (the 8-character code shown on your results page or in the download filename).

Requests are processed within 3 business days.

For IT and security reviewers

Impact Awareness uses a read-only Salesforce API session. No Connected App is installed. No data is written to your Salesforce org. The tool operates entirely within your existing Salesforce session permissions.

  • Network: outbound HTTPS only to *.salesforce.com (Metadata API)
  • Storage: SQLite database on the server; report files written to local disk; both purged after 30 days
  • Authentication: temporary Salesforce session token, in-memory only, TTL 2 hours
  • Payments: Stripe-hosted checkout — card details never touch this server

Full security details: keelcadence.com/security  ·  keelcadence.com/it-review

© 2026 KeelCadence LLC · Privacy Policy · Terms of Service