Trust & Security
Security Details
For IT teams and security reviewers evaluating KeelCadence Impact Awareness.
What This Tool Does — and Does Not Do
- Reviews Salesforce metadata and aggregate configuration signals — not customer records or transactional data
- Does not export customer records, files, attachments, emails, Chatter content, or transactional data
- Reads Salesforce metadata only — never individual record values or PII
- Never writes to your Salesforce org — no records created, updated, or deleted
- No Connected App installation required — uses a session bookmarklet
- No managed package, no AppExchange listing, no code deployed to your org
- No Apex execution on your org
- No Flow execution on your org
- Session token held in server memory for 2 hours, never written to disk
- Stripe processes all payments — we never receive card details
The report reviews selected-object readiness signals from metadata and configuration. It does not simulate record saves or export individual record values.
Authentication Method
Impact Awareness uses a JavaScript bookmarklet that extracts the active Salesforce session token from your browser while you are logged in to Salesforce. This token is transmitted over HTTPS to the Impact Awareness server and held in server memory. It is equivalent in scope to any API call you would make as yourself — it does not grant elevated privileges beyond your own user profile.
The token is not logged, not written to disk, and expires from memory after 2 hours regardless of session activity.
API Calls Made
The tool queries the Salesforce Tooling API and Metadata API using standard REST calls. Specifically:
- Flow and FlowDefinition metadata (name, type, status, last modified)
- ApexTrigger metadata (name, object, status, body for reference detection only)
- ValidationRule metadata (name, object, error condition formula)
- CustomField metadata (formula fields, required flags, lookup relationships)
- WorkflowRule metadata (name, object, trigger type)
- ApprovalProcess metadata (name, object, entry criteria)
- DescribeSObject for object and field enumeration
No RecordType, ContentDocument, Attachment, or record-level API calls are made. No SOQL queries against record data are executed.
Network & Hosting
Impact Awareness runs on Replit Reserved VM infrastructure in the United States. All traffic is served over HTTPS with TLS 1.2+. No data is transmitted to third parties except Stripe (payment processing) and Google Analytics 4 (optional, user-consented, with sensitive parameters stripped).
Frequently Asked Questions
Does KeelCadence export Salesforce records or files?
No. KeelCadence does not export customer records, files, attachments, emails, Chatter content, or transactional data. Reports are based on Salesforce metadata, configuration, automation metadata, and aggregate counts where needed for diagnostic scoring.
Does the tool access record-level data at any point?
No. No SOQL queries against record data are executed. The tool calls the Salesforce Metadata API and Tooling API only — both return configuration and structural information, not record values.
What happens to the session token after the analysis?
The session token is held in server memory for up to 2 hours, then discarded. It is never written to disk, logged, or retained beyond the analysis window.
Questions
For IT review questions or security documentation requests, email support@keelcadence.com. We respond within 1 business day.