KEELCADENCE
| Impact Awareness

Trust & Security

Security Details

For IT teams and security reviewers evaluating KeelCadence Impact Awareness.

What This Tool Does — and Does Not Do

The report reviews selected-object readiness signals from metadata and configuration. It does not simulate record saves or export individual record values.

Authentication Method

Impact Awareness uses a JavaScript bookmarklet that extracts the active Salesforce session token from your browser while you are logged in to Salesforce. This token is transmitted over HTTPS to the Impact Awareness server and held in server memory. It is equivalent in scope to any API call you would make as yourself — it does not grant elevated privileges beyond your own user profile.

The token is not logged, not written to disk, and expires from memory after 2 hours regardless of session activity.

API Calls Made

The tool queries the Salesforce Tooling API and Metadata API using standard REST calls. Specifically:

No RecordType, ContentDocument, Attachment, or record-level API calls are made. No SOQL queries against record data are executed.

Network & Hosting

Impact Awareness runs on Replit Reserved VM infrastructure in the United States. All traffic is served over HTTPS with TLS 1.2+. No data is transmitted to third parties except Stripe (payment processing) and Google Analytics 4 (optional, user-consented, with sensitive parameters stripped).

Frequently Asked Questions

Does KeelCadence export Salesforce records or files?
No. KeelCadence does not export customer records, files, attachments, emails, Chatter content, or transactional data. Reports are based on Salesforce metadata, configuration, automation metadata, and aggregate counts where needed for diagnostic scoring.

Does the tool access record-level data at any point?
No. No SOQL queries against record data are executed. The tool calls the Salesforce Metadata API and Tooling API only — both return configuration and structural information, not record values.

What happens to the session token after the analysis?
The session token is held in server memory for up to 2 hours, then discarded. It is never written to disk, logged, or retained beyond the analysis window.

Questions

For IT review questions or security documentation requests, email support@keelcadence.com. We respond within 1 business day.