Privacy Policy

Effective Date: June 5, 2025

This Privacy Policy describes how Salesforce Validation Doc Generator, Salesforce Flow Assistant, and Permission Pilot (each an “Extension” and collectively, the “Extensions”)—available at extensions.sfkit.com—collect, use, and share information when you use them in Google Chrome.

1. Information We Collect

• Validation Rule Data (Validation Doc Generator): When you click “Generate Documentation” on a Salesforce Validation Rule Detail page, the Extension extracts the rule’s name, error message, description, and formula.
• Flow Metadata (Flow Assistant): When you request a flow summary, the Extension captures variable names, record operations (create/update/delete), flow type, and entry criteria directly from the Flow Builder canvas.
• Permission Data (Permission Pilot): When you click “Analyze Permissions” on a Salesforce object or field, Permission Pilot extracts object-level and field-level permission information (e.g., which profiles and permission sets have Create, Read, Edit, Delete, View All, and Modify All access to that object/field).
  • Local Processing Only: All permission data is processed entirely within your browser and is not transmitted to any server.
  • In-Memory Caching: Frequently analyzed objects are cached in RAM (for up to four hours) so that repeated analyses are faster. This cache resides only in your local browser session.
• No Other Personal Data: None of the Extensions collect or store any other personal information such as your name, email address, or usage analytics beyond the metadata described above.

2. How We Use Your Data

• Validation Doc Generator: To generate documentation for your Salesforce validation rules by leveraging the Fireworks.ai service. We do not persist or log your validation rule data on our servers beyond the duration of the single API call.
• Flow Assistant: To assemble a structured summary of your Flow Builder metadata (variables, operations, entry criteria) and then display an AI-generated plain-English description. We do not retain or log any Flow metadata on our servers after the response is returned to your browser.
• Permission Pilot: To compile permission matrices (object-level and field-level) and display them directly in your browser window. Since Permission Pilot runs entirely via Chrome’s content scripts and optional scripting (if you grant that permission), all extraction and processing happen locally. We do not send any permission data to our servers.

3. Cookies and Tracking

None of the Extensions use cookies, localStorage, or any client-side tracking mechanisms. The server proxy endpoint (used by Validation Doc Generator and Flow Assistant) only processes the JSON payload you send and does not set or read any cookies.

4. Data Sharing & Third Parties

• Fireworks.ai (Validation Doc Generator & Flow Assistant): Your extracted metadata (validation rule or flow data) is forwarded to Fireworks.ai (https://api.fireworks.ai) only for AI processing under their own privacy policy. We do not share your data with any other third parties.
• Permission Pilot: Does not communicate with any external service. No permission data ever leaves your browser. We do not share, log, or sell permission data to any third parties.

5. Data Retention

Validation Doc Generator & Flow Assistant: We do not retain your validation rule or flow metadata after the AI response is returned. There is no server-side log of your metadata beyond the single, ephemeral API call.

Permission Pilot: All permission data remains in your browser’s memory (RAM) and is discarded when you close Chrome or reload the extension. We do not store permission data on any server or disk.

6. Security

• HTTPS Everywhere: All communications between your browser, our proxy server, and Fireworks.ai occur over HTTPS/TLS.
• Secure API Key Storage (Validation Doc Generator & Flow Assistant): Your Fireworks.ai API key is stored only as an environment variable on our server and never appears in client-side code.
• Client-Side Only (Permission Pilot): Since Permission Pilot performs all of its work using Chrome’s content scripts (and optional scripting calls), permission data remains strictly on your local machine. No data is logged or transmitted externally by Permission Pilot.

7. Your Rights

Because we do not store or persist any personal data beyond a single, transient API call, there is no personal information to access, correct, or delete. If you have questions or concerns about how your metadata is handled, you may contact us as outlined below.

8. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our Extensions or legal requirements. The “Effective Date” at the top will indicate when the last changes took effect. Please review this page regularly to stay informed.

9. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, you can reach us at:

Email: privacy@extensions.sfkit.com
Website: extensions.sfkit.com