TrailMeta

Privacy Policy

Last updated: April 8, 2026

1. What We Collect

TrailMeta collects the following information when you use our service:

  • Salesforce Metadata: Structural information about your org — object definitions, field schemas, flow definitions, Apex class metadata, trigger metadata, LWC component metadata, profile and permission set configurations, connected app configurations, and installed package information. This is schema-level data, not record-level business data.
  • Salesforce Credentials: Your username, password, and security token are used to authenticate with Salesforce APIs during your session. Credentials are held in memory only for the duration of the session and are never persisted to disk or transmitted to third parties.
  • Payment Information: If you purchase an extraction, payment is processed by our payment provider. We do not store credit card numbers.
  • Usage Data: Basic analytics about how you interact with the application (pages visited, features used, extraction tier selected).

2. What We Do NOT Collect

  • Record-level data (contacts, leads, opportunities, accounts, cases, or any business records)
  • Salesforce report or dashboard data
  • File attachments or documents stored in Salesforce
  • Chatter posts or messages
  • Email content

3. How We Use Your Data

  • Metadata Extraction: To generate structured markdown documentation of your Salesforce org architecture.
  • AI Enrichment (if selected): Metadata is sent to Google Gemini API for analysis. Google Gemini's data processing terms apply. No business data is included — only structural metadata.
  • Service Improvement: Anonymized, aggregated usage statistics to improve the product.

4. Data Storage and Retention

  • All extracted metadata is encrypted at rest using AES-256-GCM with per-job encryption keys derived via HKDF-SHA256.
  • No plaintext Salesforce data is stored on disk at any point during processing.
  • Generated output files are available for download for 48 hours, then permanently deleted.
  • We do not maintain a persistent database of your org metadata.
  • Encryption keys are derived on demand and never stored — deletion of job files is cryptographic shredding.

5. Third-Party Services

  • Salesforce APIs: We connect to your Salesforce org using the credentials you provide, via the jsforce library. All communication uses HTTPS.
  • Google Gemini API: If you select AI enrichment, metadata summaries are sent to Google's Gemini API for analysis.

6. Your Rights

You have the right to:

  • Know what data we collect about you
  • Request deletion of any data we hold
  • Opt out of AI enrichment (use extraction-only tier)
  • Disconnect your Salesforce org at any time

7. Contact

For privacy-related inquiries, contact us at [email protected].