TrailMeta

Security Policy

Your Salesforce org is the backbone of your business. Here's exactly how TrailMeta handles your data at every step.

Credential Handling

  • Your credentials are used once to establish a Salesforce session, then immediately discarded from the browser
  • The server holds only a Salesforce session token (not your password) for the duration of extraction
  • The password+token is kept encrypted in server memory (AES-256-GCM under a process-local key) so it can be used to auto-refresh expired Salesforce sessions — never written to disk, never logged
  • Only trusted Salesforce login URLs are accepted: login.salesforce.com, test.salesforce.com, and *.my.salesforce.com MyDomain URLs (SSRF guard)
  • All credentials are purged from server memory when extraction completes or after 4 hours, whichever comes first
  • All communication with Salesforce uses HTTPS/TLS 1.2+

Data Scope

  • Only metadata (schema definitions) is extracted — never record data
  • No contacts, leads, opportunities, accounts, or case records
  • No file attachments or documents
  • No Chatter messages or email content
  • No report or dashboard data

Processing & Storage

  • Extraction runs server-side in the background — you can close your browser and return later
  • All extracted data is encrypted at rest using AES-256-GCM with per-job encryption keys
  • Encryption keys are derived per job using HKDF-SHA256 — never stored, only derived on demand
  • Generated files are stored temporarily for download (48-hour expiry), then permanently deleted
  • No persistent database of your org metadata
  • Downloads are protected by a 6-digit PIN (CSPRNG-generated) and an HMAC-SHA256 download token — both are required for every download request
  • PIN lockout: 5 failed attempts trigger a 15-minute lockout, preventing brute-force even if the download link is leaked
  • Connection attempts are rate-limited to 5 per 15 minutes per IP to prevent credential stuffing
  • No analytics or tracking on extracted metadata content

AI Enrichment (Optional)

  • AI enrichment is opt-in — you can use extraction-only tier
  • Only structural metadata summaries are sent to Google Gemini
  • No business data, credentials, or PII is included in AI prompts
  • Google Gemini does not use API data for training
  • AI processing cost is shown before you confirm

Output Security

  • Generated markdown contains metadata only
  • Files are decrypted only at the moment of download — never stored in plaintext on disk
  • You own all generated output — no licensing restrictions
  • Output files are served via HTTPS
  • Download links expire after 48 hours and are limited to 5 downloads
  • No watermarking or tracking in output files

Known Limitations

  • TrailMeta currently does not require multi-factor authentication
  • The application does not yet support SSO/OAuth login (Salesforce credentials are entered directly)
  • We recommend using a dedicated integration user with read-only permissions
  • If the server restarts during extraction, the session is lost and you will need to reconnect

Have a security concern or want to report a vulnerability? [email protected]