Back to Home

Security & FAQ

How we handle Salesforce access, what we store, and how to test or disconnect safely.

Last updated: January 28, 2026

Scoped Salesforce access

OAuth-only; we request api, refresh_token, offline_access. No passwords stored, optional components.

AES-256-GCM encryption

All sensitive data encrypted with AES-256-GCM (authenticated encryption). Tokens never logged; only hashes used for diagnostics.

Data stays minimal

We store org identifiers and dedupe result snapshots (record pairs & audit trail). No data resale.

Salesforce permissions we request

  • apiRead/write via standard REST endpoints for the objects you choose (Leads, Contacts, Accounts, etc.).
  • refresh_token & offline_accessAllows rotating the session without asking users to log in again.
  • Optional managed packageRuns over API by default; optional LWC components available for in-Salesforce experience.

Data handling

What we store

  • Org identifiers, instance URL, and the connected user ID/email for membership.
  • Encrypted Salesforce access & refresh tokens (managed keys, access tightly limited).
  • Dedupe artifacts: matched record snapshots and audit trail entries to explain actions.

How we protect it

  • TLS 1.3 in transit; AES-256-GCM encryption at rest. Tokens hashed when referenced in logs.
  • HttpOnly, Secure, SameSite cookies. Rate limiting on all endpoints. Input validation with schema enforcement.
  • Role-based access control with 65+ granular permissions. MFA for admin access.
  • Least-privilege OAuth scopes; recommend connecting a sandbox first.
  • Revoke anytime in Salesforce Connected Apps or contact us to purge stored data.

FAQ

Can I test this safely?

Yes, connect a sandbox first. We operate over the API and do not install a package.

Which objects do you read?

We start with suggested fields on Leads, Contacts, Accounts, Opportunities, and Campaigns, but you can build matching rules for any standard or custom object. We read the fields you configure for matching, plus any optional display fields you enable for the match review interface.

How do I disconnect?

Revoke the Connected App session inside Salesforce or email support@truerecord.app and we'll remove stored tokens and related org data.

Do you log my data?

Operational logs hash tokens and include only structural info (object names, counts). Record content stays in your org and in the dedupe snapshots we show you.

Do you send my data to AI models?

When AI matching is enabled, we send a text representation built from the fields used for AI embeddings (either your configured AI/both fields, or a small per-object default set) to OpenAI's Embeddings API to generate vectors for duplicate detection. When you request an AI explanation for a match, we send field comparison summaries (e.g., 'Name: John Smith vs Jon Smith') to Anthropic's Claude API to generate natural language explanations. We cache embedding vectors and explanation results so unchanged records aren't re-processed. Both OpenAI and Anthropic state that API data is not used to train models.

What about the validation add-ons (Phone, Email, Address)?

These are optional add-ons you can subscribe to. When enabled, we send only the specific data type to each provider: phone numbers to Twilio, email addresses to ZeroBounce, and address components to Google Maps. No other record data is included. You can disable these APIs at any time using the mode toggle in your Add-Ons settings, and no data will be sent to these services when disabled.

What if I accidentally subscribed with the wrong currency?

No problem! Contact us at support@truerecord.app and we'll fix it for you. We'll cancel your current subscription with a prorated refund for any unused time, update your account to the correct currency, and you can then re-subscribe at the correct local pricing. The whole process typically takes just a few minutes.

Merge & Data Safety

Deduplication tools can damage data if built carelessly. Here's how True Record protects your records:

Preview before action

See exactly what will change – field by field, record by record – before any merge executes. Review child records that will be moved.

Undo any merge

Every merge is reversible. We never hard-delete records – original data is preserved and can be restored from the audit log.

Full audit trail

Every action is logged; who merged what, when, why, and what changed. Export your audit history anytime.

Manual approval by default

No silent auto-merge. You control which matches require review. Auto-merge is opt-in with daily caps and approval workflows.

Role-based access

Limit who can merge, dismiss, configure, or revert. Custom roles available on Enterprise plans.

Legal & Compliance

We are committed to data protection and transparency. Review our legal documentation:

Privacy Policy

How we collect, use, and protect your data

Terms of Service

Terms governing your use of True Record

Cookie Policy

Information about cookies we use

Data Processing Agreement

GDPR-compliant DPA for enterprise customers

Subprocessors

Third-party services and data regions

GDPR Compliant

Data subject rights, encryption, audit trails

CCPA Compliant

California Consumer Privacy Act compliance

SOC 2

Actively pursuing SOC 2 Type II certification

ISO 27001

Working towards ISO 27001 certification

TLS 1.3 Encryption

All data encrypted in transit with modern TLS

OAuth 2.0 & SAML 2.0

Secure authentication via OAuth, SAML, or API keys

AES-256-GCM at Rest

Authenticated encryption with per-value IVs and integrity verification

Schema-Based Validation

All API inputs validated with strict type schemas before processing

Rate Limiting

Multi-layer protection against brute force and abuse

Need something specific?

Email security questions or reports to support@truerecord.app.

Contact Security