Privacy notice

SF Agent processes account details, authentication data, run history, uploaded inputs, generated artifacts, and Salesforce connection metadata needed to operate the service. Sensitive credentials such as API keys, OAuth secrets, refresh tokens, and private keys are intended to be stored as write-only secrets rather than displayed back to users.

We use Salesforce org connection data, audit events, working-set context, and deployment results to support delivery, troubleshooting, review, and governance. Depending on your tenant controls, model providers may receive summarized or approved implementation context as part of the AI planning workflow.

Customers remain responsible for configuring retention, deployment scope, external model access, and org permissions in a manner appropriate for their own security requirements. If you need contract-specific privacy terms, data residency language, or a vendor security review package, that should be handled through your commercial agreement.

Privacy questions, deletion requests, or security review requests can be sent to support@sfagent.dev or security@sfagent.dev.