โ
Privacy commitment: BoltForce collects ZERO personal data, uses NO analytics, and transmits NO information to external servers. All data processing occurs entirely within your browser and between your browser and your own Salesforce org.
1
What We Do NOT Collect
BoltForce does not collect, transmit, store, or share:
- Personal information (name, email, address, phone number)
- Salesforce data (records, query results, org data)
- User credentials (passwords, security tokens)
- Usage analytics or telemetry
- Browsing history
- User behaviour tracking or IP addresses
- Device information or location data
2
Data Stored Locally (Your Browser Only)
BoltForce stores the following data locally in your browser using Chrome's storage API. This data never leaves your device:
User Preferences
- Theme selection (light/dark mode), default API version, CSV separator preference
- Keyboard shortcut configurations, feature visibility settings
Query History
- Last 50 SOQL queries you've run โ used to help you repeat common queries
- Stored only in your browser's local storage; can be cleared anytime via extension settings
Saved Queries
- SOQL queries you've explicitly saved, with user-defined names and descriptions
Connection Information
- Last used Salesforce org URL and org type (Production/Sandbox) โ for auto-reconnection convenience only
3
How We Access Salesforce
๐
BoltForce reads your Salesforce session cookie (sid) read-only to make authenticated API calls directly to Salesforce. The token is held in browser memory for the duration of your session and is never stored persistently, logged, or transmitted to any external server.
- Detection: When you visit a Salesforce page, BoltForce detects your active session
- API calls: Your session token is used to make authenticated REST API calls directly to Salesforce
- Direct communication: All API calls go from your browser โ your Salesforce org only
- No intermediaries: We do not route your data through any external servers
4
Permissions Explained
| Permission | Why it's needed |
|---|
| activeTab | Detects when you're on a Salesforce page to provide contextual features like field tooltips and quick actions. Only reads page metadata. |
| cookies | Reads Salesforce session cookies (read-only) to authenticate REST API requests. Tokens are used exclusively for Salesforce API calls and never transmitted externally. |
| storage | Saves preferences, saved queries, and SOQL history locally in Chrome's local storage. Data never syncs or transmits externally. |
| scripting | Injects helpful UI enhancements on Salesforce pages โ field tooltips, SOQL editor overlay, keyboard shortcuts, component locator. Scripts operate in an isolated sandbox. |
| contextMenus | Adds right-click menu options for quick actions like "Run SOQL" and "Copy Record ID". All operations use Salesforce's official APIs. |
| *.salesforce.com / *.force.com / *.cloudforce.com / *.visualforce.com | Required to interact with Salesforce domains for API calls and to inject the extension UI into Salesforce pages. |
5
Data Security
- All API calls use HTTPS โ direct browser-to-Salesforce communication, no man-in-the-middle servers
- All data operations occur within your browser; no data is sent to external servers or databases
- No analytics platforms, crash reporting services, advertising networks, or external CDNs
- The Extension uses Chrome Manifest V3, which enforces strict Content Security Policy and prohibits remote code execution
6
Your Data Rights
- Access: All data BoltForce stores is visible to you via the extension settings
- Delete specific data: Remove individual queries or settings from within the extension
- Delete all data: Extension settings โ "Clear All Data"
- Uninstall: Removes all extension data from your browser automatically
- Export: Settings โ Export Queries to save your saved queries as JSON
7
Children's Privacy
The Extension is not directed at children under the age of 13 and does not knowingly collect any information from children. It is a professional tool intended for Salesforce administrators and developers.
8
Changes to This Policy
If this Privacy Policy is updated, the revised version will be published at this URL with an updated "Last Updated" date. Given that the Extension collects no user data, material changes to this policy are unlikely.
Summary โ In Plain English
- We collect nothing: No personal data, no analytics, no tracking
- Everything stays local: All data in your browser only
- Direct to Salesforce: API calls go straight from you to your org
- You control your data: Clear it anytime from extension settings
- No backend: SCube operates no servers, databases, or infrastructure