โ
Short version: Your data never leaves your own browser except to go directly to your own Salesforce org or your chosen AI provider using your own API key. We collect nothing. We store nothing on our servers. We have no servers.
1
Overview
SCube Gmail SyncForce is a Chrome browser extension that bridges Gmail and Salesforce. This Privacy Policy explains what data the Extension accesses, how it is used, and what it never does with your data.
2
Data the Extension Accesses
The Extension reads the following data solely to perform its core function โ logging Gmail emails to Salesforce:
- Email content โ sender, recipients, subject, body text, and attachments of the currently open Gmail thread
- Gmail thread metadata โ thread ID used to detect duplicate logging
- Salesforce OAuth token โ obtained via OAuth 2.0; stored only in
chrome.storage.local on your device
- User settings โ AI provider choice, muting rules, theme, field mappings; stored locally only
- AI API keys โ Anthropic, OpenAI, or Google keys you optionally enter; stored locally only
3
How Data Is Used
- Salesforce logging โ email subject, body, and participant details are sent directly from your browser to your Salesforce org via the REST API to create Tasks
- Contact/Lead matching โ sender email addresses are sent to your Salesforce org in SOQL queries to find matching records
- AI summarisation โ when you click "Summarise Thread", the email body is sent to your chosen AI provider using your own BYOK API key
- Local activity log โ a log of logged emails is stored locally in
chrome.storage.local and displayed in the extension popup; never leaves your device
๐
All network requests go directly from your browser to either your Salesforce org or your AI provider. There is no intermediate server, proxy, or third-party service operated by SCube.
4
Data We Do NOT Collect
- We do not collect, transmit, or store any email content on any server we operate
- We do not collect analytics, usage metrics, crash reports, or telemetry of any kind
- We do not collect your Salesforce credentials, OAuth tokens, or AI API keys โ they remain on your device only
- We do not share any data with any third party except your own Salesforce org and your chosen AI provider (using your own key)
- We do not use cookies or tracking pixels
- We do not have user accounts, registration, or any server-side infrastructure
5
Permissions Explained
| Permission | Why it's needed |
|---|
| storage | Saves OAuth tokens, settings, AI API keys, and activity log locally on your device. Nothing is sent externally. |
| identity | Launches Salesforce OAuth 2.0 flow via chrome.identity.launchWebAuthFlow to obtain an access token. |
| tabs | Detects Gmail tab navigation to inject the extension button; opens linked Salesforce records in a new tab. |
| alarms | Powers the Send Later feature โ schedules a wake-up alarm to reopen and send a drafted email at the time you chose. |
| notifications | Shows a desktop notification when a Send Later email fires or an auto-log completes. |
| mail.google.com | Runs the content script that injects the SyncForce sidebar and Log button into Gmail threads. |
| *.salesforce.com / *.force.com | Makes REST API calls to your Salesforce org for SOQL queries, Task creation, file uploads, and Chatter posts. |
| api.anthropic.com / api.openai.com / generativelanguage.googleapis.com | Sends email thread text to your AI provider using your own BYOK API key, only when you click Summarise. |
6
Data Storage & Retention
All data stored by the Extension lives exclusively in chrome.storage.local on your device:
- OAuth token โ retained until you click "Disconnect" in the popup or uninstall the Extension
- Settings and API keys โ retained until you clear them or uninstall the Extension
- Activity log โ retained locally; you can clear it from the Activity tab at any time
Uninstalling the Extension removes all locally stored data automatically via Chrome's standard extension lifecycle.
7
Third-Party Services
The Extension communicates with the following third-party services solely on your instruction and using your own credentials:
- Salesforce โ your own org. Governed by your Salesforce agreement and Salesforce's Privacy Policy.
- Anthropic Claude API (optional, BYOK) โ governed by Anthropic's Privacy Policy.
- OpenAI API (optional, BYOK) โ governed by OpenAI's Privacy Policy.
- Google Gemini API (optional, BYOK) โ governed by Google's Privacy Policy.
The Extension does not use any analytics, advertising, or tracking SDKs.
8
Security
- All communication with Salesforce and AI providers uses HTTPS/TLS
- OAuth tokens and API keys are stored only in
chrome.storage.local, sandboxed to the Extension
- The Extension uses Chrome Manifest V3, which prohibits remote code execution
- No Consumer Key or Consumer Secret is hardcoded in the Extension
9
Children's Privacy
The Extension is not directed at children under the age of 13 and does not knowingly collect any information from children. It is a professional productivity tool for Salesforce users in a business context.
10
Changes to This Policy
If this Privacy Policy is updated, the revised version will be published at this URL with an updated "Last Updated" date. Continued use of the Extension after any changes constitutes acceptance of the updated policy.