Security & trust at SchemaForce
We connect to your Salesforce org to document its schema — not to read your data. This is how we secure that connection, who we rely on, and where we are on the road to SOC 2.
Compliance status
SOC 2 — readiness in progressWe are pursuing a SOC 2 examination by an independent CPA across the Security, Availability, and Confidentiality criteria. We don’t display a certification we haven’t earned — this page tracks our real, current posture, and our report will be available here (on request) once issued.
Protection against unauthorized access.
The system is available for operation and use.
Information designated confidential is protected.
How we protect your data
Metadata only — never your records
We read the shape of your Salesforce org (objects, fields, relationships, permissions) through a strict SOQL allowlist. Record data is structurally out of reach.
Encrypted at rest and in transit
OAuth tokens are encrypted with AES-256-GCM in an isolated database schema not exposed by our public API. All traffic is TLS, with HSTS in production.
Tenant isolation by default
Every row is scoped to an account and enforced by Postgres row-level security — one tenant can never read another’s metadata.
Least privilege & read-only
Role-based permissions with a read-only fail-safe. The single write back to your org (a field description) requires an explicit, separately-gated permission.
MFA & enterprise identity
Multi-factor auth is available to every user and required for administrators. SSO (SAML/OIDC) and SCIM provisioning are available for enterprise plans.
Audit trail
Security-relevant events and schema changes are recorded in append-only logs for accountability and evidence.