Privacy Policy

Last updated: March 2026

1. What We Collect

Account information: Email address, display name, and avatar when you sign in with Google.

Salesforce metadata: When you connect an org, we sync schema definitions, field structures, automation configurations (flows, triggers, validation rules), and dependency relationships.

2. What We Do NOT Collect

OrgSage never accesses, stores, or processes:

  • Customer records or data values from your Salesforce org
  • Personally identifiable information (PII) from your Salesforce records
  • Attachments, files, or documents stored in Salesforce
  • Salesforce user passwords or OAuth refresh tokens beyond the active session

We read metadata only — the structure and configuration of your org, not the data within it.

3. How We Use Your Data

  • Providing impact analysis, dependency mapping, and AI-powered insights
  • Detecting changes (drift) between metadata snapshots
  • Improving the accuracy and quality of our analysis algorithms
  • Sending transactional emails (notifications)

4. Data Retention

Metadata is retained while your org is connected. When you disconnect an org, all synced metadata and analysis history for that org is permanently deleted. Account data is retained until you delete your account.

5. Third-Party Services

  • Stripe — Payment processing. We do not store credit card numbers.
  • Anthropic (Claude) — AI analysis. Metadata context is sent for analysis and is not retained by Anthropic.
  • Resend — Transactional email delivery.

6. Cookies

We use essential session cookies to keep you logged in. We do not use tracking cookies or third-party analytics that track you across websites.

7. Security

Data is encrypted in transit (TLS) and at rest. Access tokens are encrypted with AES-256. We use HMAC-signed authentication tokens with short expiry windows.

8. Your Rights

  • Access: Request a copy of your data at any time
  • Deletion: Delete your account and all associated data
  • Portability: Export your analysis data in CSV or JSON format
  • Correction: Update your account information through settings

9. Children's Privacy

OrgSage is not intended for use by individuals under 16. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email. Continued use of the service after changes constitutes acceptance.

11. Contact

Questions about privacy? Contact us at privacy@orgsage.com.