Privacy Policy

Last Updated: January 27, 2026

1. Introduction

At OrgCentri ("we," "us," or "our"), we believe that your Salesforce metadata and security configurations are your intellectual property. We have built OrgCentri with a "Local-First" architecture to ensure maximum privacy and security. This Privacy Policy explains how OrgCentri handles your data when you use our desktop application.

2. Our "Local-First" Promise

We do not transmit your Salesforce data to our servers. OrgCentri operates entirely on your local machine (macOS or Windows). When you use the application to scan, audit, or analyze your Salesforce organization:

  • All Data Stays Local: The application fetches metadata directly from Salesforce APIs to your computer.
  • No "Phone Home": We do not have a backend server that receives, processes, or stores your Salesforce metadata, snapshots, or analysis results.
  • Direct Connection: The application connects directly to Salesforce instances using standard OAuth protocols. We do not proxy your traffic.

3. Data Collection

3.1. Salesforce Data

We strictly do not collect, store, or transmit your Salesforce data. All Salesforce metadata (Profiles, Permission Sets, Logic, etc.) remains on your device in a local encrypted database.

3.2. Authentication Tokens

Your Salesforce OAuth tokens (Access and Refresh tokens) are stored securely on your local device using your operating system's native keychain (macOS Keychain or Windows Credential Manager). We never see or store these credentials.

3.3. License Validation & Updates

To prevent piracy and enforce license limits, the Application is NOT 100% offline. It makes strictly limited network requests to the following trusted providers:

  • Lemon Squeezy (Merchant of Record): When you activate a key, the Application transmits your License Key and a unique hardware identifier (Device ID) to Lemon Squeezy's API to validate your status.
  • GitHub (Updates): The Application periodically connects to GitHub Public APIs to check for the latest version. This transmits your current App Version and Operating System type (e.g., macOS/Windows).
  • No Salesforce Data: Crucially, these requests NEVER contain any Salesforce metadata, scan results, or PII.

4. Third-Party Services & Data Processors

While OrgCentri is Local-First, we use select third-party infrastructure for specific non-business functions:

  • Salesforce APIs: For fetching metadata (Direct Connection from your device).
  • Lemon Squeezy: For payment processing and license key validation.
  • GitHub: For delivering software updates.
  • Cloudflare: For website hosting and website analytics (privacy-preserving).

5. Your Data Rights

Since we do not store your data, there is nothing for us to delete or export. You have full control over the data stored locally on your machine. You can delete all application data at any time by uninstalling OrgCentri and removing the local application data folder.

6. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Email: contact@orgcentri.ai

Website: orgcentri.ai

OrgCentri | Enterprise Salesforce Governance & Security