hudec117
commented
8 months ago No data is stored by the extension in the browser (apart from in-memory during use) and no data is transferred to third-party (i.e. non-Salesforce) servers. All communication is secured using HTTPS/TLS, so in theory the unencrypted (plain text) data is only visible in your Salesforce org and in the extension when it is used. Please see below an extract of all the network calls the extension makes when it runs the report:
The first network request is to the SOAP API's getUserInfo resource which may contain the running user's PII as described here: https://developer.salesforce.com/docs/atlas.en-us.api.meta/api/sforce_api_calls_getuserinfo.htm
The only other piece of PII is the target user's username which is queried and displayed on the refresh button.
Describe the bug Could you describe how data is processed and archived by this extension? We're worried about user profile data according to GDPR. There is no information about that in Readme.md nor a Security.md.
Expected behavior How is communication secured? A description of the data gathered, processed, and archived by the application. Is any data processed outside Salesforce and user computer? If any data is archived outside Salesforce, the data archived outside, how it is archived and secure mensures to protect user data? A description on security mensures for data in transit and at rest.
Screenshots
Desktop (please complete the following information):