Open beta — every feature free with your own AI API key. Beta software: expect (and report!) rough edges.

Privacy Policy

Last updated: July 2026

This policy explains what orgadmin.ai (“we”, “us”) collects, why, and what control you have over it. We aim to comply with the Australian Privacy Principles under the Privacy Act 1988 (Cth) and, where applicable, the GDPR.

What we collect

  • Account data — your name (optional), email address, and a bcrypt hash of your password. We never store your password in plain text.
  • Salesforce connection data — OAuth refresh tokens and your Connected App consumer secret, encrypted at rest with AES-256-GCM. Your Salesforce password is never entered into or stored by orgadmin.ai.
  • Org metadata — the metadata you choose to pull (object definitions, Apex source, flows, permissions, and similar), stored so browsing is fast. Record data returned by queries and grids is processed live and not persisted at rest.
  • Workspace content — org context notes, AI-learned facts, saved queries, dashboards, and table view definitions your team creates.
  • Usage data — AI token counts per user and an audit log of Salesforce API calls (endpoint, method, status, timestamp — never tokens).

How AI providers are involved

AI features send prompts — which may include org metadata context and your questions — to the AI provider your workspace administrator configures (for example Anthropic or OpenAI), under that provider's API terms. We do not train AI models on your data, and we only send what the configured feature needs to answer.

How we use data

To provide the service, keep it secure (audit logging, rate limiting, tenant isolation), meter AI usage against your plan, and communicate with you about your account. We do not sell personal information or share it with third parties for their marketing.

Retention and deletion

  • Disconnecting a Salesforce org revokes the token at Salesforce, deletes the stored secrets, and purges all cached metadata for that connection.
  • Deleting your account removes your personal data; workspace content you created may be retained for the workspace or deleted with it.
  • Audit logs are retained for security purposes.

Security

Credentials are encrypted at rest (AES-256-GCM), sessions use secure httpOnly cookies, every route enforces tenant isolation, and all Salesforce API access is audit-logged. Read more on our security page.

Your rights

You can access, correct, or delete your personal information, and complain to a supervisory authority (in Australia, the OAIC). Contact us at [email protected] and we'll respond promptly.

Changes

We'll update this page when the policy changes and adjust the date above. Significant changes will be announced in the app.


orgadmin.ai is an independent product. It is not affiliated with, endorsed by, or sponsored by Salesforce, Inc. Salesforce, Agentforce, Einstein and related marks are trademarks of Salesforce, Inc.