← Back to home

SF Copier — Privacy Policy

Effective date: 2025-12-07

SF Copier is a Chrome extension that helps you copy Salesforce Reports and Dashboards between folders within your own Salesforce organization.

Data we process

• Salesforce session cookies (sid) to authenticate API requests when you are logged into Salesforce
• Authentication tokens returned by Salesforce OAuth (access token, optional refresh token) as a fallback authentication method
• Salesforce authentication result, including your Salesforce email address, needed to operate the extension and improve reliability
• Non-sensitive configuration such as Salesforce API version and login domain
• Operational metadata needed to prepare and copy selected Reports/Dashboards

How we use and store data

• Session cookies are read directly from your browser to authenticate with Salesforce APIs. They are not transmitted to any external servers.
• OAuth tokens and configuration are stored locally in your browser using chrome.storage.local.
• We store the Salesforce authentication result (including the Salesforce email address) to keep you signed in and improve the extension's reliability.
• All Salesforce API requests are made directly from your browser to your Salesforce domains (e.g., *.salesforce.com, *.lightning.force.com).

Permissions

• cookies: used to read Salesforce session cookies for automatic authentication when you are logged into Salesforce.
• identity: used to perform OAuth with Salesforce via Chrome's launchWebAuthFlow as a fallback authentication method.
• storage: used to persist tokens, session info, and user configuration locally.
• Host permissions: limited to Salesforce domains to enable reading cookies and making API calls required for copying metadata.

Third-party services

The extension communicates only with Salesforce APIs under your control.

Access and revocation

• You can sign out from the extension at any time, which removes stored tokens and session data from local storage.
• Cookie-based authentication is automatic when you are logged into Salesforce. Logging out of Salesforce will end the session.
• You can revoke OAuth access in Salesforce Setup → Connected Apps → OAuth connected apps by removing the granted permission for your user.

Security practices

• OAuth uses Authorization Code with PKCE.
• All data is stored only in chrome.storage.local on your device.
• Session cookies are only read, never modified or transmitted externally.

Contact

For privacy-related questions, please contact the developer via the email listed on the Chrome Web Store listing.

Last updated: 2025-12-07