Last updated: June 2026
SchemaForce is a business-to-business software service. We connect to a customer’s Salesforce organization (an “org”) using OAuth and build a data dictionary, change history, and an AI assistant over that org’s metadata. This Privacy Policy explains what information SchemaForce, LLC (“SchemaForce,” “we,” “us,” or “our”) collects, how we use it, and the choices and rights you have.
This policy covers our public marketing website and the SchemaForce application (together, the “Service”). It does not cover third-party websites, products, or services that we link to or that you separately choose to connect, each of which has its own privacy practices.
This Privacy Policy is provided for transparency and is not a contract. The terms governing your use of the Service are set out in our Terms of Service, and, where we process personal data on a customer’s behalf, in our Data Processing Agreement (DPA). If there is any conflict between this policy and those agreements, those agreements control.
Under data protection law, the same company can play different roles for different kinds of data. SchemaForce plays two roles, and it is important to understand the difference because our Service connects to your Salesforce org on your behalf.
Data we control. For information about your relationship with SchemaForce — your account details, billing information, product usage and analytics, support communications, and cookies — we act as the data controller. We decide why and how that information is processed, and this Privacy Policy governs it.
Data we process for you. For the Salesforce metadata you connect, the customer is the controller and SchemaForce acts as a processor, processing that metadata only on the customer’s documented instructions and as described in the Data Processing Agreement. This includes the data dictionary we build, the change history (change events), permission and dependency data, the AI-generated field descriptions and search embeddings we derive from that metadata, and the encrypted OAuth tokens for the connection.
Because the customer is the controller of the connected metadata, requests from a customer’s individuals about that data should be directed to the customer, not to SchemaForce. We will assist our customers in responding to such requests as required by the Data Processing Agreement.
Information you provide. When you create an account, we collect your name, email address, and your login credentials — either a password or the identity from your single sign-on or OAuth login provider — along with multi-factor authentication settings if you enable them. When you work in a team workspace, we collect workspace details and the role assigned to each member. If you contact us for support, we collect the contents of those communications and any information you choose to include.
Billing information. Subscription payments are handled by our payment processor, Stripe. Stripe collects and processes your payment details directly; SchemaForce does not receive or store full card numbers. We retain limited billing records such as your plan, subscription status, and invoices needed to manage your account.
Information we collect automatically. As you use the Service we collect product usage and analytics data through PostHog — for example, events such as signing in, connecting an org, or asking the assistant a question — together with technical details such as your IP address, browser and device information, and the pages you view. We also use cookies and similar technologies as described in the “Cookies and tracking” section below.
Salesforce metadata you connect. When you connect a Salesforce org, we read its metadata — the definitions of objects, fields, relationships, picklists, permissions, and dependencies, along with descriptions and configuration. We do not read, store, or transmit the contents of your Salesforce records or any customer or personal data values held in those records. We process this metadata on the customer’s behalf, and we store the OAuth tokens for the connection in encrypted form.
To operate and provide the Service — to authenticate you, maintain your account and workspaces, build and serve your data dictionary, change history, and assistant, and deliver the features you use.
To secure the Service — to protect accounts, detect and prevent fraud, abuse, and unauthorized access, and maintain the integrity and reliability of our systems.
To provide support — to respond to your questions, troubleshoot issues, and communicate with you about your account.
To understand and improve the Service — to analyze how features are used, diagnose problems, and develop improvements, primarily through aggregated and product analytics.
To communicate with you — to send transactional and service messages (such as security, billing, and account notices) and, where permitted, product updates, each handled by our email provider.
To comply with law — to meet our legal, tax, accounting, and regulatory obligations and to establish, exercise, or defend legal claims.
We use the connected org’s metadata only to provide the Service to the customer on the customer’s instructions — to build and maintain the dictionary, generate field descriptions, answer questions, and produce search embeddings — and not for our own independent purposes.
Several SchemaForce features use third-party AI providers — currently Anthropic and OpenAI — to draft field descriptions, power the assistant’s answers, and build the search embeddings used to find fields. To do this, we send these providers metadata such as field names, labels, and types.
We do not send the contents of your Salesforce records, or any customer or personal data values held in those records, to the AI providers. Only metadata definitions are used by these features.
We access these providers through their commercial APIs, and the metadata we send is not used to train their general-purpose models. Each provider processes this data under its own terms.
If you are in the European Economic Area or the United Kingdom, we process personal data for which we are the controller under one or more of the following legal bases.
Performance of a contract — to provide the Service to you and to administer your account and our agreement with you.
Legitimate interests — to secure, maintain, and improve the Service, to understand how it is used, and to communicate with you, where those interests are not overridden by your rights and freedoms.
Consent — where we ask for it, for example for certain analytics or optional communications; you may withdraw consent at any time without affecting prior processing.
Legal obligation — to comply with applicable laws, such as tax, accounting, and record-keeping requirements.
Where we act as a processor of connected metadata on a customer’s behalf, the customer, as controller, is responsible for establishing the legal basis for that processing.
We do not sell your personal information, and we do not share it for cross-context behavioral advertising. SchemaForce runs no advertising and uses no ad networks; a “sale” or “share” of personal information in the sense used by California law does not occur.
We share information with the service providers (sub-processors) that help us operate the Service, each for a limited purpose and under contractual confidentiality and data-protection obligations. We describe them below.
Supabase — provides our database, authentication, and application hosting; processing in the United States.
Stripe — processes subscription payments and billing.
Anthropic — provides AI features (drafting field descriptions, the assistant, and search embeddings); only metadata such as field names and labels is sent, never record values.
OpenAI — provides AI features (drafting field descriptions, the assistant, and search embeddings); only metadata such as field names and labels is sent, never record values.
WorkOS — provides single sign-on for accounts that use it.
Resend — delivers transactional and product emails.
PostHog — provides product analytics; processing in the United States.
Customer-directed connections. Some integrations operate only if a customer chooses to enable them. Salesforce is the data source you connect to use SchemaForce at all. Google is used only if you connect it, to export to Google Sheets. Slack is used only if you connect it, to deliver alerts. When you enable these, data flows to those services at your direction and subject to their own privacy practices.
We may also disclose information to comply with applicable law, regulation, legal process, or enforceable governmental request; to enforce our agreements and policies; to protect the rights, property, and safety of SchemaForce, our users, or others; and in connection with a merger, acquisition, financing, reorganization, or sale of assets, in which case we will require the recipient to honor commitments consistent with this policy.
SchemaForce and its key sub-processors operate primarily in the United States, so information we collect is processed and stored there and in other locations where we or our sub-processors operate.
If you are located in the EEA, the United Kingdom, or another region with data-transfer restrictions, transfers of your personal data to the United States and other countries rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses and the UK Addendum, together with supplementary measures as needed.
We retain account and workspace data for which we are the controller while your account is active and for a reasonable period afterward as needed to satisfy legal, tax, accounting, and billing obligations, to resolve disputes, and to enforce our agreements; after that, we delete or anonymize it.
For a connected org, we retain the org’s metadata for as long as the org remains connected. When you disconnect the org, request erasure, or close the account, we delete or de-identify that metadata in accordance with our standard processes and the Data Processing Agreement.
AI-generated field descriptions, embeddings, and other artifacts we derive from a connected org’s metadata follow the same lifecycle as the metadata they are derived from and are removed when that metadata is removed.
Backups and logs may persist for a limited additional period under our routine retention cycles before being overwritten.
We take protecting your information seriously and apply technical and organizational safeguards designed to match the sensitivity of the data we handle.
OAuth tokens for connected Salesforce orgs, and any Google or Slack credentials you provide, are encrypted at rest using AES-256-GCM and stored in an isolated database schema that is not exposed by our public API. Data is encrypted in transit using TLS.
We isolate tenants from one another using database row-level security, so a workspace’s data is not accessible to other workspaces. API keys you create are stored only as a hash and are shown to you in full only once at creation; we cannot recover them afterward.
No method of transmission over the internet or method of electronic storage is completely secure, so while we strive to protect your information we cannot guarantee its absolute security. If you believe your account or data may have been compromised, or you have a security concern, please contact us at privacy@schemaforce.com.
Depending on where you live, you may have rights over your personal information. For data we control, you can exercise the rights described below by contacting us at privacy@schemaforce.com; we may need to verify your identity before acting on a request.
If you are in the EEA or the United Kingdom, you may have the right to access your personal data, to correct inaccurate data, to request erasure, to restrict or object to certain processing, to data portability, and to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with your local data protection supervisory authority.
If you are a California resident, you may have the right to know about and access the personal information we have collected, to request its deletion, and to request correction of inaccurate information. Because we do not sell or share personal information, there is no sale or share for you to opt out of, and we will not discriminate against you for exercising your rights.
For personal data we process on a customer’s behalf — in particular the connected Salesforce metadata — the customer is the controller. If you are an individual associated with one of our customers, please direct your rights requests to that customer; we will assist the customer in responding as required by the Data Processing Agreement.
We use a small set of cookies and similar technologies. The active_org cookie is functional and remembers which connected org you have selected. Supabase authentication and session cookies are essential to keep you signed in. Short-lived OAuth state cookies are essential to securely complete the Salesforce, Google, and Slack connection flows. A theme preference cookie is functional and remembers your light or dark mode choice. PostHog cookies support product analytics.
For a fuller description of each cookie and how to manage your preferences, see our Cookie Policy at /cookie-policy.
Some browsers and extensions send a “Do Not Track” (DNT) or Global Privacy Control (GPC) signal. Because there is no common industry standard for DNT, the Service does not respond to DNT signals. Because we do not sell or share your personal information, a GPC signal does not change how we handle it.
The Service is intended for business use and is not directed to children. We do not knowingly collect personal information from anyone under the age of 16. If you believe a child has provided us with personal information, please contact us at privacy@schemaforce.com and we will take appropriate steps to delete it.
We may update this Privacy Policy from time to time to reflect changes to our practices, our Service, or legal requirements. When we make changes, we will revise the “Last updated” date above, and, for material changes, we will provide a more prominent notice as appropriate.
We encourage you to review this policy periodically. Your continued use of the Service after an update takes effect means you acknowledge the revised policy.
If you have questions about this Privacy Policy or how we handle your information, you can reach us at privacy@schemaforce.com, or at support@schemaforce.com for general support.
You can also write to us at SchemaForce, LLC.