Stood Flows is a dedicated architectural analysis utility designed to provide visibility and optimization for Salesforce Organizations while maintaining a Zero-Persistence footprint for business data. By strictly decoupling technical metadata from business records, Stood Flows ensures that sensitive information—including PII, financial data, and commercial intel—never enters our permanent storage. Built on a foundation of "Read-Only" technical constraints and hosted exclusively within the European Economic Area (EEA), the platform offers enterprise-grade transparency into system health without the security risks associated with traditional data ingestion or third-party exposure.
Stood Flows is committed to the highest standards of data privacy and security. This document outlines our "Privacy by Design" architecture, specifically tailored for Salesforce Organizations.
Stood Flows operates as a Data Processor under the General Data Protection Regulation (GDPR). Our core mission is to provide architectural clarity and flow analysis without compromising the integrity or confidentiality of your corporate business data.
Stood Flows is engineered to be content-blind. Our systems are designed to analyze the "how" (structure) without ever needing the "what" (content).
We provide a factual and legally-backed guarantee that the following categories of data never leave your Salesforce environment and are never stored on Stood Flows databases:
Commercial & Financial Data: No opportunity amounts, currency values, or transaction history.
Geographic Data: No physical addresses or shipping locations.
Proprietary Intelligence: No case notes, deal names, or custom text-field content.
To provide accurate License and User Access Analysis, Stood Flows may temporarily fetch User IDs or Email Addresses.
Zero Database Persistence: These identifiers are never committed to a database or any persistent storage.
User-Restricted Access: This information is processed exclusively in volatile memory (RAM) and is accessible only to the authenticated corporate user during their active session.
Instant Purge: All such data is discarded immediately upon the termination of the session or the closing of the analysis view.
Our integration with Salesforce is governed by a dual-layer security protocol that ensures data can only be viewed, never altered.
Stood Flows advocates for the Principle of Least Privilege. We provide specific guidance for clients to utilize restricted, Read-Only permission sets when authenticating the integration, ensuring that our access is limited by your own internal security policies from day one.
Beyond the permissions granted by the user, Stood Flows has established Hard Rules within our core engine:
Server & Client Side Enforcement: Our code includes mandatory filters that only permit SELECT queries.
Modification Blockade: Any commands involving INSERT, UPDATE, DELETE, or UPSERT are programmatically blocked. This ensures that even in the event of a configuration error on the client side, Stood Flows remains technically incapable of modifying your Salesforce data.
Stood Flows only persists the "Technical Blueprint" of your Organization. This metadata is used to visualize your technical environment and contains no commercial "payload." This includes:
Automation Logic: Structure and connectivity of Flows and Apex Triggers.
Schema Architecture: API names, field types, and object relationships.
Performance Metrics: Execution paths and automation health patterns.
Stood Flows treats your Salesforce architectural metadata with the same rigor as sensitive PII.
Strict Non-Disclosure: We commit to absolute confidentiality regarding your technical configurations. We treat your system's architectural "blueprint" as a trade secret.
Third-Party Isolation: Stood Flows does not utilize any third-party analytics, marketing trackers, or sub-processors for data analysis. Your data is never sold, leased, or disclosed.
Our infrastructure is built on Tier-IV data center technology, providing enterprise-grade protection:
Encryption: All data in transit is shielded by TLS 1.2+ encryption. Any metadata stored at rest is protected by AES-256 encryption.
EEA Data Sovereignty: All processing and storage occur within the European Economic Area (EEA), ensuring full compliance with EU data protection laws and ensuring your data never crosses jurisdictions with lower privacy standards.
Logical Isolation: Every client environment is logically isolated within our infrastructure to prevent cross-contamination or unauthorized access.
This commitment is issued by Hway Digital SAS, a company established in France, registered under the number 929 820 116 (RCS Versailles), and represented by its President, Pierre Lecointre.
As the Data Processor, Hway Digital SAS assumes full legal responsibility for the technical and organizational measures described herein. Our commitment to data protection is central to our corporate governance and is overseen directly by the executive leadership.
For more information about our data security guarantees contact: contact@stoodcrm.com.