Skip to content

Privacy Policy

Last updated: May 19, 2026

Salesforce Inspector Advanced is a browser extension that runs in the user's browser and communicates with Salesforce on behalf of the currently logged-in Salesforce user.

Salesforce Inspector Advanced is an independent project and is not affiliated with, endorsed by, or sponsored by Salesforce.

The extension does not operate a developer-controlled backend service, and it does not sell, rent, or use Salesforce data for advertising or profiling. Data is sent to Salesforce APIs when a feature requires it. Data is not sent to the extension maintainers or to unrelated third-party services unless the user explicitly exports, copies, downloads, pastes, opens, or otherwise shares that data outside the extension.

Salesforce Access

The extension communicates with Salesforce through official Salesforce web service APIs and browser-accessible Salesforce pages. The extension can access only the Salesforce data and features that the current Salesforce user is permitted to access.

Depending on the feature used, Salesforce API calls may read metadata, records, logs, limits, platform event definitions, object descriptions, or other Salesforce resources. Features that import, update, delete, publish, or execute requests send the user-provided payload to Salesforce.

Most Salesforce API calls reuse the access token or session that the browser already uses to access Salesforce. To acquire this session, the extension requires permission to read browser cookie information for Salesforce domains. If API Access Control is enabled, the user may optionally configure a Salesforce Connected App or External Client App and generate an OAuth access token through Salesforce OAuth with PKCE.

Data Stored Locally

The extension stores data locally in the user's browser profile using browser storage mechanisms such as localStorage, extension storage, and IndexedDB. Current IndexedDB data is stored under the salesforce-inspector database.

Local data may include:

  • Extension settings and preferences, such as API version, display options, shortcut configuration, cache durations, feature toggles, and per-org UI preferences.
  • Salesforce org context and lightweight org metadata used by the UI, such as host name, sandbox status, instance name, and trial expiration date.
  • Query history and saved queries, including SOQL/SOSL text, Tooling API flags, QueryAll flags, saved query names, categories, field groups, and timestamps.
  • REST and GraphQL Explorer history and saved requests, including endpoints, methods, headers, request bodies, GraphQL operation names, queries, variables, labels, and timestamps.
  • Event Monitor publish history and saved platform event payloads, including event channel names, labels, and JSON payload text.
  • Record Watch configuration and history, including watched object names, fields, record IDs or WHERE values, polling interval, run status, errors, timestamps, and record snapshots. Record Watch snapshots can include Salesforce records, field values, changed field names, and previous snapshot references.
  • Optional authentication configuration, such as a Salesforce OAuth client/consumer key, a temporary PKCE code verifier during OAuth authorization, and a generated Salesforce OAuth access token when the user enables API Access Control support.
  • Cache data used to avoid redundant Salesforce calls, such as object lists, field names, describe metadata, org information, API statistics, and other response-derived data needed by extension features.
  • User-saved feature data when explicitly used, such as saved debug logs, imported/exported configuration, regex catalog rules, prompt template names, and Login Manager entries.
  • Login Manager credentials entered by the user, including usernames, passwords, security tokens, login targets, landing-page preferences, groups, and backup/export data. Login Manager credential encryption is enabled by default and uses a user-provided passphrase before local persistence. Users may disable encryption in settings; when disabled, saved credentials remain local but are not encrypted by the extension.

Local data remains on the user's device/browser profile unless the user exports or shares it. Some local data may contain Salesforce record data, metadata, access tokens, or credentials entered by the user. Users should protect their browser profile and device accordingly.

Retention and Deletion

The extension keeps local data only for extension functionality, but retention depends on the feature:

  • Query history is limited by the configured history size, currently defaulting to 100 entries per org.
  • Saved queries are limited by the configured saved query size, currently defaulting to 50 entries per org.
  • REST and GraphQL Explorer histories keep up to 100 entries; saved REST and GraphQL requests keep up to 50 entries.
  • Event Monitor publish history keeps up to 20 entries; saved platform event payloads keep up to 50 entries.
  • Record Watch keeps up to 100 runs per watch and up to 5,000 snapshots per run. Deleting a watch deletes its runs and snapshots. Older runs beyond the per-watch limit are removed with their snapshots.
  • Cache entries use the configured cache duration where applicable, currently defaulting to 168 hours for supported caches, and may also be removed when browser storage quota requires cleanup.
  • Saved items and preferences remain until the user deletes them, clears the feature's stored data, clears the extension's browser storage, resets the browser profile, or uninstalls the extension.
  • Login Manager credentials remain until the user deletes the access, deletes Login Manager data, imports replacement data, clears extension storage, resets the browser profile, or uninstalls the extension.

Users can delete specific data through the relevant feature UI where available, such as clearing query history, clearing saved REST or GraphQL requests, deleting saved queries, deleting Record Watch watches, or deleting the generated OAuth token from Options. Users can also inspect and remove extension storage through the browser developer tools or browser extension storage controls. Deleting normal browsing history may not remove all extension localStorage, extension storage, or IndexedDB data.

Limited Use

The extension's use and transfer to any other app of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements.

The extension does not use information received from Google APIs or browser extension APIs for advertising, sale, user profiling, or purposes unrelated to the user-facing extension features.

Source Inspection

The extension is open source. Users can validate this policy by inspecting the source code, reviewing browser storage in developer tools, and monitoring network traffic from the browser while using the extension.