Before using any Salesforce diagnostic tool, understand what it accesses, what it exports, what it stores, and whether it can write back to Salesforce.
Read-only diagnostics · Review-ready workbooks · No package install · No Connected App
Connecting an external tool to Salesforce is a reasonable thing to be cautious about.
Salesforce orgs can hold customer information, financial data, permission structures, automation logic, files, reports, and operational history. Before any tool touches an org, it is worth understanding exactly what it reads, what it stores, what it exports, and what it can change.
This checklist is vendor-neutral. It is useful whether or not you ever use KeelCadence, and it ends with a factual description of how KeelCadence defines its own data boundary.
Salesforce is rarely just a contact list. Over time, an org accumulates sensitive business data, customer information, permission structures, automation, files, reports, and years of operational history.
Any external tool should be evaluated on what it reads, what it stores, what it exports, and what it changes. That skepticism is not an obstacle. It is the correct starting point for a review.
The most useful question is not only what the tool does. The more revealing question is: what is the tool's data boundary?
Before connecting any Salesforce diagnostic tool, ask:
If a tool cannot answer these questions clearly, that lack of clarity is itself a finding.
A tool's value matters, but the data boundary matters first. Admins and IT reviewers should be able to describe what the tool reads, what it stores, what it exports, what it never collects, and what it can change.
A data boundary describes what information a tool can access, what information leaves the source system, what is stored by the vendor, and what appears in the output.
Once the boundary is clear, most other questions become easier to evaluate. A narrow, well-described boundary is easier to review than a broad one that is left unstated.
Not every Salesforce tool carries the same review weight, because not every tool touches the same data.
Metadata diagnostic tools review configuration, metadata, permissions, automation metadata, and aggregate counts. Data export tools move or expose row-level customer data, files, attachments, emails, Chatter content, or transactional records.
The distinction matters because the two categories create very different review questions.
| Question | Metadata Diagnostic Tool | Data Export Tool |
|---|---|---|
| Reads metadata | Yes | Sometimes |
| Reviews configuration | Yes | Sometimes |
| Exports records | No | Yes |
| Downloads files or attachments | No | Often |
| Stores customer data | No | Often |
| Produces review evidence | Yes | Varies |
| Requires data handling review | Lower | Higher |
| Can write back to Salesforce | Usually no | Sometimes |
| Typical review risk | Lower | Higher |
Both categories can be legitimate. The point is not that one is good and one is bad. The point is that they belong in different review tracks.
When a tool reaches a formal review, IT and security teams tend to look at a consistent set of areas:
A tool that can answer each of these clearly is far easier to approve than one that leaves them open. KeelCadence publishes its answers to many of these on its security and IT review pages.
Credential and token handling deserves its own set of questions, regardless of which tool you are reviewing:
For reference, here is how KeelCadence answers the storage question factually: KeelCadence does not store persistent Salesforce OAuth refresh tokens or long-lived Salesforce access tokens.
Package installs and Connected Apps are normal in many Salesforce tools. They are not inherently a problem, but they can add review friction because they introduce components into the org.
Useful questions include:
KeelCadence's model is intentionally narrow on this point: no package install, no Connected App setup, read-only diagnostics.
Read-only access reduces writeback risk, but it does not remove the need to evaluate what the tool reads, exports, and stores. Read-only is one part of the boundary, not the whole boundary.
Questions to ask:
KeelCadence diagnostics do not create, update, delete, or modify Salesforce records, metadata, permissions, fields, automations, or layouts.
A diagnostic report should contain enough evidence to support review, without exposing unnecessary customer data. The output is part of the data boundary too.
A practical pre-use checklist, suitable for an admin, consultant, or reviewer:
KeelCadence is not a Salesforce data export tool. KeelCadence is a metadata diagnostics tool.
It reviews Salesforce metadata, configuration, permission structures, automation metadata, and aggregate counts where needed for diagnostic scoring. It does not export customer records, files, attachments, emails, Chatter content, or transactional data.
It produces review-ready XLSX workbooks for cleanup, permission review, automation review, imports, UAT, and admin handoff.
| Data Type | KeelCadence Use | Exported in Workbook? |
|---|---|---|
| Metadata | Reviewed | Yes, where relevant |
| Profiles and permission sets | Reviewed | Yes |
| Field definitions | Reviewed | Yes |
| Automation metadata | Reviewed | Yes |
| Aggregate counts | Used where needed | Yes, as summary metrics |
| Individual record values | Not used | No |
| Files and attachments | Not used | No |
| Emails or Chatter | Not used | No |
| Salesforce writes | Not performed | No |
| OAuth refresh tokens | Not stored | No |
Some teams should involve IT or security before using any external tool, especially when internal policies require review of browser tools, third-party SaaS, Salesforce session access, downloaded reports, or external diagnostics.
If that applies to your org, the following pages are written to support that review:
Profiles, permission sets, object permissions, FLS exposure, and user-assignment patterns.
Learn more →Field utilization, layout coverage, hidden populated fields, and cleanup review candidates.
Learn more →Available automation metadata across Flows, Apex, triggers, validation rules, and approval processes.
Learn more →Selected-object readiness signals for imports, UAT, migrations, bulk updates, and record operations.
Learn more →No. Read-only access lowers writeback risk, but admins should still understand what the tool reads, exports, stores, and retains.
A data boundary describes what a tool can access, what leaves Salesforce, what is stored by the vendor, what appears in the output, and whether the tool can make changes.
Metadata describes the structure and configuration of the org, such as objects, fields, profiles, permission sets, field-level security, and automation. Record data is the actual business data stored in records, files, emails, Chatter, and transactions.
Ask whether the tool stores OAuth refresh tokens, long-lived access tokens, credentials, session data, or access logs, and how access can be revoked.
No. KeelCadence does not export customer records, files, attachments, emails, Chatter content, or transactional data.
No. KeelCadence does not store persistent Salesforce OAuth refresh tokens or long-lived Salesforce access tokens.
No. KeelCadence does not require a package install or Connected App setup.
No. KeelCadence diagnostics are read-only and do not create, update, delete, or modify Salesforce records, metadata, fields, permissions, automations, or layouts.
KeelCadence workbooks contain diagnostic findings, supporting metadata evidence, review priority, confidence labels where applicable, recommendations, and remediation tracking fields.
KeelCadence is built for metadata-based Salesforce diagnostics, not Salesforce data export. Review the security model and IT review notes before connecting an org.
Read-only · No package install · No Connected App setup · No Salesforce writes
KeelCadence uses session cookies and Google Analytics 4 for site usage insights. GA4 does not receive Salesforce credentials, Org IDs, Report IDs, or payment data. You can opt out for this browser.