Privacy Policy

1. Introduction

This Privacy Policy describes how Callout Guardian ("the App", "we", "our") handles data when installed on your Salesforce organization ("your org"). Callout Guardian is a Salesforce AppExchange Managed Package that monitors the health and availability of your Salesforce integrations.

2. Data Collection

2.1 What Data We Collect

Callout Guardian operates entirely within your Salesforce org. The App collects and stores the following data exclusively within your org's database:

• Endpoint URLs discovered from your Named Credentials, Remote Site Settings, CSP Trusted Sites, External Data Sources, External Services, External Credentials, Outbound Messages, Apex code, and Flows
• Health check results: HTTP status codes, response times, error classifications
• Callout logs: Request/response metadata (method, status code, response time, error type)
• Incident records: Downtime start/end times, duration, root cause
• SLA compliance reports: Availability percentages, check counts
• Alert history: Alert type, severity, channel, timestamps
• Webhook subscription data: Target URLs, delivery status, retry counts

2.2 What Data We Do NOT Collect

• We do NOT collect or transmit any data outside your Salesforce org
• We do NOT send any data to our servers or any third-party services
• We do NOT store response bodies from your callouts (only metadata)
• We do NOT log sensitive headers (Authorization, Cookie, X-Api-Key headers are masked before storage)
• We do NOT collect user personal information beyond standard Salesforce audit fields (CreatedBy, LastModifiedBy)

3. Data Storage

All data is stored as Salesforce Custom Objects within your org:

• Endpoint_Status__c — Endpoint monitoring status
• Health_Check__c — Health check results
• Callout_Log__c — Callout logs (configurable retention)
• Discovered_Endpoint__c — Auto-discovered endpoints
• Incident__c — Incident records
• SLA_Report__c — SLA compliance reports
• Alert_History__c — Alert history
• Webhook_Subscription__c — Webhook subscriptions

Data retention is configurable via Custom Metadata Type settings. A built-in data retention batch job purges old records according to your configured policy.

4. Data Processing

4.1 Health Check Probes

Callout Guardian performs HTTP HEAD or GET requests to your configured endpoints to check their availability. These probes:

• Use standard Salesforce Apex HttpRequest (no external libraries)
• Respect your org's Remote Site Settings and Named Credentials
• Do not send any payload or authentication data beyond what is configured in your Named Credentials
• Execute within your org's governor limits

4.2 Endpoint Discovery

The App discovers integration endpoints by querying your org's metadata:

• SOQL-based (Free tier): Named Credentials, Remote Site Settings, CSP Trusted Sites, External Data Sources
• Tooling API-based (Pro/Enterprise tiers): External Services, External Credentials, Outbound Messages, Apex code, Flows

All discovery is read-only and internal to your org.

4.3 Webhook Delivery

If configured, the App delivers webhook notifications to URLs you specify. These outbound payloads contain:

• Endpoint name and URL
• Alert type and severity
• Status change information
• Timestamp

Webhook payloads are signed with HMAC-SHA256 using a secret you provide. The App does not control or monitor the receiving webhook endpoints.

5. Data Sharing

Callout Guardian does not share your data with any third party. All data remains within your Salesforce org under your full control.

The only outbound communications from the App are:

1. Health check probes to endpoints you have configured for monitoring
2. Webhook notifications to URLs you have explicitly configured
3. Email alerts sent via Salesforce's native email service to recipients you specify

6. Security

• All sensitive headers are masked before storage using the SensitiveDataMasker class
• Webhook secrets are stored in Custom Metadata Type records (Protected)
• The App enforces Salesforce CRUD/FLS (Field-Level Security) through WITH SECURITY_ENFORCED and Security.stripInaccessible()
• Access is controlled via Permission Sets: Admin, Viewer, Alert Recipient, API User
• The App passes Salesforce Security Review and Checkmarx static analysis

7. Your Rights

Since all data resides in your Salesforce org, you have full control:

• Access: Query any Callout Guardian object via SOQL, Reports, or the App's dashboard
• Modify: Edit or delete any record through standard Salesforce UI
• Export: Export data via Salesforce Data Export, Data Loader, or Reports
• Delete: Uninstalling the package removes all App code; data objects can be deleted by your admin
• Retention: Configure data retention periods via Custom Metadata settings

8. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be communicated through AppExchange listing updates and release notes.

9. Contact

For privacy-related questions, contact us at:

• Email: support@calloutguardian.com
• Website: calloutguardian.com