Privacy Policy

Who we are

OrgBorg is operated by Imbarco CRM Solutions ("we", "us", "our"). We provide a web-based platform that helps Salesforce administrators, developers, and consultants monitor, analyze, and manage their Salesforce organizations.

Information we collect

Account information

When you create an account, we collect your name, email address, and optionally your company name. If you sign in via a third-party provider (Google, GitHub, or GitLab), we receive your name, email, and profile picture from that provider.

Salesforce organization data

When you connect a Salesforce org, we access and store:

• OAuth tokens (encrypted) to maintain the connection.
• Metadata and configuration: objects, fields, Apex classes, flows, validation rules, and other setup data.
• Organization limits and usage metrics (API calls, storage).
• Basic user information from your org: user profiles, roles, and login history (for adoption analytics).

For OrgBorg's analytics tools (org health, metadata explorer, code analysis, user adoption, org hierarchy, org shape, data skew, async apex, notifications, and the dashboard), we do not access or store your accounts, contacts, opportunities, or any other business records. These tools operate on metadata and configuration only.

Metadata Backup and Data Sync tools

Two tools are different in kind and need a separate explanation:

• Metadata Backup reads your org's metadata (objects, fields, Apex, flows, layouts, permission sets, validation rules, etc.) and pushes it as a commit to a git repository you own and configure (GitHub, GitLab, or a self-hosted Gitea instance). OrgBorg never stores the backup on its own servers — the commit is pushed directly to your repo and any temporary working copy on OrgBorg's worker is deleted after the push completes.
• Data Sync reads record data (accounts, contacts, opportunities, custom object rows, and any other queryable SObjects you select) and streams it into a relational database you own and configure (PostgreSQL, MySQL, or MariaDB in the current release). OrgBorg's worker acts as a pipe: it queries records from Salesforce, upserts them into your destination database, and retains no copy. The only thing OrgBorg keeps is run metadata (timestamps, row counts, per-object watermarks, error summaries) so the tool can resume where it left off on the next run.

For both tools, you configure the destination with credentials (a git personal access token or a database username/password), which OrgBorg encrypts at rest with AES-256-GCM and never returns to the client after save. You can disable either tool at any time, which clears the destination credentials from OrgBorg's database; data previously pushed to your git repo or synced to your database remains under your control.

Usage data

We collect basic usage information such as which tools you use and when, to help us improve the platform.

How we use your information

• To provide and operate the OrgBorg platform.
• To authenticate you and maintain your session.
• To generate analytics, health reports, and code analysis results for your orgs.
• To communicate with you about your account or service updates.
• To improve the platform based on usage patterns.

Data sharing

We do not sell, rent, or share your personal information or Salesforce data with third parties for advertising. Your org data is only visible to your account. We use a small number of service providers (listed below) that process limited data on our behalf to operate the product.

Third-party services

After you accept our Terms of Service, the following third-party services may receive limited data to operate specific features:

• Sleekplan (feedback platform) — receives your name, email, and user id to identify you when you submit feedback or read our changelog. Privacy policy: sleekplan.com/privacy.
• PostHog (product analytics, EU region) — receives your user id, email, name, page views, custom product events (for example, when you connect an org or trigger a sync), and session replays of your interactions with OrgBorg. We use it to understand how the product is used and to diagnose issues. Session replays mask form inputs by default, and we additionally mask UI regions that render data pulled from your Salesforce orgs so record content does not appear in recordings. PostHog is never loaded on marketing or pre-login pages, and we do not track you before you accept our Terms of Service. Privacy policy: posthog.com/privacy.
• Sentry (error monitoring) — receives error stack traces and request context when something in the app crashes, so we can fix it. We do not send Salesforce record content or OAuth tokens to Sentry. Privacy policy: sentry.io/privacy.

None of these providers receive your Salesforce OAuth tokens, metadata, or business records.

Data storage and security

Your data is stored in a managed PostgreSQL database with strict multi-tenant isolation — your data is never accessible to other users. OAuth tokens are stored encrypted. All connections use HTTPS.

While we take reasonable measures to protect your data, no system is perfectly secure. OrgBorg is currently in beta, and we are actively hardening our security posture.

Your rights and choices

• Disconnect an org — You can disconnect any Salesforce org at any time, which immediately revokes our access and stops data collection for that org.
• Delete your account — You may request deletion of your account and all associated data by contacting us.
• Access your data — You may request a copy of the data we hold about you.

Cookies and local storage

We use essential cookies to maintain your authentication session. After you accept our Terms of Service, PostHog also sets a cookie and a local storage entry to hold a stable identifier used to group product analytics events from the same session. We do not use advertising cookies or share these identifiers with ad networks.

Changes to this policy

We may update this privacy policy as OrgBorg evolves. When we do, we will update the "Last updated" date at the top of this page. Significant changes will be communicated via email or in-app notification.

Contact

If you have questions about this privacy policy or how we handle your data, contact us at support@imbarco.com.