ForceLens Logo ForceLens
Add to Chrome
Privacy & Trust

We respect your privacy.
Here's exactly how.

ForceLens runs 100% locally on your computer inside your browser. We do not own, operate, or maintain any centralized logging servers, analytics metrics, or databases. Your source code and debug logs stay entirely yours.

0%
External Servers
We never upload your logs or code to any ForceLens central database.
Local
Log Storage
Logs remain inside the Chrome sandbox (chrome.storage.local).
BYOK
Direct AI Pipeline
AI analysis calls dispatch directly to Anthropic/OpenAI from your client.

Quick Summary

Everything you need to know about your data in 30 seconds:

  • Device-Level Parsing: All debug log processing and visualization runs locally on your machine.
  • Secure Session Tokens: Your Salesforce credentials are kept in-memory to load logs and never sent out.
  • Direct AI Pipeline: AI calls are dispatched directly from your browser. ForceLens has no gateway server.
  • Zero Trackers: We do not include any advertisement SDKs, cookies, web beacons, or metrics collection.

1. About ForceLens

ForceLens is a browser developer tool extension that streamlines debug log analysis, limits tracking, DML inspecting, and Flow charting for Salesforce developers. Because the tool operates in the browser side-panel context, the design guarantees that files and log contents remain confidential within your network sandbox.

This Privacy Policy outlines how your browser interacts with Salesforce APIs, local storage, and optional AI configurations while using ForceLens.

2. Information We Collect & Process

As a developer tool, we operate under a strict policy: We do not collect what we do not need. The table below lists all variables processed during log exploration:

Category Storage Scope Details & Purpose
Salesforce Debug Logs Local Only Stored on your device browser storage for review history. Stays inside the extension sandbox.
Salesforce Session Tokens In-Memory Only Read temporarily from cookies to query Salesforce APIs. Held in memory only for the lifetime of the open tab, then discarded. Never written to disk.
AI Configurations & Keys Local Only API Keys for Anthropic, OpenAI, or Groq are stored locally in your extension preferences.
AI Insights Summaries Opt-In Only Non-sensitive structured code summaries are transmitted directly to your configured AI provider when analyzing logs.
Application Preferences Local Only Theme selections (Light, Dark, Midnight, Warm) and display settings are saved to storage.
Browsing History / Activity Never Collected ForceLens cannot see, store, or transmit your broader internet browsing details.
Support Portal Submissions Opt-In Only Email details and bug reports that you voluntarily submit through our support portal to resolve extension issues.

3. Browser Extension Permissions

Browser extensions are strictly regulated by permissions. Below is the list of requested capabilities in our manifest.json. Click any item to inspect what warning Chrome raises, why we require it, and the security risk analysis:

storage
Zero Risk
Chrome Prompt Warning None (Silent Permission)
Actual Usage Maintains log viewer settings, current theme class, and persistent history slots locally.

The extension utilizes the Chrome Storage API sandbox (chrome.storage.local) to let logs persist in the history tab so you don't lose logs upon closing the panel. It is locked inside the extension domain and cannot be accessed by external websites.

cookies
Local-Only Risk
Chrome Prompt Warning "Read and modify cookies"
Actual Usage Retrieves active sid session cookies to authenticate Apex Debug Log API calls.

In order to pull logs directly from your Salesforce Org without requiring complex OAuth setups every login, ForceLens reads the active browser session ID cookie. This cookie is only utilized to make authenticated calls directly from your client to Salesforce endpoint APIs. It is held exclusively in memory and never written to logs, stored on disk, or shared.

tabs
Zero Risk
Chrome Prompt Warning "Access browsing activity" (for opening tabs)
Actual Usage Enables opening the workspace side-panel or helper links in separate tabs.

We do not track which websites you browse. The tabs API is strictly used to check if the ForceLens application workspace is already open in another tab to prevent duplicate dashboards, and to launch support or configuration links.

unlimitedStorage
Zero Risk
Chrome Prompt Warning None (Silent Permission)
Actual Usage Lets large Apex debug logs (often several MB) be cached locally without hitting Chrome's default 10 MB storage cap.

All data stays inside the extension's local sandbox — unlimitedStorage only raises the size limit; it grants no new access.

*.salesforce.com / *.force.com
Local-Only Risk
Chrome Prompt Warning "Read and change data on all salesforce.com sites"
Actual Usage Allows requests to fetch Apex debug log payloads and run Tooling API metadata lookups.

This host match rule lets the extension fetch the raw text content of logs and source code (such as triggers, classes, flows) from Salesforce Org domains. This communication occurs strictly between your browser tab and the Salesforce API endpoints directly. No data ever passes through or is rerouted to ForceLens servers.

Optional Hosts (Anthropic, OpenAI, Groq, OpenRouter, Supabase)
Zero Risk
Chrome Prompt Warning None at install (Requested dynamically at runtime)
Actual Usage Allows direct client-to-API network requests for optional AI analysis and optional support community board.

These optional host permissions (e.g. api.anthropic.com, api.openai.com, api.groq.com, openrouter.ai, and supabase.co) are not requested at installation. They are requested dynamically only when you choose to configure an AI provider or click to open the feedback board. They connect your browser directly to the endpoint with zero intermediate gateway servers.

4. AI Capabilities & Pipeline

ForceLens includes opt-in AI tools to assist in explainers, exceptions review, and log optimization summaries. This feature is completely disabled by default.

If you choose to use the AI capabilities, you must configure your personal API key (e.g., Anthropic Claude, OpenAI, or Groq) in the AI Settings. Once configured:

  • Your API Key is kept in your device browser storage and is never sent to ForceLens.
  • Requests are dispatched directly from your browser to the AI provider’s API endpoint. No ForceLens middleman proxy is used.
  • Only structural snippets or non-sensitive summaries of the log elements you select are dispatched to generate recommendations.
  • Explicit consent is required. The first time you use AI with a given provider, ForceLens shows a consent dialog describing exactly what will be sent. Nothing is transmitted until you agree, and you can withdraw consent at any time by clearing your key in AI Settings.
  • Network access is granted on demand. Permission to reach each AI provider's domain is requested only when you first enable AI for that provider (an "optional" Chrome permission), not at install time.
  • Automatic secret redaction. Before any content leaves your device, ForceLens scrubs known secret patterns — Salesforce session IDs, bearer tokens, API keys, and email addresses — from the outbound text. This is a best-effort safeguard, not a guarantee; log content may still contain business or record data.

Note on Third-Party Terms: Once log segments are sent to your configured AI provider, they are governed under the respective provider's terms (such as OpenAI's API privacy policy). We recommend checking your vendor’s enterprise data privacy policy to ensure log data is not used for model training.

5. Data Storage & Retention

We believe in total transparency regarding how long data remains in memory or storage:

  • Extension Preferences & Settings: Stored on your device local registry. Persists indefinitely until you manually clear it, wipe preferences, or uninstall the extension.
  • Cached Debug Logs & History: Logs downloaded during analysis are cached in your local Chrome extension database. They persist for convenience and can be cleared individually or fully at any time.
  • Credentials & Tokens: Salesforce session IDs are held transiently in memory. Once the active workspace tab is closed, these tokens are removed from memory.

6. Third-Party Services

We do not contract with, sell data to, or share telemetry with third-party tracking services or data brokers. The only external channels your browser will open are:

  1. Your Salesforce Instances: Necessary to interact with log headers, cookies, and source elements. Data flows directly between your browser and your Salesforce org — it never passes through our servers.
  2. Your AI Providers: Only if AI analysis is configured and actively requested by you. Log segments are sent directly from your browser to the provider you chose (Anthropic, OpenAI, Groq, or OpenRouter) using your own API key.
  3. Voluntary Support Portal (Supabase): If — and only if — you choose to submit a bug report, feature request, or feedback, that content is stored in our support database hosted on Supabase (a third-party backend-as-a-service provider). What is stored: the issue title and description, any reproduction steps, an optional email address you provide, and any screenshot you choose to attach. This information is used strictly to triage and resolve extension defects.

How your support data is protected

  • Email addresses are private. Any email you submit is stored in a restricted table that is readable only by you (the submitter) and our support team. It is never exposed on the public issue board and is never shared or sold.
  • Public issue board. The non-email contents of issues and replies (titles, descriptions, status) are visible to other ForceLens users on the in-app community support board, so duplicate reports can be avoided. Do not include confidential information, credentials, or customer data in the public fields.
  • Screenshots are publicly accessible by link. Any screenshot you attach is uploaded to a public storage bucket and is accessible to anyone who has its URL. Only attach screenshots that do not contain sensitive data, and review them before uploading.
  • Anonymous identity. The support portal signs you in anonymously (a random identifier). We do not require an account, name, or login.

7. Children's Privacy

ForceLens is designed as a professional tool for Salesforce software developers and administrators. We do not solicit, market to, or knowingly store personal data of individuals under the age of 13. If you believe we have received details of a minor through a voluntary support ticket, contact us to remove it immediately.

8. Your Privacy Rights & Console

Regardless of jurisdiction (GDPR, CCPA, etc.), we provide the same suite of data-control rights to all users globally. You can exercise these rights instantly using the interactive console options below:

Request Information

You have the right to know what data we hold. Since everything is on your device, you can see all storage details using the Sidebar Audit widget.

Right to Erasure (Forget)

You can instantly wipe all local cached files and settings using the Erase Local Preferences action in the sidebar.

Deactivate AI Services

You can revoke access to AI providers at any moment by clearing the API tokens from your AI settings tab.

Inquire Directly

If you have questions, click the Contact button below to write directly to our developer team.

9. Updates to this Privacy Policy

We reserve the right to modify this Privacy Policy to reflect codebase modifications, security enhancements, or Chrome store rules. Significant updates will be highlighted inside the extension change logs. Continued usage of ForceLens following updates implies agreement with the revised policies.

Questions about our Privacy Commitment?

Have concerns about Salesforce token handling or AI log summaries? Reach out directly via our developer portal.