Security

Security Architecture

Your Salesforce data stays in your hands. Here's exactly how SFDC File Exporter protects it.

Core Principle

Your Data Never Leaves Your Machine

SFDC File Exporter is a desktop application. When you export files from Salesforce, the connection is established directly between your machine and Salesforce's servers. RASPSYS LLP's infrastructure is not involved in the data path — not even for authentication.

This is fundamentally different from cloud-based export tools, where your files are first uploaded to a third-party server and then downloaded to you. With SFDC File Exporter, there is no intermediate stop. Your files go: Salesforce → Your Machine. Full stop.

Data Flow

SFDC File Exporter (Your Machine)
Initiates authenticated API request
HTTPS / TLS 1.2+
Salesforce API (login.salesforce.com)
OAuth token issued, file content streamed
Direct download — no intermediary
Your Local Drive
Files saved to your chosen folder. End of journey.
RASPSYS LLP infrastructure is NOT in this data path.
Security Principles

Built on Four Security Pillars

OAuth 2.0 Authentication

SFDC File Exporter authenticates with Salesforce using the standard username-password OAuth 2.0 flow. Your password is used only to obtain a session token from Salesforce — it is never stored by the application.

Local-Only Processing

All export operations — querying, filtering, downloading — happen on your local machine. No data is buffered, cached, or transmitted through RASPSYS LLP's servers at any point.

Zero Telemetry

We do not collect usage analytics, error telemetry, or any metadata about your exports. The application operates entirely within your network boundary. RASPSYS LLP is blind to what you export.

TLS-Encrypted Transit

All communication with the Salesforce API is encrypted via HTTPS (TLS 1.2 or higher), matching the same encryption standard used by Salesforce's own web interface.

Credential Handling

  • Passwords are not persisted. Your Salesforce password is used in-memory during the OAuth handshake only. It is discarded immediately after the access token is received from Salesforce.
  • Session tokens are short-lived. The OAuth access token issued by Salesforce is session-scoped. SFDC File Exporter does not attempt to refresh or persist tokens between sessions.
  • Security tokens stay local. Your Salesforce Security Token is only used locally during authentication. It is not logged, cached, or transmitted to RASPSYS LLP.
  • No credential storage in registry or config files. The application does not write credentials to the Windows registry, application data directories, or any configuration file.

Data Handling

  • Direct download — no relay. Files streamed from Salesforce's Content Delivery Network (CDN) go directly to your output folder. No intermediate server touches the file binary.
  • Original file formats preserved. Files are saved exactly as they exist in Salesforce — no transcoding, compression, or format alteration occurs.
  • Export logs remain local. Any export history or application logs are stored on your machine only and are never sent to RASPSYS LLP.
  • No Salesforce metadata stored by us. We do not receive, store, or process any record IDs, file names, or metadata from your exports.
License Validation Note: License key validation involves a brief outbound request from the application to RASPSYS LLP's licensing server. This request transmits only the license key itself — no Salesforce credentials, file metadata, or personal data is included in this request. License validation only occurs at application startup or when you manually activate a key.
Enterprise & Compliance

Designed for Enterprise Security Requirements

SFDC File Exporter's architecture makes it easier to satisfy internal security reviews, compliance audits, and data governance requirements.

Data Residency Compliance

Since files are downloaded directly to your machine without cloud intermediaries, exported data never leaves your controlled environment. Ideal for data residency requirements.

GDPR & HIPAA Friendly

For organizations with GDPR or HIPAA requirements, the local-processing model means sensitive data (PII, PHI) is handled within your existing compliant environment.

IT Security Audit Ready

The application is a standalone executable. Network auditing tools will show connections only to Salesforce API endpoints (login.salesforce.com, your Salesforce instance URL).

Request Security Documentation for Your IT Team