100% Native — No Data Leaves Your Org

RSA-2048 Encrypted Licensing

Zero PII — Metadata-Only Analysis

Your Data Stays in Your Org

The most important security feature of ROI Steward is what it does not do: it does not move your data. Unlike SaaS management platforms that require data exports or API integrations to external systems, ROI Steward runs entirely within your Salesforce instance.

  • All data analysis, usage calculations, and ROI modeling occur locally within your Salesforce org
  • No customer data, CRM records, or business information is ever transmitted externally
  • If you trust Salesforce's infrastructure, you can trust ROI Steward — we operate entirely within their governed environment

What We Communicate — and What We Do Not

When online license validation is enabled (our preferred option), ROI Steward performs a secure licensing check periodically. This is the only external communication the application can make in that mode.

When online validation is used, what is transmitted:

  • Salesforce Organization ID (your org's unique identifier)
  • Package version (to ensure you are running the latest version)
  • Total active user count (to validate your subscription tier)
  • Installation date (to manage trial periods)

What is never transmitted:

  • No names, email addresses, or usernames
  • No Leads, Accounts, Contacts, or Opportunities
  • No financial data or contract details
  • No license usage results or savings calculations

No external calls? No problem.

Organizations that do not permit any external communication can use our offline licensing mode. You receive a license key by email and paste it into the app in your Salesforce org. No server calls are made — no validation traffic, no outbound API. If your security or compliance rules block external access, offline licensing is the right choice.

Principle of Least Privilege

  • ROI Steward requires read-only access to specific system metadata (UserLicense, ActiveUser, PermissionSetAssignment)
  • Access to the ROI Steward dashboard is controlled by Permission Sets that you assign — you decide who can see the reports
  • On uninstall, all locally stored calculation results are removed from your org

Our Path to AppExchange

ROI Steward is currently available as a managed package distributed via a direct installation link. We are committed to submitting for the formal Salesforce AppExchange Security Review and intend to do so following our beta testing period.

In the meantime, we have chosen to be fully transparent about our data handling as a deliberate commitment to earning your trust.

Security FAQ

Does the app require "Modify All Data" permissions?
No. ROI Steward operates using standard metadata queries and does not require broad administrative permissions.

Does ROI Steward impact org performance?
No. The analysis engine runs asynchronously and respects all Salesforce Governor Limits.