← Back to home

SF Report Manager - Privacy Policy

Effective date: 2026-03-07

SF Report Manager is a Chrome extension for managing Salesforce Reports and Dashboards at scale within your own Salesforce organization, including bulk copy, move, delete, and deployment preparation workflows.

Data we process

• Salesforce session cookies (sid) to authenticate API requests when you are logged into Salesforce
• Authentication tokens returned by Salesforce OAuth (access token, optional refresh token) as a fallback authentication method
• Your Salesforce authentication result, including your Salesforce email address, required to operate the extension and improve reliability
• Non-sensitive configuration such as Salesforce API version and login domain
• Operational metadata required to prepare, copy, move, delete, review, or deploy selected Reports/Dashboards
• Usage and diagnostic data tied to extension events, including extension version, operating system, locale, generated analytics user ID, and the Salesforce email address associated with your authentication state

How we use and store data

• Session cookies are read directly from your browser to authenticate Salesforce API requests.
• OAuth tokens and configuration are stored locally in your browser using chrome.storage.local.
• We store the Salesforce authentication result, including the Salesforce email address, to keep you signed in and improve extension reliability.
• Core Salesforce API requests are made directly from your browser to your Salesforce domains (for example, *.salesforce.com and *.lightning.force.com).
• Certain usage events and uninstall information may be sent to the extension's configured analytics service to measure product usage and improve reliability.

Permissions

• cookies: used to read Salesforce session cookies for automatic authentication when you are logged into Salesforce.
• identity: used to perform OAuth with Salesforce via Chrome's launchWebAuthFlow as a fallback authentication method.
• storage: used to persist tokens, session info, analytics identifiers, and user configuration locally.
• Host permissions: limited to Salesforce domains to enable reading cookies and making API calls required for managing analytics metadata.

Third-party services

The extension communicates with Salesforce APIs under your control. It also communicates with the configured analytics service for event tracking and uninstall reporting.

Access and revocation

• You can sign out from the extension at any time, which removes stored tokens and session data from local storage.
• Cookie-based authentication is automatic when you are logged into Salesforce. Logging out of Salesforce will end the session.
• You can revoke OAuth access in Salesforce Setup → Connected Apps → OAuth connected apps by removing the granted permission for your user.

Security practices

• OAuth uses Authorization Code with PKCE.
• All data is stored only in chrome.storage.local on your device.
• Session cookies are only read, never modified or transmitted externally.

Contact

For privacy-related questions, please contact the developer via the email listed on the Chrome Web Store listing.

Last updated: 2026-03-07