Privacy policy

Salesforce FLS Permissions Copier Privacy Policy

Last updated: July 11, 2026 · Applies to the Salesforce FLS Permissions Copier Chrome extension.

Salesforce FLS Permissions Copier ("the extension") is a Chrome browser extension published by SFings that copies Field Level Security (FLS) permissions from one Salesforce field to another across profiles. This policy explains what data the extension accesses, how it is used, and what is (and is not) shared.

Summary

  • The extension does not collect, transmit, sell, or share your personal data with the developer or any third party.
  • All data the extension touches stays between your browser and your own Salesforce org.
  • There are no analytics, no tracking, no advertising, and no external servers operated by the developer.

Data the extension accesses

  • Salesforce session cookie (sid). The extension reads your existing Salesforce session cookie (via the Chrome cookies permission) on Salesforce domains only. This session token is used solely to authenticate REST API requests to your own Salesforce org — for example, to query field-level-security records (FieldPermissions, FieldDefinition, EntityDefinition). The token is sent only to the Salesforce instance you are already logged in to and never to the developer or any third party. A copy may be cached in your browser's localStorage on the Salesforce page so repeated requests don't re-fetch it; it never leaves your browser except in requests to Salesforce itself.
  • Salesforce metadata. To perform its function, the extension reads metadata from your Salesforce org, such as object names, field names, and profile-level field permissions. This data is processed in memory in your browser and used only to display options and update permission checkboxes on the page. It is not stored permanently or transmitted anywhere other than back to your Salesforce org via Salesforce's own APIs.
  • Extension settings. The extension stores a small amount of non-personal working data (e.g., the label of the Salesforce object you are working on) using Chrome's chrome.storage.sync. If you are signed in to Chrome with sync enabled, Google may sync this data across your devices under Google's privacy policy. This data contains no credentials and no personal information.

Data the extension does not collect

  • Personally identifiable information (name, address, email, etc.)
  • Health, financial, or payment information
  • Authentication information beyond the Salesforce session token described above
  • Personal communications, location data, web browsing history, or keystrokes
  • Any data from websites other than Salesforce domains

Where the extension runs

The extension only runs on Salesforce domains, as declared in its manifest: *.salesforce.com, *.force.com, *.my.salesforce.com, *.lightning.force.com, *.salesforce-setup.com, *.visualforce.com. It has no access to any other website.

Data sharing and sale

The extension does not sell, rent, trade, or otherwise transfer any data to third parties. The developer has no server and receives no data from the extension. The only network communication is between your browser and your Salesforce org.

Data retention and deletion

  • The cached session token in localStorage persists until it expires, you log out of Salesforce, or you clear your browser site data.
  • Settings in chrome.storage.sync persist until you remove the extension or clear extension data.
  • Uninstalling the extension removes its stored settings. No data remains anywhere else, because none is ever collected.

Security

The extension communicates with Salesforce exclusively over HTTPS. It requests only the minimum permissions needed for its single purpose, and contains no remote code — all code is packaged with the extension and reviewed by the Chrome Web Store.

Limited Use disclosure

The extension's use of information received from Chrome APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements. Data is used only to provide the extension's single, user-visible purpose: copying field-level-security permissions within your Salesforce org.

Children's privacy

The extension is a professional tool for Salesforce administrators and is not directed at children under 13. It does not knowingly collect any information from anyone, including children.

Changes to this policy

If this policy changes, the updated version will be published at this same location with a revised "Last updated" date. Material changes will be reflected in the extension's Chrome Web Store listing.

Contact

If you have questions about this privacy policy or the extension's data practices, contact sfings.dev@gmail.com.