Trust & Security

You're about to point a free tool at an org you're responsible for. Here is exactly what OrgKit can see, store, and do — and what it can't.

Where does my token live?
Browser memory
Where does my metadata go?
Nowhere
What do you log?
Nothing

Architecture: there is no server

OrgKit is a set of static pages. There is no backend, no database, no API of ours in the middle. When you use a tool, your browser talks directly to your Salesforce instance over HTTPS using Salesforce's own APIs. That's why each org needs a one-time CORS allowlist entry — Salesforce is verifying that your org's admin approved this site to make browser calls, which is a security feature, not a workaround.

OrgKit works on the metadata layer only — automations, object schemas, profiles, OmniStudio components. It never queries or writes your business records.

Your access token

What stays in your browser

So that snapshots and audit trails survive a browser restart, OrgKit keeps non-sensitive working data in your browser's localStorage: org nickname and instance URL, automation snapshots, your local audit log, and preferences. None of it contains credentials, and none of it ever leaves your machine. Clearing site data removes everything.

Safety rails for destructive actions

Common security-review questions

Is my password stored anywhere?
No. Login happens on salesforce.com via OAuth. OrgKit only ever receives a short-lived access token.
Do you use analytics or tracking?
If enabled, only privacy-friendly, cookie-free page analytics (counts, not identities). Never any org data, metadata, tokens, or Salesforce responses.
What scopes does the shared Connected App request?
API access sufficient for the Tooling and REST API calls the tools make. If your policy requires narrower control, use your own Connected App — every tool supports it.
Can OrgKit modify my org without me?
No. There is no server to act on your behalf and no stored credentials. Every change happens live, from your browser, in your session, and is written to the local audit log.
Is the code auditable?
Each tool is a single, unminified HTML file — View Source shows you everything that runs. No bundlers, no third-party JavaScript dependencies.

Terms of use

Found a security issue?

Please report it privately via GitHub — responsible disclosure is appreciated and acknowledged.