For Your IT Team

Everything your security
team needs to say yes.

This page is designed to be shared with your IT security reviewer, DPO, or legal team. It covers every question they'll ask — before they ask it.

Zero Data Extraction

How it works — exactly.

The same data flow diagram we give your IT security team. Nothing hidden, nothing simplified.

Your Salesforce Org
Production data stays here. Always.
Schema + Record IDs only✗ Never field values
MaskEzee (your VPS)
Generates realistic fake values only.
Fake values written back + Audit log created
Masked Sandbox
Realistic fake data. GDPR compliant.
We read: field names · field types · record IDs
We never read: customer names · emails · phone numbers · financial data · health data
OAuth Permissions

Exactly what we request.
And why.

This is the exact Connected App permission list your Salesforce admin will see when they authorise MaskEzee.

Permissions we request

Permission scope Why we need it What we read Granted
api
Read field schema (names, types, labels). Write fake values to sandbox records via Salesforce Bulk API 2.0.
Field metadata · Record IDs
refresh_token
offline_access
Maintain the OAuth session for auto-masking on sandbox refresh. Without this, the admin would need to manually re-authenticate before every run.
Session token only
id
Identify which Salesforce org and user authorised MaskEzee. Used to record this in the audit log and prevent cross-org data contamination.
Org ID · User ID · Username

Permissions we explicitly do NOT request

Permission scope What it would allow Why we don't need it
full Full access to all data and metadata We only need schema read + record write — never full org access
chatter_api Access to Chatter, feeds, user profiles Irrelevant to masking. Not requested.
wave_api Analytics and CRM Analytics data Irrelevant to masking. Not requested.
custom_permissions Access to custom permission sets Not needed. Not requested.
visualforce Access to Visualforce pages Not needed. Not requested.
You can revoke access at any time — go to Salesforce Setup → Connected Apps OAuth Usage and revoke the MaskEzee connection. The permissions list is also visible before you authorise, during the standard Salesforce OAuth consent screen.
GDPR Compliance

How MaskEzee maps to
GDPR requirements.

Art. 5
Data Minimisation
GDPR requires that only data necessary for the purpose is processed. MaskEzee processes schema and IDs only — the minimum technically possible to perform masking without reading PII values.
Art. 25
Data Protection by Design
Pseudonymisation of personal data in non-production environments is explicitly named as a data-protection-by-design measure. MaskEzee automates this requirement for Salesforce sandbox environments.
Art. 30
Records of Processing
GDPR requires a record of all personal data processing activities. MaskEzee's timestamped audit log constitutes a processing record for sandbox masking operations, exportable as PDF (Silver+).
Art. 28
Data Processing Agreement
If your org processes personal data using a processor (MaskEzee), GDPR requires a DPA. We provide a full GDPR Article 28-compliant DPA on Gold plan. Available for review before signing up.
Art. 32
Security of Processing
GDPR requires appropriate technical measures to ensure security proportional to the risk. Sandbox masking eliminates the most common non-production PII exposure risk in Salesforce environments.
Rec. 26
Pseudonymisation
GDPR Recital 26 states that pseudonymised data is outside the scope of GDPR when the pseudonymisation is irreversible. MaskEzee's replacement-without-reading approach is technically irreversible.
IT Security Review

Questions your IT team
will ask. Answered.

Data & Infrastructure

Where is MaskEzee hosted?On a UK-based VPS (maskezee.cloudezee.tech). Processing happens server-side. Customer PII never passes through the server — only schema and IDs transit the wire.
Is data encrypted in transit?All API calls between MaskEzee and Salesforce use HTTPS/TLS 1.3. OAuth tokens are encrypted at rest using AES-256.
Do you store any customer data?No. We store your Salesforce OAuth token (encrypted), your field selection profile, and your masking run audit log. No customer PII is ever stored on our servers.
What sub-processors do you use?Our VPS is hosted on Hetzner (Germany, EU). We do not use AWS, Azure, or Google Cloud. Full sub-processor list available on request.

Access & Control

Can we revoke access at any time?Yes — immediately, from Salesforce Setup → Connected Apps → Revoke. MaskEzee loses all access the moment you revoke. We recommend revoking if you cancel or pause the service.
Does MaskEzee have access to production?No. You connect only your sandbox, not your production org. MaskEzee cannot access production unless you explicitly connect it (we recommend you don't).
Who at CloudEzee can access our Salesforce data?Nobody. MaskEzee uses automated API calls only. No CloudEzee employee can see your Salesforce data — our server never receives field values.
What happens to our data if we cancel?Your OAuth token is immediately deleted from our servers. Your audit logs are available for export up to the retention period, then permanently deleted.
For Your DPO

Documents included
with each plan.

Bronze & above
In-App Audit Log
Every masking run logged with timestamp, sandbox, user, objects masked, and record counts. View and filter from the MaskEzee dashboard. Retained 6 months on Bronze, 24 months on Silver.
Silver & above
Audit Log PDF Export
One-click PDF export of any masking run. Each PDF includes the compliance statement: "No personal data values were transmitted outside of Salesforce at any point during this masking operation." DPO-ready.
Silver & above
Data Flow Diagram
The technical data flow diagram showing exactly which Salesforce API calls are made, what data moves, and what never moves. Most IT security reviews close with this single document.
Silver & above
Compliance Statement Letter
A signed letter from CloudEzee confirming MaskEzee's data handling approach, suitable for submission to your DPO or inclusion in your GDPR Article 30 records of processing activities.
Gold only
GDPR Article 28 DPA
A full Data Processing Agreement compliant with GDPR Article 28. Required when MaskEzee acts as a data processor on behalf of your organisation. Covers subject matter, duration, nature, purpose, and obligations.
All plans
DPO Direct Contact
Email our DPO directly at contact@cloudezee.tech with any data protection questions. We respond within 2 business days. For Gold customers, you have a dedicated account manager as your first point of contact.
Security FAQ

Technical questions
answered precisely.

What Salesforce API does MaskEzee use?
MaskEzee uses the Salesforce REST API (for schema read and authentication) and Bulk API 2.0 (for writing masked values). Bulk API 2.0 processes updates asynchronously and efficiently — the same API Salesforce recommends for high-volume DML operations. We never use SOAP API, Streaming API, or Tooling API.
Does MaskEzee work with Salesforce Shield?
Yes. Because MaskEzee never reads field values, Shield Platform Encryption is not a blocker. When Shield encrypts a field value, MaskEzee simply writes a new (fake) value to that field without ever attempting to decrypt it. The result is a masked field that remains encrypted by Shield.
Can MaskEzee access our production org?
Only if you explicitly connect it. The OAuth authorisation is per-org — you connect a specific Salesforce org (your sandbox) and MaskEzee only has access to that specific org. We strongly recommend connecting only sandbox orgs, never production. We cannot cross-connect orgs on our end.
Where are OAuth tokens stored and how are they secured?
OAuth access and refresh tokens are stored in our database encrypted at rest using AES-256. The encryption key is managed separately from the database and rotated periodically. Token transmission between our server and Salesforce is always over TLS 1.3.
What is your vulnerability disclosure policy?
Report security vulnerabilities to contact@cloudezee.tech. We respond within 48 hours, confirm or deny within 5 business days, and aim to patch critical issues within 7 days. We do not pursue legal action against good-faith security researchers.
Ready to Review?

Request our full
security one-pager.

A single PDF covering data flow, permissions, GDPR mapping, and our signed compliance statement — designed to close your IT security review in one meeting.