ForceCnx Privacy Policy
Effective Date: March 1, 2026
This Privacy Policy describes how ForceCnx ("Service"), operated by Patrick Waters ("we", "us", "our"), collects, uses, and protects your information.
1. Information We Collect
Account information. When you sign up, we collect your email address and a hashed password. We also store your organization name and slug.
Connection credentials. When you configure a database connection, you provide credentials such as hostname, port, username, password, GCP service account JSON, or AWS IAM configuration. All credential fields are encrypted at rest using AES-256-GCM before storage.
Entity and mapping configuration. We store your entity definitions (table names, custom SQL queries) and field mapping configurations (source column to Salesforce field type mappings).
Usage data. We collect request logs including timestamps, request paths, response status codes, and organization identifiers. These logs are used for rate limiting, debugging, and service improvement. We do not log query parameters or database contents.
Email communications. If you opt into communications, we use your email address to send onboarding and product update emails via Resend. You may unsubscribe at any time.
2. Information We Do Not Collect
Your database contents. The Service acts as a real-time pass-through. Data returned from your database in response to OData queries is transmitted directly to Salesforce and is not stored, cached, or logged by the Service.
Tracking or analytics. We do not use third-party analytics, advertising trackers, or cookies beyond the session cookie required for authentication.
3. How We Use Your Information
We use the information we collect to operate and maintain the Service, authenticate your access and manage your account, connect to your databases on your behalf, send transactional emails (account verification, password reset) and optional product emails, enforce rate limits and usage quotas, and diagnose and resolve technical issues.
4. How We Protect Your Information
Database credentials are encrypted at rest using AES-256-GCM. Passwords are hashed using bcrypt. OData endpoints are authenticated via OAuth 2.0 with JWT tokens. All traffic is encrypted in transit via TLS. Access to infrastructure is restricted and protected by multi-factor authentication.
5. Data Sharing
We do not sell, rent, or share your personal information with third parties, except for payment processing through Stripe (for Pro plan subscribers — Stripe's privacy policy applies to payment data), email delivery through Resend (email address only, for transactional and product emails), or as required by law in response to valid legal process.
6. Data Retention
Account data is retained for the duration of your account. Upon account deletion, your data (including encrypted credentials, entity configurations, and account information) is permanently deleted. Usage logs are retained for up to 90 days for operational purposes.
7. Your Rights
You may access your account data through the Service dashboard, update your email or password at any time, delete your account and all associated data, unsubscribe from non-transactional emails, and request a copy of your stored data by contacting us.
8. Children's Privacy
The Service is not intended for use by anyone under 18 years of age. We do not knowingly collect information from children.
9. International Users
The Service is hosted in the United States. By using the Service, you consent to the transfer and processing of your information in the United States. We do not currently offer GDPR-specific data processing agreements, but we apply the same data protection standards to all users.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The effective date at the top of this page indicates when the policy was last updated.
11. Contact
For questions about this Privacy Policy or to exercise your data rights, contact us at [email protected].