Metazoa Security Policy

Customer Information about Privacy and Security

Metazoa is a publisher of software products and utilities for Salesforce administrators. These products are available for install on the Salesforce AppExchange website. All our products have passed the Salesforce Security Review. Snapshot Org Management is our flagship product. Monarch Relational Data Migration is another paid offering. We have four other solution centers that are available for free with paid upgrades for additional functionality.

Paid Products:
  • Snapshot Org Management
  • Monarch Relational Data Migration

Solution Centers:
  • Intelligent Assistant
  • Documentation Center
  • Technical Debt Center
  • Org Security Center

All the Metazoa software products are explicitly designed to protect customer privacy and security. This whitepaper discusses the unique advantages that are inherent in the Metazoa software architecture. This whitepaper also explains the security and privacy polices put in place by Metazoa as a company. All the different Metazoa products have the same security architecture, so they are discussed collectively below.

Metazoa Player

There are two parts to any Metazoa software product. First, the Metazoa Player is a 64-bit desktop application written in compiled C that implements a security sandbox designed to protect the client computer, the local file system, and private network assets. Second, the Metazoa Document is a binary file which contains all the scripted content, user interfaces, and other graphics associated with the actual application. The Metazoa Player is similar to a Java or .NET virtual machine, and the Metazoa Document is similar to a Java jar file or .NET assembly. The Metazoa Player was written by an engineering team led by Bill Appleton, and different version of this code base have been in use for 20 years. The multi-platform code base is used to build two separate executable programs, one for Microsoft Windows and the other for Apple Macintosh. Both versions of the Metazoa Player are code signed to prevent tampering with the executable. The Metazoa Player was carefully written to minimize and abstract contact with the local machine, but also to allow access to certain external web based assets and local desktop files in a sandbox folder. This environment provides an extra layer of security for the customer, their desktop computer, and the local network. The Metazoa Player was designed to be a secure container for potentially untrusted applications.

Metazoa Document

The Metazoa Document contains the scripted content, user interfaces, and other graphics associated with the actual product. When new and improved versions of a product become available, a new Metazoa Document is downloaded to the Metazoa Player for execution. This provides a simple and secure method of managing application updates. The download process is visible to the customer. The documents are scanned for irregularities, and a sophisticated checksum is used to prevent tampering. The Metazoa Player is mature and rarely updated. The Metazoa Document is updated at least three times a year to coincide with Salesforce API releases. There may be additional Metazoa Document updates throughout the year to address product enhancements, bug fixes, and performance improvements.

File Server

Metazoa maintains a read-only file server at where the Metazoa Player can be downloaded. When the desktop application is started, the latest Metazoa Document is downloaded from the same location. Physical access to the Metazoa Player and the latest Metazoa Document are controlled through SFTP with a client key on a secure computer. Currently Bill Appleton is the gatekeeper for changes on this server. There are different installation pages for each different Metazoa software product:

Install Paid Products

Install Solution Centers

Microsoft Windows Player

Apple Macintosh Player

Serverless Architecture

When a customer logs into their Salesforce org, the Metazoa client application retrieves a Session ID that is used to communicate with the Data, Metadata, and Tooling API. All communication is conducted directly between the customer’s personal computer and their Salesforce org. Customer credentials are stored in ephemeral RAM memory and discarded when the application terminates. Data and metadata used by the product are stored in a secure folder on the customer’s local hard disk. The customer’s private Salesforce data and metadata are not transmitted, duplicated, or cached on any other server or cloud that is outside of the customer’s environment.

The Metazoa Player is downloaded once from the file server at The Metazoa Player uses HTTP POST over SSL for network communication with the Data, Metadata, and Tooling APIs. This is the same network protocol that the Salesforce HTML web application uses to run in a browser, except Metazoa is communicating with XML instead of HTML documents. The diagram below illustrates this architecture.

Figure 1: Metazoa Player Security Architecture

The customer doesn’t need to worry about security practices on the Metazoa cloud. Metazoa doesn’t have a cloud. Metazoa uses your Salesforce org for team collaboration and shared data. The customer doesn’t need to worry about the privacy policies in the Metazoa data center. Metazoa doesn’t have a data center. Metazoa uses your Salesforce org and your local drive for data storage.

Because of this, Metazoa has a superior architecture for delivering administrative products on the Salesforce platform. We have the same modern desktop architecture as Slack, Tableau, Salesforce DX and Visual Studio Code. Metazoa software products are both more interactive and more secure than alternative architectures that can potentially expose your administrative credentials and private data to the open Internet.

Virtual Machine Installation

The Metazoa Player can be run on a Virtual Machine in the cloud or behind a corporate firewall instead of a personal computer. This option allows greater control over the computing environment. All customer data and metadata are stored on the Virtual Machine’s hard disk. All Internet connectivity takes place on the Virtual Machine’s network. During professional service engagements, a Virtual Machine can be used to keep all customer data and metadata inside the customer’s computing environment.

Regulatory Compliance

The Metazoa Player has been architected to ensure data privacy. All customer data and metadata remain in the customer’s computing environment. The fact that there is no external cloud or data center helps ensure that privacy regulations such as HIPAA and GDPR are inherently followed. The Metazoa Snapshot product follows the ALCOA principles for GxP. The reports that Snapshot generates are:

  • Attributable to an individual using Salesforce authentication
  • Legible documents including HTML, PDF, EXCEL, and PNG
  • Contemporaneous based on the Salesforce server timestamp
  • Original and dynamically generated by the Snapshot product
  • Accurate results tested in thousands of different Salesforce orgs
  • Permanent documents saved to hard disk or Salesforce Content

Snapshot also conducts metadata deployments and data migrations. These org transformation operations also support GxP principles:

  • Traceability: Snapshot maintains and stores deployment history logs
  • Accountability: Changes are tagged using Salesforce authentication

External Integrations

Metazoa products integrate with some external applications and API services. The external applications must be installed on the desktop computer for successful integration using the Command Line interface. These external applications include:

  • Git – for integration with Git Repositories
  • PMD – for the static analysis of Apex Classes
  • Salesforce CLI – SFDX support of Developer Projects

If for any reason a customer is concerned about the security characteristics of these external applications then they should be uninstalled from the desktop computer or laptop.

Metazoa products also integrate with some API services. If for any reason a customer is concerned about the security characteristics of these API services then access can be turned off with the Workspace Manager. This permission prevents Metazoa from calling the given API service.

  • Google Search API – for searching Error Messages and org management support
  • Stack Exchange API – for searching Error Messages and org management support
  • OpenAI Developer API – for Artificial Intelligence and org management support

In the case of OpenAI grounding data is used in some circumstances. Grounding data includes packets of Data and Metadata required for intelligent analysis. The OpenAI API does not store prompts or grounding data for any purpose. In particular, the developer API does not use prompts for training. The Snapshot preferences interface allows the customer to enter their private developer key for OpenAI if desired. The service can also be enabled or disabled in the preferences interface. Find more information below.

Metazoa Security Policy

All Metazoa software products communicate directly between the customer’s personal computer and their Salesforce org. Metazoa does not have access to any customer data or metadata. All transactions take place with Salesforce API services and are conducted using the SSL protocol. All transactions conform to the Salesforce API security policy. All transactions are further limited by the policies that customers have established for their Salesforce org. All the Metazoa software products available on the AppExchange have passed the Salesforce Security Review. The read-only Metazoa file server is used for the initial download of the Metazoa Player desktop application and after that a Metazoa Document that delivers product updates.

Metazoa Privacy Policy

All Metazoa software products communicate directly between the customer’s personal computer and their Salesforce org. Metazoa does not have access to any customer data or metadata. Our Snapshot Org Management product uses the Salesforce License Manager to administer customer access. The other products are licensed to an individual org and the associated sandboxes. Customer information is used solely for product licensing, feature roadmap, and technical support. Personal customer information will never be transferred to a third party or become linked to any database external to Metazoa.

🎉 Congratulations! 🎉

You’ve successfully completed the Metazoa Metadata Studio Certification Class. With the skills you’ve acquired, you’re now adept at harnessing the power of Metazoa’s Metadata Studio, seamlessly integrating artificial intelligence into Salesforce org management. You have earned you a certificate! Well done, and we wish you continued success in your future endeavors!