The customer doesn’t need to worry about security practices on the Metazoa cloud. Metazoa doesn’t have a cloud. Metazoa uses your Salesforce org for team collaboration and shared data. The customer doesn’t need to worry about the privacy policies in the Metazoa data center. Metazoa doesn’t have a data center. Metazoa uses your Salesforce org and your local drive for data storage.
Because of this, Metazoa has a superior architecture for delivering administrative products on the Salesforce platform. We have the same modern desktop architecture as Slack, Tableau, Salesforce DX and Visual Studio Code. Metazoa software products are both more interactive and more secure than alternative architectures that can potentially expose your administrative credentials and private data to the open Internet.
Virtual Machine Installation
The Metazoa Player can be run on a Virtual Machine in the cloud or behind a corporate firewall instead of a personal computer. This option allows greater control over the computing environment. All customer data and metadata are stored on the Virtual Machine’s hard disk. All Internet connectivity takes place on the Virtual Machine’s network. During professional service engagements, a Virtual Machine can be used to keep all customer data and metadata inside the customer’s computing environment.
Regulatory Compliance
The Metazoa Player has been architected to ensure data privacy. All customer data and metadata remain in the customer’s computing environment. The fact that there is no external cloud or data center helps ensure that privacy regulations such as HIPAA and GDPR are inherently followed. The Metazoa Snapshot product follows the ALCOA principles for GxP. The reports that Snapshot generates are:
- Attributable to an individual using Salesforce authentication
- Legible documents including HTML, PDF, EXCEL, and PNG
- Contemporaneous based on the Salesforce server timestamp
- Original and dynamically generated by the Snapshot product
- Accurate results tested in thousands of different Salesforce orgs
- Permanent documents saved to hard disk or Salesforce Content
Snapshot also conducts metadata deployments and data migrations. These org transformation operations also support GxP principles:
- Traceability: Snapshot maintains and stores deployment history logs
- Accountability: Changes are tagged using Salesforce authentication
External Integrations
Metazoa products integrate with some external applications and API services. The external applications must be installed on the desktop computer for successful integration using the Command Line interface. These external applications include:
- Git – for integration with Git Repositories
- PMD – for the static analysis of Apex Classes
- Salesforce CLI – SFDX support of Developer Projects
If for any reason a customer is concerned about the security characteristics of these external applications then they should be uninstalled from the desktop computer or laptop.
Metazoa products also integrate with some API services. If for any reason a customer is concerned about the security characteristics of these API services then access can be turned off with the Workspace Manager. This permission prevents Metazoa from calling the given API service.
- Google Search API – for searching Error Messages and org management support
- Stack Exchange API – for searching Error Messages and org management support
- OpenAI Developer API – for Artificial Intelligence and org management support
In the case of OpenAI grounding data is used in some circumstances. Grounding data includes packets of Data and Metadata required for intelligent analysis. The OpenAI API does not store prompts or grounding data for any purpose. In particular, the developer API does not use prompts for training. The Snapshot preferences interface allows the customer to enter their private developer key for OpenAI if desired. The service can also be enabled or disabled in the preferences interface. Find more information below.
https://pmd.github.io/
https://cli.github.com/
https://developer.salesforce.com/tools/sfdxcli
https://api.stackexchange.com/
https://platform.openai.com/docs/introduction
https://developers.google.com/custom-search/v1/overview
Metazoa Security Policy
All Metazoa software products communicate directly between the customer’s personal computer and their Salesforce org. Metazoa does not have access to any customer data or metadata. All transactions take place with Salesforce API services and are conducted using the SSL protocol. All transactions conform to the Salesforce API security policy. All transactions are further limited by the policies that customers have established for their Salesforce org. All the Metazoa software products available on the AppExchange have passed the Salesforce Security Review. The read-only Metazoa file server is used for the initial download of the Metazoa Player desktop application and after that a Metazoa Document that delivers product updates.
Metazoa Privacy Policy
All Metazoa software products communicate directly between the customer’s personal computer and their Salesforce org. Metazoa does not have access to any customer data or metadata. Our Snapshot Org Management product uses the Salesforce License Manager to administer customer access. The other products are licensed to an individual org and the associated sandboxes. Customer information is used solely for product licensing, feature roadmap, and technical support. Personal customer information will never be transferred to a third party or become linked to any database external to Metazoa.