Metazoa Snapshot
Privacy and Security Policy

Metazoa Privacy and Security Policy

The Metazoa Snapshot Change and Release Management product was explicitly designed to protect customer privacy and security. This whitepaper discusses the unique advantages that are inherent in the product’s architecture, and also explains the security and privacy polices put in place by Metazoa as a company.

Source Code Control

There are two parts to the Snapshot Change and Release Management product. First, the Metazoa Player is a compiled desktop application written in C that implements a security sandbox designed to protect the client computer, the local file system, and private network assets. Second, the Snapshot Document is a binary file which contains all of the scripted content, user interfaces, and other graphics associated with the actual application. The Metazoa Player is similar to a Java or .NET virtual machine, and the Snapshot Document is similar to a Java jar file or .NET assembly.

The Metazoa Player was written by an engineering team led by Bill Appleton, and different version of this code base have been in use for 20 years. The multi-platform code base is used to build two separate executable programs, one for Microsoft Windows and the other for Apple Macintosh. Both versions of the Metazoa Player are code signed to prevent tampering with the executable.

The Metazoa Player was carefully written to minimize and abstract contact with the local machine, but also to allow access to certain external web based assets and local desktop files in a sandbox folder. This environment provides an extra layer of security for the customer, their desktop computer, and the local network. The Metazoa Player was designed to be a secure container for potentially untrusted applications.

The Snapshot Document contains the scripted content, user interfaces, and other graphics associated with the actual product. When new and improved versions of Snapshot become available, a new Snapshot Document is downloaded to the Metazoa Player for execution. This provides a simple and secure method of managing application updates. The download process is visible to the customer. The documents are scanned for irregularities, and a checksum is used to prevent tampering.

The Metazoa Player is mature and rarely updated. The Snapshot Document is updated at least three times a year to coincide with Salesforce API releases. There may be additional Snapshot Document updates throughout the year to address product enhancements, bug fixes, and performance improvements.

Metazoa maintains a read-only file server at http://www.metazoa.net where the Metazoa Player can be downloaded. When the desktop application is started, the latest Snapshot Document is downloaded from the same location. Physical access to the Metazoa Player and the latest Snapshot Document are controlled through SFTP with a client key on a secure computer. Here are the download locations for the Metazoa Player installation program:

Installation Pages

https://www.metazoa.net/install/player.html
https://www.metazoa.net/install/report.html

Microsoft Windows

https://www.metazoa.net/codebase/MZInstall32.exe
https://www.metazoa.net/codebase/MZInstall64.exe

Apple Macintosh

https://www.metazoa.net/codebase/MZInstall32.pkg
https://www.metazoa.net/codebase/MZInstall64.pkg

Serverless Architecture

When a customer logs into a Salesforce account, Snapshot creates a Session ID that is used to communicate with the Data, Metadata, or Tooling API. All communication is conducted directly between the customer’s personal computer and their Salesforce account. Customer credentials are stored in ephemeral RAM memory and discarded when the application terminates. Data and metadata used by the product are stored in a sandbox folder on the customer’s local hard disk. The customer’s private Salesforce data and metadata are not transmitted, duplicated, or cached on any other server or cloud that is outside of the customer’s environment.

The Metazoa Player is downloaded once from the file server at https://www.metazoa.com. The Metazoa Player uses HTTP POST over SSL for network communication with the Data, Metadata, and Tooling APIs. This is the same network protocol that the Salesforce HTML web application uses to run in a browser, except Metazoa is communicating with XML instead of HTML documents. The diagram below illustrates this architecture.

Metazoa Security Policy

The Snapshot Change and Release Management product communicates directly between the customer’s personal computer and their Salesforce account. Metazoa does not have access to any customer data or metadata. All transactions take place with Salesforce API services and are conducted using the SSL protocol. All transactions conform to the Salesforce API security policy, and the policy that administrators have established for users in their Salesforce account. The read-only Metazoa file server is only used for the initial download of the Metazoa Player desktop application and after that a Snapshot Document that delivers product updates.

Metazoa Privacy Policy

The Snapshot Change and Release Management product communicates directly between the customer’s personal computer and their Salesforce account. Metazoa does not have access to any customer data or metadata. We use the Salesforce License Manager to administer customer access to the Snapshot Product. Customer information is used solely for product licensing, fearure roadmap, and technical support. Personal customer information will never be transferred to a third party or become linked to any database external to Metazoa.