Overview
As an Salesforce ISV Partner, the LeanData product runs as an AppExchange managed application on the Salesforce Force.com platform. The Force.com multitenant architecture (described here) ensures that data within a Salesforce organization are siloed and not accessible by other tenants. As software running natively on Force.com, this extends to the LeanData managed application as well — no LeanData data or processes are accessible by any other Salesforce organizations (and vice versa). In addition, in order to maintain our listing in the Force.com AppExchange, we pass an annual security review conducted by Salesforce staff.
No personally identifiable information or data are stored on LeanData systems outside of Salesforce.
Standard Configuration
By running in a Standard security configuration, a LeanData Salesforce tenant communicates with the LeanData package running in Salesforce. Secure communication occurs to provision LeanData products and to continuously monitor application health. No personally identifiable information data are stored on any LeanData systems. In concert with Salesforce’s multitenant architecture, configurations are siloed and not shared or accessible by other customer organizations.
The secure communication for the Standard security configuration occurs through REST API calls using OAuth 2.0 authentication and HTTPS web callouts. The API calls are made to REST endpoints in the LeanData software, primarily used to configure our application and to monitor system processes.