Your Data Never Leaves
Salesforce
Squivr is built 100% natively on the Salesforce platform. No external hosting, no third-party integrations, no client downloads. Just the enterprise-grade security you already trust.
Security built on a
foundation you already trust
Because Squivr runs entirely within Salesforce, every security control Salesforce provides is inherited automatically — with no gaps, no handoffs, and no additional risk surface.
No External Hosting
All data remains under your direct control within the Salesforce instance you already manage and trust. No replication, no sync, no exposure.
Inherited Enterprise Security
Squivr inherits Salesforce's physical infrastructure protections, encryption at rest and in transit, identity and access management, and continuous compliance monitoring.
No Third-Party Integrations
No third-party integrations are required for core functionality. This reduces exposure and dramatically simplifies your organization's risk surface.
Role-Based Access Control
Squivr respects and reinforces your existing Salesforce security model — role-based access, native sharing rules, permission sets, and multi-factor authentication.
Full Auditability
Since all activity remains within Salesforce, admins maintain complete visibility using standard Salesforce audit logs, permission sets, and admin tools.
Compliance Ready
Squivr inherits Salesforce's compliance with SOC 2, ISO 27001, and FedRAMP for Government Cloud deployments — no additional certification burden for your team.
The security model that
eliminates the risk
A key pillar of Squivr's security is our Salesforce-native architecture, which provides a strong foundation for data protection, compliance, and trust. Since our solution operates entirely within the Salesforce platform, your data never leaves your Salesforce environment.
- No external hosting or data replication — all data stays in your Salesforce instance
- Inherited security controls including physical infrastructure protections
- Encryption at rest and in transit via Salesforce platform
- Identity and access management built in from day one
- Continuous compliance with SOC 2, ISO 27001, and FedRAMP
- No third-party integrations required for any core functionality
Security-aware API endpoints, content security policies, strict data validation, and Salesforce's built-in WAF protection.
Salesforce's web application firewall detects and blocks malicious traffic. Squivr inherits this protection automatically.
RBAC and MFA ensure secure user access. Your Salesforce admin controls all permissions, logging, and access to Squivr through native Salesforce tools.
Squivr uses the Lightning Design System so it looks and feels exactly like native Salesforce — reducing user friction and training overhead.
Compliant with the
standards that matter
The Squivr application is listed publicly on AppExchange and is compliant with the same privacy and compliance requirements as Salesforce. We follow all Salesforce ISV best practices and security policies.
Your admin stays
in full control
Your Salesforce administrator controls the permissions, logging, and access to the Squivr application through native Salesforce functionality. Squivr has the same availability as your Salesforce instance.
- Permissions managed through Salesforce permission sets and profiles
- Full audit logging via standard Salesforce audit tools
- Availability tied directly to your Salesforce instance uptime
- Access controls enforced at the Salesforce platform level
- No separate admin portal, no separate credentials to manage
Data never leaves Salesforce
All Squivr data is stored and processed entirely within your Salesforce org. Zero external data stores.
No third-party web services
Core functionality requires no external API calls or third-party service dependencies.
No client downloads or plug-ins
Squivr runs entirely in the browser via Salesforce Lightning. Nothing to install, nothing to update.
Continuous security updates
Squivr benefits from Salesforce's continuous security updates, active threat monitoring, and compliance maintenance.
Review our security documentation
Download our full security document and data processing agreement to share with your security and legal teams.
Questions? Contact us at info@squivr.com
Squivr’s Application:
Is fully native to Salesforce, leveraging the robust security controls inherent to the Salesforce platform to mitigate web application vulnerabilities. Salesforce employs a multi-layered security framework that includes protection against common classes of web application vulnerabilities such as injection attacks, cross-site scripting (XSS), and cross-site request forgery (CSRF).
Key Salesforce-native security measures include:
Web Application Security Frameworks: Salesforce provides built-in protections such as security-aware API endpoints, content security policies, and strict data validation mechanisms.
Platform Integrity: Salesforce uses a web application firewall (WAF) as part of its infrastructure to detect and block malicious web traffic, providing additional protection against web vulnerabilities.
Data Access Controls: Role-based access control (RBAC) and multi-factor authentication (MFA) ensure secure user access and protect against unauthorized data exposure.
By building exclusively on the Salesforce platform, Squivr benefits from Salesforce’s continuous updates, compliance with industry standards, and active threat monitoring, ensuring strong mitigation of web application vulnerabilities.
Salesforce Security
Your data never leaves the Salesforce Platform. Squivr uses the same granular security and sharing setting that Salesforce provides.
Privacy & Compliance
The Squivr application is listed publicly and is compliant with the same privacy and compliance requirements as Salesforce at https://compliance.salesforce.com/en.
Lightning Design System
Using the lightning design allows for quick adoption as Squivr looks and feels like native Salesforce.
Security
Squivr is Salesforce Native. The same security mechanism you trust with Salesforce drive Squivr.
Trust
Squivr must follow all of Salesforce best practices and security policies.
Availability
Squivr has the same availability as your salesforce instance. In addition, Squivr is an ISV partner of Salesforce and follows standards, policies, and best practices listed at https://trust.salesforce.com/en/.
Permission, Logs & Access
Your salesforce administrator controls the permissions, logging, and access to the Squivr Application through Salesforce functionality.
Security Document .PDF
A key pillar of Squivr’s software security is our Salesforce-native architecture, which provides a strong foundation for data protection, compliance, and trust. Since our solution operates entirely within the Salesforce platform, PowerSchool data never leaves your Salesforce environment.
This means:
No external hosting or data replication: All data remains under your direct control within the Salesforce instance you already manage and trust.
Inherited security controls: Squivr leverages Salesforce’s enterprise-grade security, including physical infrastructure protections, encryption at rest and in transit, identity and access management, and continuous compliance with frameworks such as SOC 2, ISO 27001, and FedRAMP (for Government Cloud deployments).
No third-party integrations required for core functionality, reducing exposure and simplifying your risk surface.
Role-based access and native sharing rules ensure that Squivr respects and reinforces your existing Salesforce security model.
Auditability: Since all activity remains within Salesforce, admins maintain full visibility and control using standard Salesforce audit logs, permission sets, and admin tools.
By building directly within Salesforce, Squivr avoids many of the data handling risks associated with external SaaS platforms. This architecture not only reduces security overhead but also helps streamline compliance for organizations that require strict governance over data and operational systems.
