Your Data Never Leaves
Salesforce
Squivr is built 100% natively on the Salesforce platform. No external hosting, no third-party integrations, no client downloads. Just the enterprise-grade security you already trust.
Security built on a
foundation you already trust
Because Squivr runs entirely within Salesforce, every security control Salesforce provides is inherited automatically. No gaps, no handoffs, and no additional risk surface.
No External Hosting
All data remains under your direct control within the Salesforce instance you already manage and trust. No replication, no sync, no exposure.
Inherited Enterprise Security
Squivr inherits Salesforce's physical infrastructure protections, encryption at rest and in transit, identity and access management, and continuous compliance monitoring.
No Third-Party Integrations
No third-party integrations are required for core functionality. This reduces exposure and dramatically simplifies your organization's risk surface.
Role-Based Access Control
Squivr respects and reinforces your existing Salesforce security model, including role-based access, native sharing rules, permission sets, and multi-factor authentication.
Full Auditability
Since all activity remains within Salesforce, admins maintain complete visibility using standard Salesforce audit logs, permission sets, and admin tools.
Compliance Ready
Because Squivr is 100% native to Salesforce, your org automatically inherits Salesforce's SOC 2, ISO 27001, and FedRAMP compliance. No separate certification needed.
The security model that
eliminates the risk
A key pillar of Squivr's security is our Salesforce-native architecture, which provides a strong foundation for data protection, compliance, and trust. Since our solution operates entirely within the Salesforce platform, your data never leaves your Salesforce environment.
- No external hosting or data replication. All data stays in your Salesforce instance.
- Inherited security controls including physical infrastructure protections
- Encryption at rest and in transit via Salesforce platform
- Identity and access management built in from day one
- SOC 2, ISO 27001, and FedRAMP compliance inherited automatically through Salesforce
- No third-party integrations required for any core functionality
Security-aware API endpoints, content security policies, strict data validation, and Salesforce's built-in WAF protection.
Salesforce's web application firewall detects and blocks malicious traffic. Squivr inherits this protection automatically.
RBAC and MFA ensure secure user access. Your Salesforce admin controls all permissions, logging, and access to Squivr through native Salesforce tools.
Squivr uses the Lightning Design System so it looks and feels exactly like native Salesforce, reducing user friction and training overhead.
Who is responsible
for what
Click any row to learn more about how responsibility is shared across Squivr, Salesforce, and your team.
| Security Area | Squivr | Salesforce | Customer |
|---|
Compliant with the
standards that matter
The Squivr application is listed publicly on AppExchange and is compliant with the same privacy and compliance requirements as Salesforce. We follow all Salesforce ISV best practices and security policies.
SOC 2 (via Salesforce)
Squivr does not hold its own SOC 2 certification. Because we are 100% native to Salesforce, your org inherits Salesforce's SOC 2 compliance automatically.
ISO 27001 (via Salesforce)
Squivr does not hold its own ISO 27001 certification. Running natively on Salesforce means your org benefits from Salesforce's ISO 27001 program without any additional burden.
FedRAMP (via Salesforce)
Squivr does not hold its own FedRAMP authorization. For Government Cloud deployments, your org inherits Salesforce's FedRAMP coverage directly through the native platform.
Verify directly with Salesforce
Your admin stays
in full control
Your Salesforce administrator controls the permissions, logging, and access to the Squivr application through native Salesforce functionality. Squivr has the same availability as your Salesforce instance.
- Permissions managed through Salesforce permission sets and profiles
- Full audit logging via standard Salesforce audit tools
- Availability tied directly to your Salesforce instance uptime
- Access controls enforced at the Salesforce platform level
- No separate admin portal and no separate credentials to manage
Frequently Asked Questions
Data never leaves Salesforce
All Squivr data is stored and processed entirely within your Salesforce org. Zero external data stores.
No third-party web services
Core functionality requires no external API calls or third-party service dependencies.
No client downloads or plug-ins
Squivr runs entirely in the browser via Salesforce Lightning. Nothing to install and nothing to update.
Continuous security updates
Squivr benefits from Salesforce's continuous security updates, active threat monitoring, and compliance maintenance.
Get in touch with
our team
Questions about security, compliance, or our data processing agreement? We are here to help.
Squivr, Denver, Colorado
Email us
info@squivr.com
General enquiries and security questionsAppExchange
Get Squivr on AppExchange
View our official listing โSecurity document
Download full security overview
PDF, share with your security team โData processing agreement
Download our DPA
PDF, share with your legal team โReview our security documentation
Download our full security document and data processing agreement to share with your security and legal teams.
Questions? Contact us at info@squivr.com
