pledgely

Security

No Pledgely copy of your Salesforce data.

Your Salesforce records stay in your org. Pledgely keeps no separate database copy and has no standing access to your org.

Architecture

Native means no second copy

Every Pledgely app is installed as a managed package and operates from Salesforce. Pledgely does not run a separate application database that mirrors your Salesforce records, and we do not maintain standing access to your org. When an app uses a provider account you connect, Salesforce or your browser communicates directly with that provider. The provider processes only the data you send through that account under your relationship with that provider.

The Salesforce records created by Pledgely apps follow your org's residency, backup, encryption, and Shield posture because they are Salesforce data. Data intentionally sent through a connected provider follows the terms and residency controls of the provider account you own.

Provider accounts

You own the Twilio and SendGrid relationships

Pledgely apps connect to communication providers through accounts you hold. Your Twilio account, your phone numbers, your message logs, your billing relationship. Same for SendGrid when Pledgely Mail ships. Credentials are stored in protected configuration inside your org, guarded from user access, and used only by the app's service layer. If you ever leave Pledgely, the account, the numbers, and the provider-side history are still yours.

Public forms

Guest safety that cannot be faked

Public forms are the sharpest security edge any org exposes, so Pledgely Forms treats the anonymous visitor as untrusted by design. Audience tiers (staff, logged-in portal users, and anonymous public visitors) are enforced on the server and cannot be faked from the browser. Spam is filtered by built-in spam protection, including reCAPTCHA v3 with a v2 challenge fallback and rate limits. And if the app cannot positively confirm that a field is allowed to be written, the submission stops rather than quietly dropping what someone typed. Because we license per org rather than per guest, nothing in the design has a reason to loosen guest checks for licensing's sake.

Permissions

Least privilege, shipped as permission sets

Each app ships permission sets that grant exactly what a role needs: admin setup and everyday use are separate grants, and nothing asks for "Modify All Data" as a shortcut. Automation honors your sharing model wherever a person is driving it. The few places that must run with elevated access, like receiving an incoming message from your provider, are deliberately narrow, logged, and documented.

Transparency

Review status & telemetry, stated plainly

AppExchange security review: every Pledgely app passes Salesforce's security review before general availability on the AppExchange. Pledgely SMS and Pledgely Forms are pre-listing today; this page is updated with each app's listing status as it goes live.

Usage telemetry: managed packages can report aggregate feature-usage signals through Salesforce's feature-management framework. We use it for counts and adoption flags, never record content, never personal data. The specifics are disclosed in the privacy policy.

Support access: support is delivered to named admin contacts. We access a customer org only through access you grant, scoped and time-boxed by you.

Security questions

Where does my data live?

Your Pledgely Salesforce records live in your org. Pledgely does not operate a separate database that stores a copy of them and does not maintain standing access to your org. When an app uses a provider account you connect, Salesforce or your browser communicates directly with that provider.

What can Pledgely see?

Not your records unless you grant temporary support access. Like all managed packages, our apps can report aggregate feature-usage telemetry through Salesforce’s feature-management framework: counts and flags, never record data. The privacy policy describes exactly what is collected.

Can Pledgely staff access my org?

Only if you grant it, and only for as long as you grant it. Support runs through named admin contacts; we never hold standing credentials to customer orgs.

Are the apps security-reviewed by Salesforce?

Every Pledgely app goes through Salesforce’s AppExchange security review before it is generally available on the AppExchange. This page carries each app’s listing status and will be updated as listings go live.

Have a security review of your own?

Send us your questionnaire. Architecture questions get answered by the people who built it.