Report Sender is fully Salesforce native, so all the code runs inside your organization.

Apex code calls the reporting API, which is why the application needs to get OAuth access.

Private custom settings are used to store security secrets, which are only visible to the application code.

Configuration options are stored in records in your org.

The reports run as the user who scheduled the report, so the user knows what data will be in the report.

The app is regularly scanned for security flaws and approved by the Salesforce security team. Read more about the security review.

When you install the app or do certain interactions on the AppExchange, Salesforce sends us your contact information and some basic info about what you did (for example: installed report sender).

When interacting with the app, we collect some usage data. For example, when pages are viewed, how many total records have been created, and when users perform certain interactions.

Paid subscribers will be asked to provide their name, address, and billing information which will be stored securely and used for billing.

If you are having any issues with the app and we determine that we need login access to debug, one option we may ask is to have you grant us login access through the Salesforce setup menu. This allows our support agents to log in with the same permissions as the user that granted the access. Our support agents are trained on how to securely debug in a customer org and do not export any data unless approved by you and necessary for the fix.