Enterprise-grade from day one
SFADDON's security posture and legal documentation in one place.
Read. Scan. Wipe.
We never persist raw SuccessFactors data. We read what we need, scan it in memory, and discard the source the moment a scan completes.
OData read access with the scope you define. Standard SF APIs only, never direct DB access.
All rule evaluation happens in memory. No raw employee records touch persistent storage.
Raw data is discarded at scan completion. Only health scores and issue summaries remain.
Security is the foundation, not a feature
Data minimization
We process only what is needed and retain only operational results — never raw SuccessFactors PII.
Encrypted at every layer
AES-256-GCM at rest, TLS 1.3 in transit, and encrypted SuccessFactors credentials that are never logged or returned.
Privacy by design
EU-region hosting, MFA enforced, an append-only audit trail, and a published sub-processor list.
Legal & compliance documentation
How we collect, use, and protect personal data across all SFADDON products.
ViewThe terms governing use of SFADDON products and services, with refund and cancellation detail.
ViewData-processing terms for GDPR-compliant use; includes Standard Contractual Clauses for transfers.
ViewEvery third party that may process customer personal data on behalf of SFADDON.
ViewTechnical description of SFADDON's security controls, encryption, and authentication.
Request- privacy@sfaddon.com— Data protection, DPA requests, GDPR inquiries
- security@sfaddon.com— Security assessments, vulnerability disclosure
- legal@sfaddon.com— Legal and contract matters
Security research is welcomed under a 90-day coordinated-disclosure policy with safe harbour for good-faith research.