Legal · Last updated 16 Jul 2026

App privacy.

This policy covers what happens to your data when you install and use a Sliick app inside your Salesforce org: Docs, Files, Photos, Charts, and Forms. It's separate from the privacy policy for sliick.com, which covers this website. If you need more, contact us.

The short version

  • Native by default: every Sliick app is a managed package that runs inside your own Salesforce org. Nothing leaves your org unless you specifically turn on an optional feature that requires it.
  • Nothing shared by default: Sliick does not collect, store, or view your records, files, or photos. We don't operate a database of your business data.
  • Off-platform storage is optional and stays between you and your storage: if you connect Sliick Files to your own cloud (Amazon S3, Azure, Google Cloud, or SharePoint), files move directly between your Salesforce org and the storage account you own. Sliick brokers that connection with short-lived, scoped credentials, but does not keep a copy of the file.
  • Optional extras are the exception, and they're scoped to the task: features like Sliick Photos' automatic image processing (for example, converting iPhone HEIC photos) send the image being processed to a Sliick-operated service to perform that specific task, then it flows back into your chosen storage. That only happens for extras you've explicitly turned on.

Which apps this covers

  • Sliick Docs: generates PDF and Word documents from your records. Rendering runs natively in your org. Generated documents can optionally be sent to your own cloud storage via Sliick Files instead of Salesforce Files.
  • Sliick Files: a file management layer on your records. Files stay in Salesforce Files by default. You can optionally point uploads at your own cloud storage or Sliick Cloud Storage instead.
  • Sliick Photos: a photo gallery on your records. Images stay in Salesforce Files by default, with the same optional cloud storage choices as Files, plus an optional automatic photo processing extra described above.
  • Sliick Charts: renders charts natively from your record data. It makes no external calls and sends no data anywhere, by design.
  • Sliick Forms: captures form submissions from Experience Cloud or a public site and writes them straight to a Salesforce record. Submitted data lands in your org; we don't hold a separate copy of it.

What data our apps touch

Our apps read and write the Salesforce records, fields, and files you point them at, directly inside your org, using your org's own sharing rules, field-level security, and record access. We don't extract that data into infrastructure we operate. There's no separate Sliick-hosted copy of your business data sitting behind the scenes.

Optional off-platform storage

Salesforce Files is the default for every app. If you choose to connect your own cloud storage, that connection is between your org and the storage account you control:

  • Your own cloud (Amazon S3, Azure, Google Cloud, SharePoint): files are written to and read from the account you connected. Sliick's infrastructure issues short-lived, scoped access so your org and your storage can talk to each other, but the file contents don't pass through or persist on Sliick's servers.
  • Sliick Cloud Storage: this is a Sliick-hosted storage option we offer as an alternative to running your own bucket, built on Cloudflare R2. R2 lets us provision your storage in the region appropriate to you, using Cloudflare's supported location hints (for example, Oceania for Australia and New Zealand), rather than one fixed location for every customer. That's a location hint, not a hard jurisdictional guarantee: Cloudflare doesn't currently offer an enforced residency commitment for R2 outside its EU and US FedRAMP jurisdictions. If your organisation has a hard data residency requirement, tell us the region you need and we'll confirm whether we can meet it, or connect your own storage instead (SharePoint, S3, Azure, or Google Cloud) in a region you choose and control. If you use Sliick Cloud Storage, we treat that content as yours: it's used only to serve it back to your org, and we don't inspect, share, or use it for any other purpose.

Optional photo processing

Sliick Photos can automatically convert iPhone HEIC photos and optimise images on request. When you turn this on, the specific image being processed is sent to a Sliick-operated service to perform that conversion, then the result is written back into whichever storage you've configured (Salesforce Files or your connected cloud). We don't retain the image once processing is complete, and this only happens for uploads you've chosen to run through the feature.

What we don't do

  • We don't sell, rent, or share your data with third parties for marketing or advertising.
  • We don't use your records, files, or photos to train models.
  • We don't access data in your org outside of what's needed to run the app, or without your instruction, such as when you share something with us as part of a support request.

Security

Inside your org, our apps run as native managed packages that enforce your existing sharing rules, field-level security, and record access. Where an app talks to storage outside Salesforce, that connection uses short-lived, scoped credentials and encrypted transport rather than broad, standing access to your bucket. If a security incident affects your data, our Cyber Security Incident Response Plan and Personal Information Breach Response Plan set out how we respond and notify you.

Australian Privacy Principles

We contractually commit to every customer, in every jurisdiction, to handle personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth). See our Terms & Conditions for the binding commitment.

Data retention and uninstalling

Uninstalling an app removes its ability to access your org going forward, along with the app's own configuration data, following Salesforce's standard managed package uninstall behaviour. Files already delivered to your own cloud storage (S3, Azure, Google Cloud, SharePoint) remain in that account under your control; retention there is up to you. For files stored in Sliick Cloud Storage, we retain them for as long as your subscription to that storage is active, and you can export or delete them on request.

Children's privacy

Our apps are built for use inside a business's Salesforce org and are not directed at children. We do not knowingly process data relating to anyone under the age of 18 through these apps.

Changes to this policy

We may update this policy from time to time, particularly as we ship new optional features. We'll post the revised policy here and update the "Last updated" date above. Material changes to how an optional feature handles data will also be called out in that feature's release notes.

How this relates to our website privacy policy

This page covers the apps themselves. Our separate website privacy policy covers sliick.com: things like visiting the site, using the contact form, and cookies.

Contact us

If you have any questions about this policy or how a specific app handles your data, please contact us.