SFMagic is a read-only natural-language layer over your Salesforce. Below is how the connection works, what we store (very little), and how to turn it off (one click, from inside Salesforce).
SFMagic queries Salesforce — it doesn't write, update, or delete records. The Connected App is configured with read-only OAuth scopes; the agent has no path to mutate your org. A misphrased question can't break anything.
Every question executes under the staff member's own Salesforce identity. Sharing rules, field-level security, and profile permissions stay in charge — Claude can't see what the user couldn't see in Salesforce themselves.
Tokens are stored encrypted at rest. Records aren't copied or cached on our side. Each question is a fresh SOQL query against your live org — what Claude reads is what's in Salesforce right now.
Standard Salesforce OAuth — connect from your admin's Setup, revoke from the same place. We delete the tokens server-side the moment you do. There's nothing to migrate off because nothing lived with us.
A Salesforce admin authorizes the SFMagic Connected App once. We get a short-lived access token plus a long-lived refresh token, both encrypted with AES-256-GCM in our database. The app's OAuth scopes are: api (read), refresh_token, id, profile, email — no write, no full.
Right after connect, we read your org's object metadata (which objects you have, which fields, picklist values) — not the records themselves. This is what feeds the onboarding agent that proposes a tool palette tailored to your data model.
When a team member opens SFMagic in Claude, claude.ai walks them through Salesforce OAuth on their own behalf. Their session is theirs — sharing rules, FLS, and profile permissions all apply as normal.
When the user asks a question, the MCP server runs a parameterized SOQL query against your org using the staff user's session. The query is logged in Salesforce's Login History like any other API call. Results stream back through Claude — never persisted on our side.
From Salesforce Setup → Connected Apps OAuth Usage → SFMagic → Revoke. We watch for the revocation server-side and delete the token record. The MCP endpoint stops accepting traffic for that tenant immediately.
Every SFMagic query is a Salesforce API call from a real Connected App, attributed to the staff user that authorized it. Your IT or admin team can see every call in Setup → Login History and Setup → Connected Apps OAuth Usage. There is no shadow channel.
Inside the SFMagic dashboard, every tenant admin can see their own usage analytics — total calls, error rate, p95 latency, per-tool breakdown, recent errors. No black box.
The detailed policies behind everything above — risk management, data retention, access management, encryption, change management, vulnerability management, disaster recovery, incident response, logging, sub-processors, secure development — are documented in full.
For enterprise procurement reviews or signed copies, email tim@timcox.co.
Found something concerning? Email tim@timcox.co. We acknowledge within 48 hours, patch Critical issues within 48 hours and High-severity within 7 days, and credit you publicly unless you ask us not to.
SFMagic is a small operation — no SOC 2 audit yet, no formal bug bounty program. What there is: documented policies, a developer who answers email, and fixes that ship the same day.