Data Cleanser
Stratus Cloud Solutions Stratus Cloud Solutions
Security

Your data never leaves Salesforce

Data Cleanser runs natively on the Salesforce platform — all matching, grouping, and merging happen inside your org. No data is ever copied to an external server.

Managed AppExchange package. Passed Salesforce's mandatory security review.

Native vs. third-party

The difference is where your data lives

Most dedup tools install a connected app, take OAuth API access, then copy your CRM data to their cloud to process it and push changes back. Data Cleanser does none of that — the work happens where your data already is.

Data Cleanser Salesforce-native
Typical third-party tool Copies data off-platform
Where processing happens
Inside your Salesforce org, in Apex
Copied out to the vendor's cloud to process
Data egress
None — your records stay in Salesforce
CRM records are extracted, then changes pushed back
External servers
None to run or trust
Vendor-operated infrastructure holds a copy
API tokens & OAuth secrets
None to issue, rotate, or leak
A connected app with standing API access
Permission model
Inherits your sharing rules, profiles & field-level security
Often a separate integration user with broad access
Added attack surface
None — nothing in transit, no middleware
Tokens, middleware, and data in transit to defend
Extra data processor / DPA
Not required — no third party touches your data
A new data processor to assess and cover

To be fair: some competitors are also Salesforce-native. Data Cleanser is architected so nothing ever leaves the org — and it inherits your org's permission model with zero added attack surface.

How it stays safe

Built so there is nothing to leak

Each of these follows from one architectural choice: keep the data — and the work — inside Salesforce.

Zero data egress

All processing happens in Apex on the Salesforce platform. There are no external HTTP callouts, no Named Credentials, and no Remote Site Settings anywhere in the package — your Account, Contact, and Lead data is never transmitted outside Salesforce.

No callouts · no Remote Site Settings

Inherits your Salesforce security model

The app respects org-wide defaults, sharing rules, profiles, permission sets, and field-level security. It runs in user mode and enforces CRUD and field-level security checks — so it can never read or modify a record the logged-in user isn't already allowed to access.

Runs WITH USER_MODE

No new attack surface

Because there is no external integration, there are no API tokens, OAuth secrets, or connection credentials that could be stolen or abused. There is no middleware to breach and nothing for an attacker to intercept in transit.

No tokens · no OAuth secrets

No third-party data processor

Your customer data is never shared with, stored by, or processed by another vendor. That removes the need for an additional Data Processing Agreement and eliminates the risk of a third-party breach exposing your CRM data.

No added DPA

Passed Salesforce AppExchange Security Review

Data Cleanser is a managed package that completed Salesforce's mandatory, rigorous security review — the same bar Salesforce sets for any app it lists. The package source is compiled and locked, protecting against source-level tampering.

Managed · compiled & locked

Your existing Salesforce compliance carries over

Because data stays in your org, the posture you already rely on from Salesforce keeps applying — compatible with Shield Platform Encryption, Event Monitoring, and Field Audit Trail if your org uses them, plus your data-residency guarantees. Confirm specifics against your edition and certifications.

Compatible with Shield · Event Monitoring

Hardened against injection

All database queries use parameterized bind variables, so user-supplied values can never be interpreted as query logic. That closes the door on SOQL injection across the package.

Parameterized bind variables

No external code or assets

The app loads no third-party CDN fonts, scripts, or trackers. Every asset is self-hosted within Salesforce, so there are no external resources that could be tampered with to compromise the page or exfiltrate data.

Self-hosted in Salesforce

Safe, auditable merges

Merging is irreversible, so the app is safe by default: it previews the surviving golden record and exactly what is kept versus lost before any merge, requires explicit confirmation for destructive actions, and records every run in history for a full audit trail.

Preview · confirm · full history
What this means for you

Less to review, less to defend

The architecture is not just safer in theory — it removes work from the people who evaluate, procure, and secure the tools you run.

Faster security review & procurement

No new vendor to risk-assess and no extra DPA to negotiate, because nothing leaves your org. The review is about an app, not a data pipeline.

No data-residency headaches

Your records stay under the data-residency and certifications your Salesforce org already provides — there is no second location to account for.

Nothing new for security to monitor

No middleware, no integration endpoints, and no standing API tokens to watch or rotate. There is simply no new perimeter to defend.

It can't exceed your users' permissions

Because it runs in user mode, the app can only touch records the logged-in user can already access. There is no separate permission system to get wrong.

For your reviewer

Questions a security review will ask

Does Data Cleanser make any external API callouts?

No. The package contains no HTTP callouts, no Named Credentials, and no Remote Site Settings. There is nowhere for data to be sent.

What permissions does it run with?

It runs in user mode (WITH USER_MODE) and enforces CRUD and field-level security, so it can never read or write a record the logged-in user cannot already access.

Is our data ever stored or processed outside Salesforce?

No. Matching, grouping, and merging all execute in Apex on the platform. No copy of your records is held anywhere else.

Do we need a separate DPA for Data Cleanser?

Because no data is shared with or processed by a third party, there is no additional data processor to cover. Confirm against your own legal requirements.

Was it independently security-reviewed?

Yes. It is a managed package that passed Salesforce's mandatory AppExchange Security Review, and the source is compiled and locked.

Does it work with Shield, Event Monitoring, or Field Audit Trail?

Yes — because data stays in your org, these are compatible and apply if enabled in your edition. Confirm the specifics for your org.

Put it in front of your security team

Get it on the AppExchange, or book a walkthrough built for reviewers — we will go through the architecture, the permission model, and the security review line by line.

Get a demo

See it in your own org

30 minutes, no slideware — just the product on your data. Tell us a little and we'll reach out within one business day.