Security & compliance
Built with security-first architecture. Your Salesforce data stays in your region, encrypted at rest and in transit.
Multi-region data residency
Choose where your data lives. UK (London), EU (Stockholm), or US (Virginia). Data never crosses region boundaries without your explicit consent.
Metadata only, no data backup
We store metadata snapshots (flows, Apex, layouts), not your production data records. This dramatically reduces risk and keeps storage costs near zero.
Encryption everywhere
All data encrypted at rest with AWS KMS (AES-256) and in transit with TLS 1.2+. Salesforce tokens encrypted with customer-managed keys in AWS Parameter Store.
OAuth-only connection
We connect to your Salesforce org via standard OAuth 2.0. We never store your Salesforce username or password. Revoke access from your Salesforce settings at any time.
Least-privilege access
Each API operation uses the minimum permissions needed. Read-only access for scans and analysis. Write access only when you explicitly request changes (rename, deploy, delete).
Complete audit trail
Every action in Pocavi is logged with an immutable audit trail. Who did what, when, and to which records. Exportable as compliance evidence for GDPR, SOX, or HIPAA audits.
Compliance status
| Standard | Status | Detail |
|---|---|---|
| UK GDPR | Compliant | Data processed and stored in UK (London) region |
| EU GDPR | Compliant | Data processed and stored in EU (Stockholm) region |
| CCPA | Compliant | Data processed in US (Virginia) for US customers |
| SOC 2 Type II | In progress | Targeting certification by Q4 2026 |
| ISO 27001 | Planned | On the roadmap for 2027 |