Security & Trust

Governed AI for Salesforce teams that need control, review, and audit.

ConvoPro lets users create and share prompt buttons inside admin-defined boundaries. Salesforce permissions control access, admins define what AI can see and do, and data-changing actions route through human review before they run.

Salesforce permissions first. Admin boundaries second. Human review for data-changing actions. Audit visibility throughout.
Security operating modelGoverned from first use
01

Salesforce access

Users work through the Salesforce roles, profiles, permission sets, sharing rules, and record access your organization already manages.

Existing access
02

ConvoPro boundaries

Admins define approved data, tools, connectors, models, actions, rollout rules, and usage visibility for prompt buttons and workflows.

Admin policy
03

Human review

Data-changing actions route through human review according to configured rules before they run.

Review before write

Audit visibility

Admins can review usage, review decisions, action status, and promotion paths.

Reviewable activity
Salesforce aware accessUses the Salesforce access model your team already manages
Boundary first governanceAdmins define what AI can see, use, and trigger
Human review on writeCreate, update, send, delete, and trigger actions route through configured review rules
Usage and audit visibilityReview who ran what, what was reviewed, and what was promoted
Model and connector controlChoose approved models and connectors by policy
SSO and MFAEnforce your organization's existing single sign-on and multi-factor policies for every ConvoPro user
Security model

Security starts with Salesforce permissions, then adds ConvoPro boundaries.

Users move quickly inside the access and policies their organization approves. Salesforce controls record and field access. ConvoPro adds policy around prompts, tools, connectors, models, review rules, rollout, and usage visibility.

01

Salesforce access

Users work through the Salesforce roles, profiles, permission sets, sharing rules, and record access your organization already manages.

Existing access
02

ConvoPro boundaries

Admins define approved data, tools, connectors, models, actions, rollout rules, and usage visibility for prompt buttons and workflows.

Admin policy
03

Human review

Data-changing actions route through human review according to configured rules before they run.

Review before write
Boundary settings

Admins define what AI can see and do.

The boundary model gives admins practical control over the data, tools, models, actions, spend, review rules, and rollout paths available to teams.

Prompt buttons can be shared inside boundaries. Review applies when an action changes data or triggers downstream work.
Example policy viewAdmin controls
Salesforce accessFollows user permissions
ObjectsCase, Account, Opportunity
FieldsAllowed by permission set
External dataApproved connectors only
ToolsSummarize, draft, classify, update
ModelsApproved provider list
SpendUsage limits and visibility
ReviewRequired for data changes
RolloutAvailable by team, role, or workflow
Human review

Fast for read and draft work. Reviewed when actions change data.

ConvoPro lets teams move quickly on read, summarize, classify, analyze, and draft tasks. When a prompt button creates, updates, sends, deletes, or triggers an action, configured review rules route the action to a human before it runs.

Can move quickly inside boundaries

Read, summarize, classify, analyze, extract, and draft work moves quickly when it stays inside approved access and policy.

    Requires human review when configured

    Create, update, send, delete, route, and trigger style work routes through human review according to configured rules before execution.

      Review is tied to action risk, not to whether a prompt button can be shared.

      Data flow

      Clear data flow for evaluation teams.

      ConvoPro is designed around a clear operating path: Salesforce access first, admin-defined boundaries second, approved processing third, and human review before data-changing actions execute.

      01

      User starts in Salesforce

      A user runs a prompt button, workflow, or Studio request from the Salesforce work context.

      02

      Access and boundaries are checked

      The request is evaluated against Salesforce access and ConvoPro admin policy.

      03

      Approved context is processed

      Approved context, instructions, and tools needed for the task move through the configured processing path.

      04

      Result returns for review or action

      Read and draft results return to the user. Data-changing actions route through review before execution.

      ConvoPro installs in your Salesforce org and calls approved AI models through admin-configured connectors. Detailed data flow documentation is available for evaluation teams. Security, retention, and model-provider details depend on the selected ConvoPro configuration and customer requirements.

      Models & connectors

      Model and connector control without unmanaged sprawl.

      Model flexibility works when admins govern providers, credentials, connectors, tools, and usage visibility. ConvoPro manages model access through approved provider configurations for Claude, OpenAI, and Google.

      Approved model list

      ConvoPro manages model access through approved provider configurations for Claude, OpenAI, and Google. Admins govern which provider configuration is available to each workflow.

      Connector boundaries

      External sources and tools are approved by admins before use in prompt buttons or workflows.

      Credential control

      Credentials, named connections, and integration permissions are managed by admins, not individual users.

      Usage visibility

      Teams track usage and spend so adoption does not become an unmanaged cost center.

      Audit visibility

      See what was used, reviewed, and promoted.

      Audit visibility helps answer practical questions: who used AI, what context was used, what action was proposed, who reviewed it, and what changed.

      ConvoPro audit log
      Audit log — who ran what, what was reviewed, and what changed.
      Control matrix

      Controls evaluation teams can review.

      Use this matrix to see how ConvoPro approaches common security, governance, and procurement concerns during evaluation.

      ControlBuyer concernConvoPro approach
      Salesforce permissionsDoes AI bypass access?Access starts with Salesforce permissions, roles, profiles, permission sets, sharing rules, and record access.
      Object and field boundariesCan admins limit scope?Admins define approved objects, fields, tools, actions, rollout rules, and review rules.
      Connector governanceCan external tools be controlled?External sources and tools are approved by admins before use in prompt buttons or workflows.
      Human reviewCan risky actions be stopped?Data-changing actions route through human review according to configured rules before they run.
      Escalation rulesWhat happens when something fails or looks wrong?Failed or flagged actions route to a named human owner automatically.
      Audit logsCan activity be reviewed?Usage, reviewed actions, action status, and workflow promotion are visible for evaluation and governance.
      SSO and MFACan we enforce our existing identity policy?ConvoPro enforces your organization's single sign-on and multi-factor requirements.
      Model choiceCan we choose providers?ConvoPro manages model access through approved provider configurations for Claude, OpenAI, and Google. Admins govern which provider configuration is available to each workflow.
      Data retentionWhat is stored and for how long?Retention behavior is documented in the security packet for the selected configuration.
      Training useIs customer data used to train models?Model-handling details are provided for the selected configuration during evaluation.
      Security reviewIs AppExchange review complete?Current AppExchange review status is provided during evaluation and should be confirmed before procurement.
      ComplianceSOC 2, HIPAA, GDPR?Compliance claims are included only when documented.
      Security documentation

      Request the security packet.

      Evaluation teams can request ConvoPro security documentation, architecture notes, data flow detail, and current AppExchange review status.

      Current AppExchange review status and related security documentation are provided in the security packet.
      FAQ

      Security FAQ

      Answers for CIOs, Salesforce admins, security reviewers, and implementation teams.

      Does ConvoPro bypass Salesforce permissions?

      No. ConvoPro is designed around Salesforce access first, then ConvoPro admin-defined boundaries for data, tools, models, connectors, and actions.

      What actions require human review?

      Data-changing actions such as create, update, send, delete, or trigger style actions route through human review according to configured rules.

      Can users share prompt buttons without admin approval?

      Yes. Prompt buttons can be shared inside admin-defined boundaries. Human review is tied to data-changing actions, not sharing itself.

      What data leaves Salesforce?

      Approved context and instructions move through the configured processing path for the task. Evaluation teams can request the current data flow documentation for their selected configuration.

      Is customer data used to train AI models?

      Model-training and provider-handling details are documented for the selected configuration. Evaluation teams can request the current security packet before rollout.

      Does ConvoPro require Data Cloud?

      ConvoPro can often start without a broad Data Cloud program for the core prompt button and governed workflow model described on this page. Final architecture depends on the workflow, data sources, and customer configuration.

      Can we choose which model provider is used?

      Yes. ConvoPro manages model access through approved provider configurations for Claude, OpenAI, and Google. Admins govern which provider configuration is available to each workflow from the Console.

      Is AppExchange Security Review complete?

      Current AppExchange review status is provided during evaluation and should be confirmed with the ConvoPro team before procurement.

      What gets logged?

      Audit visibility includes usage, prompt button, review decision, action status, and promotion path. Specific fields and retention behavior are documented in the security packet.

      Can we limit rollout by team or role?

      Yes. Rollout can be planned by team, role, workflow, and policy needs during implementation.

      Does ConvoPro support SSO and MFA?

      Yes. ConvoPro enforces your organization's existing single sign-on and multi-factor requirements rather than introducing a separate identity system.

      Review ConvoPro with your security and Salesforce teams.

      Start with the control model: Salesforce permissions, admin-defined boundaries, human review for data-changing actions, audit visibility, and documented data flow.