Zero external callouts
The Docable package makes no HTTP callouts. There are no remote site settings, no named credentials and no third-party rendering APIs. Document generation — including PDF rendering — runs as Apex on the Salesforce platform.
Security
Most document tools move your CRM data to their cloud to render files. Docable doesn't move it at all. That single architectural decision removes the hardest questions from your security review.
Architecture
Docable is a managed package installed in your org. Data models, templates, merge processing, PDF rendering and file storage all execute inside the Salesforce trust boundary your team already governs.
When your security team asks "where does the data go?", the answer is a sentence, not a data-flow diagram: it stays in your org.
Your Salesforce org
Docable engine Word / PDF Salesforce Files Outside your org
External rendering servers
Vendor-cloud data processing
API keys & connectors
The model
The Docable package makes no HTTP callouts. There are no remote site settings, no named credentials and no third-party rendering APIs. Document generation — including PDF rendering — runs as Apex on the Salesforce platform.
Record data, files, images and generated documents never transit Docable-owned infrastructure. We never see, store or process your data — there is no Docable cloud in the data path.
Packaged permission sets separate the people who configure data models, the people who manage templates and the people who generate documents. Access is explicit and reviewable.
Generation runs in the user's context by default, so documents reflect what the running user is allowed to see. For automation, admins can explicitly choose an elevated system mode per Flow — a deliberate, auditable decision.
Generated documents are saved as Salesforce Files on the records they belong to — covered by your existing sharing rules, retention policies, audit trails and backup strategy.
Data models live in custom metadata and templates are Salesforce records with file version history — visible to your change management process like any other org configuration.
For reviewers
Every claim on this page is inspectable in a sandbox install. Here's the checklist we hand security teams — bring your own scanner.
We're happy to walk your security reviewers through the package, the permission model and the generation pipeline — and to support a sandbox evaluation with your own tooling.
No per-user fees. No per-document fees. Installs straight into your org.