Security

The most secure place to generate documents is where the data already lives

Most document tools move your CRM data to their cloud to render files. Docable doesn't move it at all. That single architectural decision removes the hardest questions from your security review.

Architecture

One boundary. Nothing outside it.

Docable is a managed package installed in your org. Data models, templates, merge processing, PDF rendering and file storage all execute inside the Salesforce trust boundary your team already governs.

When your security team asks "where does the data go?", the answer is a sentence, not a data-flow diagram: it stays in your org.

Your Salesforce org

Records Docable engine Word / PDF Salesforce Files

Outside your org

External rendering servers

Vendor-cloud data processing

API keys & connectors

The model

Six facts your security review will like

Zero external callouts

The Docable package makes no HTTP callouts. There are no remote site settings, no named credentials and no third-party rendering APIs. Document generation — including PDF rendering — runs as Apex on the Salesforce platform.

Your data stays in your org

Record data, files, images and generated documents never transit Docable-owned infrastructure. We never see, store or process your data — there is no Docable cloud in the data path.

Permission sets, not guesswork

Packaged permission sets separate the people who configure data models, the people who manage templates and the people who generate documents. Access is explicit and reviewable.

Your sharing model applies

Generation runs in the user's context by default, so documents reflect what the running user is allowed to see. For automation, admins can explicitly choose an elevated system mode per Flow — a deliberate, auditable decision.

Output is Salesforce Files

Generated documents are saved as Salesforce Files on the records they belong to — covered by your existing sharing rules, retention policies, audit trails and backup strategy.

Metadata-backed configuration

Data models live in custom metadata and templates are Salesforce records with file version history — visible to your change management process like any other org configuration.

For reviewers

Verify it, don't take our word

Every claim on this page is inspectable in a sandbox install. Here's the checklist we hand security teams — bring your own scanner.

  • No HTTP callouts, remote site settings or named credentials in the package
  • No external rendering service — PDF conversion is performed on platform
  • No data leaves the org during generation, preview or bulk runs
  • Packaged permission sets for admin and end-user roles
  • Generated files stored via Salesforce Files (ContentVersion), inheriting org policies
  • Managed package (2GP) — namespace-isolated, upgradeable, uninstallable

Put it in front of your security team

We're happy to walk your security reviewers through the package, the permission model and the generation pipeline — and to support a sandbox evaluation with your own tooling.

No per-user fees. No per-document fees. Installs straight into your org.