
Clarity for complex Salesforce environments.
ArgusWatch helps with permissions, access governance, audit evidence, findings, cleanup, and monitoring — step by step, read-only, and with a clear path from snapshot to action.
For Salesforce admins, CRM owners, RevOps, and audit-adjacent teams.
From snapshot to security report — see it in action
Three steps, three real product views. Every screenshot below is redacted — no customer data leaves the demo.
See every entity at a glance
A single read-only snapshot inventories your org: objects, fields, users, profiles, permission sets, roles, permission set groups, validation rules, flows, layouts, record types, Apex classes and triggers — with custom-vs-standard counts and coverage per type. No SOQL, no spreadsheets.
- Object & field inventory with custom counts
- Users, profiles, permission sets, permission set groups, roles
- Automation: flows, validation rules, Apex classes & triggers
- UI: layouts, record types

Zoom into any object, profile, field or permission set
Pick any entity from the snapshot and launch a Deep Dive. ArgusWatch resolves the full context so you can review access, exposure and dependencies in one place — instead of clicking through Setup.
- Objects: R / E / D / View All / Modify All per profile & permission set
- Objects: referencing layouts, record types, validation rules and flows
- Fields: sensitivity classification, profile & permission-set access, formula & flow references, layout usage
- Profiles & permission sets: effective access, assigned users, sensitive-field exposure

Pick entities from a package and drill deeper
Inside the Package Inspector you can pick individual entities — objects, fields, layouts, validation rules, Apex classes and triggers, flows — and merge them into a focused Deep Dive. Instead of running an org-wide analysis you get a targeted view of what actually happens on that scope: which fields exist and how they are typed, which validation rules fire (and whether they are active or inactive), which Apex triggers and classes touch the object, and which lookup and master-detail relationships connect it to other objects.
- Layouts, validation rules and all fields for the selected scope, in one place
- Active vs. inactive validation rules and how many fields each one references
- Apex classes and triggers that reference the object, with preview on demand
- Lookup and master-detail relationships — both incoming and outgoing
- Merge selected entities into one Deep Dive scope instead of scanning the whole org



Cluster findings, decide, and prove the fix later
Findings are grouped into controls mapped to NIST, ISO 27001, CIS, DSGVO and Salesforce best practice. Per finding you can accept the risk with a rationale, promote it to an action, or trigger a follow-up Deep Dive for more evidence. Re-run the report later to compare and confirm the risk is actually resolved.
- Accept risk with justification, owner and review date
- Promote to an action and track it to completion
- Trigger a follow-up Deep Dive for deeper evidence
- Re-run the report and compare against the previous state

Security, Hosting & Privacy at ArgusWatch
ArgusWatch analyses Salesforce permissions server-side and deterministically — without AI. This page answers the questions that security officers and data protection officers typically ask.
EU hosting
Data and application in AWS EU (Ireland, eu-west-1). Migration to Germany (Frankfurt, eu-central-1) is planned.
Encryption
AES-256 at rest (AWS/Supabase standard), TLS 1.2+ in transit. Tenant isolation via database Row Level Security.
GDPR
Processing in the EU, DPA per Art. 28 on request, deletion and export via the workspace admin.
Hosting, Encryption & Access
Where your data lives, how it is protected and who can reach it.
GDPR, DPA & Sub-processors
Legal basis, contracts, and which providers are involved.
Salesforce data: scope, storage, deletion
What ArgusWatch reads from Salesforce — and what it does not.
Documents on request
Question still open?
Email us — we usually reply within one business day.
Responsible disclosure: please report security issues confidentially to security@arguswatch.de. No public tickets or social-media posts.