ArgusWatch
Salesforce transparency, step by step

Clarity for complex Salesforce environments.

ArgusWatch helps with permissions, access governance, audit evidence, findings, cleanup, and monitoring — step by step, read-only, and with a clear path from snapshot to action.

For Salesforce admins, CRM owners, RevOps, and audit-adjacent teams.

How it works

From snapshot to security report — see it in action

Three steps, three real product views. Every screenshot below is redacted — no customer data leaves the demo.

01 · Snapshot

See every entity at a glance

A single read-only snapshot inventories your org: objects, fields, users, profiles, permission sets, roles, permission set groups, validation rules, flows, layouts, record types, Apex classes and triggers — with custom-vs-standard counts and coverage per type. No SOQL, no spreadsheets.

What lands in the overview
  • Object & field inventory with custom counts
  • Users, profiles, permission sets, permission set groups, roles
  • Automation: flows, validation rules, Apex classes & triggers
  • UI: layouts, record types
ArgusWatch snapshot overview showing loaded entities and coverage per type
02 · Deep Dive

Zoom into any object, profile, field or permission set

Pick any entity from the snapshot and launch a Deep Dive. ArgusWatch resolves the full context so you can review access, exposure and dependencies in one place — instead of clicking through Setup.

What a Deep Dive can uncover
  • Objects: R / E / D / View All / Modify All per profile & permission set
  • Objects: referencing layouts, record types, validation rules and flows
  • Fields: sensitivity classification, profile & permission-set access, formula & flow references, layout usage
  • Profiles & permission sets: effective access, assigned users, sensitive-field exposure
ArgusWatch profile Deep Dive with object-level R/E/D/View All/Modify All access
03 · Package Inspector

Pick entities from a package and drill deeper

Inside the Package Inspector you can pick individual entities — objects, fields, layouts, validation rules, Apex classes and triggers, flows — and merge them into a focused Deep Dive. Instead of running an org-wide analysis you get a targeted view of what actually happens on that scope: which fields exist and how they are typed, which validation rules fire (and whether they are active or inactive), which Apex triggers and classes touch the object, and which lookup and master-detail relationships connect it to other objects.

What a package-level Deep Dive resolves
  • Layouts, validation rules and all fields for the selected scope, in one place
  • Active vs. inactive validation rules and how many fields each one references
  • Apex classes and triggers that reference the object, with preview on demand
  • Lookup and master-detail relationships — both incoming and outgoing
  • Merge selected entities into one Deep Dive scope instead of scanning the whole org
Package Inspector Tiefenanalyse dialog listing layouts, validation rules and fields for an object (names redacted)
Package Inspector Apex classes and triggers referencing an object (names redacted)
Package Inspector references view — lookup and master-detail relationships pointing at an object (names redacted)
04 · Security Report

Cluster findings, decide, and prove the fix later

Findings are grouped into controls mapped to NIST, ISO 27001, CIS, DSGVO and Salesforce best practice. Per finding you can accept the risk with a rationale, promote it to an action, or trigger a follow-up Deep Dive for more evidence. Re-run the report later to compare and confirm the risk is actually resolved.

What you can do per finding
  • Accept risk with justification, owner and review date
  • Promote to an action and track it to completion
  • Trigger a follow-up Deep Dive for deeper evidence
  • Re-run the report and compare against the previous state
ArgusWatch security report with controls and finding cluster actions
Trust Center

Security, Hosting & Privacy at ArgusWatch

ArgusWatch analyses Salesforce permissions server-side and deterministically — without AI. This page answers the questions that security officers and data protection officers typically ask.

Last updated: 2026-06-16· security@arguswatch.de

EU hosting

Data and application in AWS EU (Ireland, eu-west-1). Migration to Germany (Frankfurt, eu-central-1) is planned.

Encryption

AES-256 at rest (AWS/Supabase standard), TLS 1.2+ in transit. Tenant isolation via database Row Level Security.

GDPR

Processing in the EU, DPA per Art. 28 on request, deletion and export via the workspace admin.

Hosting, Encryption & Access

Where your data lives, how it is protected and who can reach it.

GDPR, DPA & Sub-processors

Legal basis, contracts, and which providers are involved.

Salesforce data: scope, storage, deletion

What ArgusWatch reads from Salesforce — and what it does not.

Question still open?

Email us — we usually reply within one business day.

security@arguswatch.de

Responsible disclosure: please report security issues confidentially to security@arguswatch.de. No public tickets or social-media posts.