Spant
DocsProff ConnectData Model
Data Model

Data & Storage

Understanding how Proff Connect stores and manages data in Salesforce.

ProffConnect processes two categories of data inside Salesforce. This page explains how each type is handled, stored, and protected, and how the solution ensures data privacy and regulatory compliance.

1. Customer-Controlled Data (Mapped Fields)

This is data the customer explicitly chooses to store from the Proff API.

What this includes

Customers can map selected data points from the Proff API (e.g., company name, organisation number, company type) into:

  • Account
  • Contact
  • Lead

If a data point contains sensitive information, it is clearly labelled during the mapping process so the customer can make an informed choice before enabling storage.

How this data is handled

  • Customers decide what to store and where to store it
  • Data is inserted into standard Salesforce objects, inside the customer's org
  • ProffConnect enforces Salesforce security:
    • Object-level security (CRUD)
    • Field-level security (FLS)
    • Record-level security (Sharing)
  • No mapped data is ever sent outside Salesforce

Who controls it

The customer fully controls:

  • Which fields are mapped
  • Which objects receive Proff data
  • How long it is retained
  • Who can access it through Salesforce permissions

2. Insight Data in ProffConnect Custom Objects

This is non-sensitive business information stored in custom objects included with the package.

What this includes

These objects store structured business information such as:

  • Financial summaries
  • Company roles
  • Related industries
  • Announcements
  • Subsidiaries
  • Mortgages
  • Public trial data

All of this information is public business data provided by the Proff API.

Why it is stored

This data powers features such as:

  • Company Insight view
  • Contact Insight view
  • Bulk creation flows
  • Lead/Account enrichment
  • Segmentation and filtering

How this data is handled

  • Stored only after a user explicitly triggers an action (search, enrich, create)
  • Stored in isolated custom objects inside the managed package namespace
  • Subject to the customer's own access control:
    • Profiles
    • Permission sets
    • Sharing rules

What it does not include

  • No sensitive personal information
  • No confidential financial data
  • No internal customer business data

Was this article helpful?