What License Reclaim stores, where, and what leaves your org.
Written to be specific enough to answer your DPO or privacy team in one read.
Where data lives
All License Reclaim data lives inside your Salesforce org. There is no License Reclaim cloud service, no shared database, and no off-platform processing tier. Data residency is whatever your Salesforce instance's residency is (US, EU, AU, etc.).
Salesforce objects License Reclaim reads
| Object | Fields | Purpose |
|---|---|---|
User | Id, Name, Email, IsActive, ProfileId, UserType, LastLoginDate, ManagerId, plus permission-set lookups | Identify candidates for reclamation; route approval to manager. |
LoginHistory | UserId, LoginTime, Status | Cross-check LastLoginDate for SSO patterns that don't update the User field. |
UserLicense | Id, Name, TotalLicenses, UsedLicenses | Compute per-license-type reclamation candidates. |
PermissionSetLicense | Id, Name | Detect PSL-based exemptions and license downgrade paths. |
Group, GroupMember | Standard fields | Safety check: queue/public-group membership warnings. |
Opportunity, Case, Lead | OwnerId, IsClosed, Stage/Status | Safety check: open-record ownership warnings. |
CronTrigger | OwnerId, State | Safety check: scheduled-job owner warning. |
Salesforce objects License Reclaim writes
| Object | Operation |
|---|---|
User.IsActive | Set to false on freeze/deactivate. Reversible until grace period expires. |
User.UserPermissionsLicensesGranted | Modified only on the optional license-downgrade flow (Serval Downgrade decision). |
LR_Policy__c | Customer-configured reclaim policies. |
LR_ReclaimCase__c | One record per user evaluated for reclamation. Includes safety check results. |
LR_DeactivationLog__c | Append-only audit trail. Every approval, freeze, deactivation, ITSM callback, and PSL-unassign. |
LR_SavingsEvent__c | Dollar-denominated savings event per reclaim. Reactivations create offsetting events. |
What leaves your org
The base package makes zero outbound calls. The following are opt-in per policy:
- Slack / Teams notifications (optional, per policy). Payload includes the policy name, the action taken (freeze / deactivate / reactivate), and the user's display name. No login history, no email body, no audit log content.
- ITSM ticket creation (optional, per policy). Payload includes the inactive user's display name, email, last-login date, and the policy context. The exact field-set is configured by the customer per provider.
What enters your org
- ITSM webhook callbacks (only when ITSM connectivity is enabled). The
inbound payload is the resolution tag (
lr_keeporlr_downgrade) and the ticket reference. License Reclaim verifies the signature before processing.
Telemetry
License Reclaim collects no telemetry. We don't see your usage. We don't see your savings numbers. If you need help, you can export the audit log or savings report and share it on your own terms.
Retention
- License Reclaim records (cases, audit log, savings events) follow your Salesforce data retention policy. They are not deleted by the package.
- Customers running into Salesforce storage limits can archive older LR records via standard Salesforce data archive tools — the package does not require historical data to operate.
Sub-processors
None. License Reclaim does not engage sub-processors because no customer data leaves the Salesforce org.
Backup and disaster recovery
License Reclaim inherits your Salesforce org's backup and DR. The customer is responsible for backing up Salesforce data (including LR custom objects) according to their own retention policy.
Questions? Reach out.