Skip to content
Who Sees What

Who Sees What: Revoking Access and Deleting Your Data

Effective Date: June 27, 2026

This page explains how to disconnect the Who Sees What Service from your Salesforce org and how to delete the data the Service holds about your organization. It is published by Stony Point, Inc., a Florida corporation, doing business as (“d/b/a”) Digadop (“Digadop,” “we,” “us,” or “our”), 8742 Peachtree Park Ct, Windermere, FL 34786, and it supplements the Digadop Master Privacy Policy and the Who Sees What Product Schedule.

1. Revoking the connection

You can revoke the Service’s access to your Salesforce org at any time, in either of these ways:

  • Sign out of Who Sees What. When you sign out, the Service deletes the encrypted Salesforce refresh token it holds for your session.
  • Revoke the connected app from within Salesforce. In Salesforce, an administrator can remove the Who Sees What connected app under the connected-app or OAuth-connected-apps settings. When the Service next attempts to use the connection and detects that it has been revoked (for example, an invalid_grant response from Salesforce), it deletes the stored encrypted refresh token.

After revocation, the Service can no longer read from your org. Any access-configuration data already stored from prior audits remains subject to the retention and deletion rules below until it is deleted.

2. What happens to the refresh token

The Salesforce refresh token is the credential the Service uses to re-read your access configuration over time. It is encrypted at rest using AWS Key Management Service (KMS) and is never stored in plain text. The token is deleted:

  • when you sign out of the Service, and
  • on detected revocation of the connection, including when Salesforce returns an invalid_grant response indicating the connection has been revoked.

3. Deleting your data

To delete the data the Service holds about your organization, email your request to privacy@digadop.com from an address associated with your account, or to legal@digadop.com, and we will process it. A deletion removes the access-configuration snapshots, preferences, telemetry, feedback, and the stored encrypted refresh token associated with your organization.

4. Deletion on account closure

On account closure or termination, we delete the data we store about your organization, including backups, within a commercially reasonable period.

5. Retention while your account is active

While your account is active, we retain audit-history snapshots, preferences, and account and telemetry data so the Service can show you history and trends. You can ask us to delete this data at any time using the email path in Section 3.

6. Contact

Questions about revoking access or deleting your data can be sent to privacy@digadop.com (Data Protection Officer: Steve Wasula) or to legal@digadop.com.

© 2026 Stony Point, Inc. d/b/a Digadop. Effective Date: June 27, 2026. Version 1.0.