Terms of Service

HelloMavens runs the Salesforce Security Review questionnaire and report at this site. The questionnaire is free to use. Our scoring engine and benchmark mappings are open source. The report we produce is informational, not a legal or audit attestation. We provide it “as is” — see the disclaimers below.

The service is provided by HelloMavens(“we”, “us”, “HelloMavens”). For business or contract questions, contact mike@hellomavens.com.

By using the questionnaire, the report, or the consultant CLI you agree:

• To answer truthfully. The report's usefulness depends on the accuracy of your inputs.
• Not to attempt to bypass authentication, scrape per-customer reports, or use the service to attack any third party.
• That the report is informational and does not constitute a security audit, legal advice, or compliance attestation. It maps your inputs to the open Security Benchmark for Salesforce — a starting point, not a finish line.
• That HelloMavens may update the underlying benchmark, the scoring engine, or the questionnaire over time. Reports are timestamped with the engine and benchmark version; older reports remain readable but may not reflect current scoring rules.

If you're using the sf security review CLI (the consultant flow), you additionally agree:

• That you are authorized by the org owner to run a security review against the target Salesforce instance.
• That you accept the on-screen disclaimer about scope, data handling, and that the review reads metadata only — no records, no PII, no writes.
• That HelloMavens never sees your Salesforce credentials. The CLI uses your local sfdx auth; we receive only the scored evidence summary.

The scoring engine and the SBS control library are open source under the MIT license. You can audit the implementation, run it yourself, or fork it. The branded report templates, the closed app at this site, and the HelloMavens brand assets are not open source.

The Security Benchmark for Salesforce (SBS) standard itself is published by the Salesforce-Security-Benchmark project under CC BY-SA 4.0 and is independent of HelloMavens.

The questionnaire and resulting report are free. The optional paid offering is hands-on remediation or a deeper review by HelloMavens — that's a separate engagement under a separate contract, not governed by these Terms.

The service is provided “as is” without warranty of any kind. To the maximum extent permitted by law, HelloMavens disclaims all warranties, express or implied, including merchantability and fitness for a particular purpose.

The report is informational. It does not guarantee the absence of vulnerabilities, the presence of any specific control, or compliance with any standard. You and your organization remain responsible for your security posture and for verifying the report's findings before acting on them.

To the maximum extent permitted by law, HelloMavens's aggregate liability for any claim arising out of or related to the service is capped at USD $10. The questionnaire is provided free of charge; this cap reflects the absence of any paid consideration. Nothing in this section purports to limit liability for gross negligence, willful misconduct, or any other liability that cannot be limited or excluded under applicable law.

You can stop using the service any time. We can suspend or terminate access if the service is being abused or if we shut down the product, with reasonable notice where practical.

These Terms are governed by the laws of the State of Michigan, USA, without regard to conflict-of-laws principles. Disputes will be resolved in the state or federal courts located in Michigan.

When we make material changes, we'll bump the “Last updated” date at the top. Continued use after a change constitutes acceptance.

Terms questions: mike@hellomavens.com