CloudExtend has a security statement that addresses how your data is transmitted. Some customers have asked how their NetSuite credentials are secured. This article applies to CloudExtend Excel for NetSuite and CloudExtend Outlook for NetSuite.
Upon login, CloudExtend creates a session between the client that runs inside your Office application and CloudExtend's server that processes your data before sending it to NetSuite.
The session is maintained using a HTTP Header that is passed from an authenticated client, to the server, on each request it makes. This header value is generated by the server and returned to the client when you authenticate by providing your NetSuite credentials. The client keeps this value in memory to be used in subsequent requests. The server on the other hand, does not persist this value anywhere.
This value is generated by encrypting the user provided credentials, along with several other information, using a key stored securely on the server. The value is only decryptable to its original form on the server and is done so only when the server needs to relay a request from the client to NetSuite.