Review Trust and Compliance Documentation

We made seasonal updates to the Salesforce Trust and Compliance Documents.

Infrastructure and Sub-Processors

These changes have been made in the Infrastructure and Sub-Processors Documentation.

Sales Cloud, Service Cloud, Community Cloud, Chatter, Force.com, IoT Explorer (including IoT Plus), Site.com, Database.com, Einstein Analytics (including Einstein Discovery), Work.com, Financial Services Cloud, Health Cloud, Salesforce CPQ and Salesforce Billing

  • Scope: Clarified which IoT products are covered by this documentation. Clarified that Einstein Discovery, sold on or after October 16, 2018, is subject to different Documentation
  • Customer Data Processing: Added Messaging, Lightning Experience Readiness Check, Salesforce Optimizer, Lightning Experience Configuration Converter, Lightning Experience Welcome Mat, Sales Cloud Einstein Readiness Assessor, and Visualforce Check as tools or features that use Heroku, Inc. as a sub-processor.

B2B Commerce

  • No updates.

Commerce Cloud

  • Infrastructure - Customer Data Storage: Clarified the description of the table listing the countries and legal entities engaged in the storage of Customer Data.

Data.com

  • No updates.

Einstein Discovery Classic

  • Scope: Clarified that Einstein Discovery, sold on or after October 16, 2018, is subject to different Documentation.

“Einstein” (Sales Cloud Einstein, Pardot Einstein, Salesforce Inbox, Einstein Engagement Scoring, Einstein Vision and Language, Einstein Bots, Service Cloud Einstein and Einstein Prediction Builder)

  • Scope: Added Pardot Einstein, Service Cloud Einstein, and Einstein Prediction Builder Services.
  • Customer Data Storage: For Einstein Engagement Scoring, added EMEA Customer Regions and provided provided relevant storage details, including description of how it is determined where Customer Data is stored; Provided more detail on how Customer Data is stored for Einstein Bots.

Heroku

  • No updates.

Desk.com, Einstein Discovery, LiveMessage, Quip, and SalesforceIQ CRM Services

  • Scope: Clarified which Salesforce Services are covered by this documentation and which related services are covered by other trust and compliance documentation
  • Infrastructure - Customer Data Storage:
    • Removed Lightning LiveMessage as it is covered under other trust and compliance documentation.
    • Clarified names and editions for Einstein Discovery Classic and LiveMessage.

IoT Cloud

  • No updates.

Marketing Cloud

  • Scope: Added Datorama and Interaction Studio services throughout. Added Live Weather Block and Predictive Intelligence features.
  • Infrastructure - Customer Data Storage: Added Datorama and Interaction Studio services. Divided storage regions into Americas & APAC and EMEA Customer Regions and provided provided relevant storage details for each, including description of how it is determined where Customer Data is stored.
  • Customer Data Processing: Added Datorama third-party providers.
  • Content Delivery Networks: Added Datorama CDN.

MuleSoft

  • Infrastructure- Customer Data Storage: Removed Argentina as an AWS country of deployment.
  • Customer Data Processing: Corrected country list for Salesforce Affiliates. Clarified MuleSoft entities processing Customer Data. Clarified that Amplitude, Inc., Segment.io, Inc., Sumo Logic, Inc., and The Rocket Science Group LLC d/b/a MailChimp are processing Customer Data for non-storage purposes. Updated to reflect that Sumo Logic, Inc. processes Customer Data in the United Kingdom. Corrected Epidata S.A. and The Rocket Science Group LLC d/b/a MailChimp legal entity names. Updated to reflect Great Software Laboratory, Inc. is in the United States. Added clarification that Anypoint Partner Manager is supported by MuleSoft.

Pardot

  • No updates.

Salesforce DMP

  • No updates.

Notices and Licenses

These changes have been made in the Notices and Licenses Documentation.

Salesforce

  • Services Covered: Clarified which IoT services are covered by this document.
  • Updated to include additional information about Third-Party Platforms that can connect to the Services. Updated names of distributed software to be consistent with current branding.

B2B Commerce

  • No updates.

Commerce Cloud

  • No updates.

Data.com

  • No updates.

Desk.com

  • No updates.

Einstein Analytics

  • Clarified that Einstein Discovery, sold on or after October 16, 2018, is subject to this Documentation.

Einstein Discovery Classic

  • Clarified that Einstein Discovery, sold on or after October 16, 2018, is subject to different Documentation.

“Einstein” (Sales Cloud Einstein, Salesforce Inbox, Einstein Engagement Scoring, Einstein Vision and Language Services, and Einstein Bots)

  • Scope: Added Pardot Einstein, Service Cloud Einstein, and Einstein Prediction Builder Services.
  • Sales Cloud Einstein Third-party Notices: Clarified that only the Account News feature is offered as part of Sales Cloud Einstein, and not all of Account Intelligence features.

Heroku

  • No updates.

IoT Cloud

  • No updates.

LiveMessage and Messaging

  • Added the Messaging product to the NLI coverage scope.

Marketing Cloud

  • ExactTarget NLI:
    • Services Covered: Updated to include Interaction Studio.
    • Third Party Notices: Updated to include Accuweather for Live Weather Block feature; updated Bitly Terms of Service.
    • Distributed Software: Updated to include Order Form Supplements for Marketing Cloud mobile applications.
  • Datorama NLI:
    • Newly added NLI covering the Datorama Services.
  • Predictive Intelligence NLI:
    • Scope: Updated features list.
  • Social Studio NLI:
    • Third Party Notices: Added Coremetrics. Removed Shutterstock CustomFlashtock.

MuleSoft

  • Third Party Notices: Updated to include references to Third Party Platforms that connect to the MuleSoft Services via MuleSoft Premium and Select Connectors.
  • MuleSoft Services Policies: Removed reference to Salesforce Privacy Policy.

Pardot

  • No updates.

Quip

  • No updates.

Salesforce DMP

  • Third-Party Notices: Removed reference to Google Cloud Storage.

SalesforceIQ (SalesforceIQ CRM)

  • No updates.

Security, Privacy, and Architecture

These changes have been made in the Security, Privacy, and Architecture Documentation.

Sales Cloud, Service Cloud, Community Cloud, Chatter, Force.com, IoT Explorer (including IoT Plus), Site.com, Database.com, Einstein Analytics (including Einstein Discovery), Work.com, Financial Services Cloud, Health Cloud, Salesforce CPQ and Salesforce Billing, and Messaging

  • Services Covered: Added Messaging; Clarified which IoT services are covered by this document; Clarified that Einstein Discovery, sold on or after October 16, 2018, is subject to this Documentation.
  • Audits and Certifications: Clarified that Einstein Discovery and IoT Explorer (including IoT Plus) are not certified under HITRUST
  • Sensitive Data: Information related to an individual’s physical or mental health, and information related to the provision or payment of health care, can be submitted to IoT Explorer (including IoT Plus), but cannot be submitted to the Messaging or Einstein Discovery Services.
  • Third Party Functionality: Added third party information for Messaging.

B2B Commerce

  • No updates.

Commerce Cloud

  • No updates.

Data.com

  • No updates.

“Einstein” (Sales Cloud Einstein, Pardot Einstein, Salesforce Inbox, Einstein Engagement Scoring, Einstein Vision and Language, Einstein Bots, Service Cloud Einstein and Einstein Prediction Builder)

  • Services Covered: Added Pardot Einstein, Service Cloud Einstein, and Einstein Prediction Builder Services.
  • Architecture and Data Segregation: Clarified that Einstein Vision and Language does provide separate environments for different functions, especially for testing and production.
  • Security Policies and Procedures: Provided more detail on how Customer accesses data for Einstein Vision and Language via the API.

Heroku

  • Added additional SOC certifications.

IoT Cloud

  • No updates.

Desk.com, Einstein Discovery Classic, LiveMessage, Quip, and SalesforceIQ CRM Services

  • Services Covered: Clarified which Salesforce Services are covered by this documentation; Clarified that Einstein Discovery, sold on or after October 16, 2018, is subject to different Documentation.
  • Audits and Certifications: Added ISO certifications for certain Covered Services.
  • Deletion of Customer Data: Salesforce may delete data for Salesforce IQ CRM Customers 30 days after contract termination.

Marketing Cloud

  • Services Covered: Added Datorama and Interaction Studio services throughout. Added Live Weather Block and Predictive Intelligence features.
  • Audits and Certifications: Updated to include Datorama certifications. Updated to provide links to GCP security practices for hosting of backup Customer Data submitted to ExactTarget in EMEA, and to Azure’s security practices for hosting of Customer Data submitted to Datorama and Interaction Studio.
  • Security Controls: Updated to reflect security controls of Datorama and Interaction Studio and to add links to security documentation for GCP and Azure.
  • Reliability and Backup: Updated to reflect backup for Datorama and Interaction Studio.
  • Disaster Recovery: Updated to include Datorama. Removed standard target recovery objectives.
  • Viruses: Updated to include Datorama and Interaction Studio.
  • Data Encryption: Updated to include Datorama and Interaction Studio.
  • Return of Customer Data: Updated to include Datorama and Interaction Studio.
  • Deletion of Customer Data: Updated to reflect deletion of Customer Data from Social Studio and to include Datorama and Interaction Studio.
  • Sensitive Data: Updated to include Datorama and Interaction Studio.

MuleSoft

  • Audits and Certifications: Updated to reference Salesforce’s Privacy Shield certification.

Pardot

  • Audits and Certifications: Added ISO certifications.

Salesforce DMP

  • Audits and Certifications: Added ISO certifications.
  • Physical Security: Updated language to differentiate physical security at Salesforce offices from physical security at public cloud providers.