Security & Trust

Architecture: Your data never touches our servers

Zero infrastructure footprint

SalesHub does not operate its own data storage. All customer data resides in the customer's Salesforce org — the same environment you already trust for your CRM data.

Salesforce security model

Zero infrastructure footprint

Your existing Salesforce permissions, field-level security, sharing rules, and org-wide defaults govern access to all SalesHub data — no separate security model to manage.

No cross-border transfer by default

AppExchange Security Review approved

Data stays in your Salesforce region (US, EU, etc.). The only optional cross-border activity is transient AI analysis via Anthropic — which can be disabled entirely.

AppExchange Security Review approved

Our Network Design and Implementation services provide customized network solutions for your business. We will assess your needs, design a network architecture, and implement the solution to ensure your business runs smoothly.

Compliance: Built for enterprise compliance requirements

✓ GDPR

✓ CCPA / CPRA

EU General Data Protection Regulation compliant. DPA available on request.

✓ CCPA / CPRA

California Consumer Privacy Act compliant. No sale of personal data.

✓ AppExchange Security Review

Reviewed and approved by Salesforce. Listed on AppExchange.

✓ Salesforce Trust

✓ AppExchange Security Review

Inherits Salesforce's SOC 2 Type II and ISO 27001 platform certifications.

How we protect your data technically

Encryption

✓ All data in transit encrypted via TLS 1.2 or higher

✓ Data at rest encrypted via Salesforce AES-256 platform encryption

✓ API keys managed via Salesforce Named Credentials — never hardcoded

Access control

✓ Role-based access via Salesforce Permission Sets and Permission Set Groups

✓ Field-Level Security (FLS) on all PII fields — restricted by default

✓ No SalesHub employee can access data in your Salesforce org

✓ Criteria-based sharing rules for cross-team visibility control

Organizational measures

✓ Designated Privacy Officer (Rashed Chowdhury, Managing Partner)

✓ Privacy and security policies reviewed annually

✓ Vendor agreements include data processing obligations

✓ Incident response procedures documented and tested

AI data handling

✓ AI analysis features are optional and off-by-default in regulated deployments. When enabled, open-text responses are sent transiently to

✓ Anthropic Claude API - stateless, not stored, not used for training. When disabled, zero data leaves your Salesforce org under any circumstances

✓ Customers with strict data residency requirements should disable

✓ AI features - documented in our admin guide

Sub-processors: Our complete sub-processor list

Salesforce, Inc.

Platform

CRM platform and primary data storage. All customer survey data resides in the customer's Salesforce org. Customer's selected Salesforce region (NA, EU, AP, etc.)SOC 2 Type II, ISO 27001, GDPR. trust.salesforce.com

Anthropic PBC

AI analysis

AI-powered sentiment analysis and response classification for open-text survey responses. Processing is transient and stateless - Anthropic does not store or use data for model training. This feature can be disabled entirely in Application settings; when disabled, no data is transmitted to Anthropic under any circumstances. United States. API data not stored or trained on. anthropic.com/privacy

Incident Response: Our breach notification commitment

0h

Incident detected

Event Details

0h

Incident detected

Internal incident response team activated. Scope and impact assessment begins immediately

24h

Initial customer notification

Event Details

24h

Initial customer notification

Affected customers notified with initial information: what happened, what data was involved, what we are doing about it.

72h

Full notification (GDPR commitment)

Event Details

72h

Full notification (GDPR commitment)

Comprehensive notification sent within 72 hours, consistent with GDPR Article 33 standards. Notification includes nature of breach, categori...

Event Details

✔

Note on Salesforce-layer incidents

Event Details

✔

Note on Salesforce-layer incidents

Because your data resides in Salesforce, many breach scenarios would be governed by Salesforce's own incident response processes. See trust...

Event Details

Salesforce AppExchange Security Review Approved

Security & Trust

Architecture: Your data never touches our servers

Zero infrastructure footprint

Zero infrastructure footprint

Zero infrastructure footprint

Salesforce security model

Zero infrastructure footprint

Zero infrastructure footprint

No cross-border transfer by default

AppExchange Security Review approved

AppExchange Security Review approved

AppExchange Security Review approved

AppExchange Security Review approved

AppExchange Security Review approved

Compliance: Built for enterprise compliance requirements

✓ GDPR

✓ CCPA / CPRA

✓ CCPA / CPRA

✓ CCPA / CPRA

✓ CCPA / CPRA

✓ CCPA / CPRA

✓ AppExchange Security Review

✓ AppExchange Security Review

✓ AppExchange Security Review

✓ Salesforce Trust

✓ AppExchange Security Review

✓ AppExchange Security Review

How we protect your data technically

Encryption

Access control

Organizational measures

AI data handling

Sub-processors: Our complete sub-processor list

Salesforce, Inc.

Anthropic PBC

Incident Response: Our breach notification commitment

0h

Incident detected

0h

Incident detected

24h

Initial customer notification

24h

Initial customer notification

72h

Full notification (GDPR commitment)

72h

Full notification (GDPR commitment)

✔

Note on Salesforce-layer incidents

✔

Note on Salesforce-layer incidents

Privacy & Security Contact Have questions?

Privacy Officer

Mailing address

Send a note

Documents available

This website uses cookies.