Salesforce lists twelve distinct categories of third parties with whom your personal data may be shared, ranging from service providers and affiliates to event sponsors, AppExchange partners, and public authorities.
This analysis describes what Salesforce's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The breadth of sharing categories means your personal data may reach a wide range of organizations beyond Salesforce itself. Understanding which categories are most likely to apply to your interactions helps you assess the real scope of data distribution.
Your personal data may be shared with a wide variety of third parties depending on how you interact with Salesforce, including event sponsors if you register for Salesforce events and AppExchange partners if you use Salesforce's app marketplace. Reviewing the full Privacy Statement's detailed descriptions of each category can help you understand what controls, if any, are available for specific sharing scenarios.
How other platforms handle this
We may share your personal information with our affiliates, meaning entities that control, are controlled by, or are under common control with Consensys. We also share information with service providers who assist in operating our services, subject to confidentiality obligations.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Loyalty and partner program companies. We share information with our loyalty and partner program companies, like Ulta Beauty and Marriott.
Monitoring
Salesforce has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may share Personal Data with various parties, including: service providers; Salesforce affiliates; event sponsors; partners; customers with whom you are affiliated and/or the applicable partner responsible for access to your services; contest and promotion sponsors; third-party networks and websites; Salesforce-affiliated App Exchange partners; professional advisors; third parties involved in a corporate transaction; third party accounts (in relation to Tableau); and public authorities.— Excerpt from Salesforce's Salesforce Privacy Statement
REGULATORY LANDSCAPE: Each sharing category creates distinct regulatory considerations. Sharing with public authorities engages law enforcement disclosure frameworks and transparency reporting obligations. Sharing in connection with corporate transactions (mergers, acquisitions) engages GDPR Article 6 legal basis requirements for new processing purposes. Sharing with Tableau third-party accounts reflects product-specific integrations that may involve separate terms. CCPA requires that the categories of third parties with whom personal information is shared be disclosed, which this provision addresses. GOVERNANCE EXPOSURE: Medium. The breadth of the list is not unusual for a company of Salesforce's scale and product diversity, but each category requires its own legal basis under GDPR and, for California residents, must be accurately reflected in the CCPA-required categories of disclosure. The inclusion of 'event sponsors' as a sharing category is notable because event registration data may be shared with sponsors beyond what attendees typically expect. JURISDICTION FLAGS: EU users have GDPR rights to know the specific recipients or categories of recipients of their data, which the full Privacy Statement is expected to address in more detail. California residents have CCPA rights to know the categories of third parties and can opt out of sale or sharing. The 'corporate transaction' category warrants particular attention in the event of a Salesforce acquisition, as it permits data transfer to new ownership. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers should review whether their employees' or end-users' data could be included in any of these sharing categories through their Salesforce engagements. The AppExchange partner sharing category is particularly relevant for enterprises that have deployed third-party apps within their Salesforce environment. COMPLIANCE CONSIDERATIONS: Legal teams should map which sharing categories apply to their organization's data and assess whether appropriate data processing agreements are in place with each category of recipient. The event sponsor sharing category should be reviewed against employee data use policies if employer data is captured at Salesforce events. Corporate transaction disclosures should be addressed in data retention and transfer protocols.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The breadth of sharing categories means your personal data may reach a wide range of organizations beyond Salesforce itself. Understanding which categories are most likely to apply to your interactions helps you assess the real scope of data distribution.
Your personal data may be shared with a wide variety of third parties depending on how you interact with Salesforce, including event sponsors if you register for Salesforce events and AppExchange partners if you use Salesforce's app marketplace. Reviewing the full Privacy Statement's detailed descriptions of each category can help you understand what controls, if any, are available for specific …
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Salesforce.