What are the institutional and regulatory implications of this document?

This Privacy Statement engages GDPR (via Standard Contractual Clauses, Binding Corporate Rules, and Data Protection Officer designation), the EU-U.S. and Swiss-U.S. Data Privacy Frameworks, UK data protection law (UK BCRs), CCPA/CPRA (California residents' rights including opt-out of cross-context behavioral advertising), and APEC CBPR/PRP frameworks. Compliance and legal teams should note the explicit processor carve-out, the breadth of third-party data sharing categories, and the cross-border…

How does Salesforce's Salesforce Privacy Statement affect users?

Salesforce collects personal data from website visitors, event attendees, and anyone who communicates with them, and shares it with a broad range of third parties including partners, event sponsors, and advertising networks. Your data may be transferred and stored in the United States or other countries that may not offer equivalent privacy protections. You can submit a data rights request — including access, deletion, or opt-out of advertising data sharing — via the web form at https://www.sal…

How often is Salesforce's Salesforce Privacy Statement updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Salesforce updates this document?

Yes. Watcher subscribers ($9.99/month) can add Salesforce to their watchlist and receive same-day email alerts whenever this document or any other Salesforce document changes.

Salesforce Privacy Statement — Salesforce

10 Total

0 High severity

6 Medium severity

4 Low severity

Summary

This is Salesforce's privacy policy, explaining what personal information they collect about you when you visit their website, attend their events, or communicate with them, and how they use and share that information. Salesforce shares your data with service providers, partners, event sponsors, and affiliated companies, and may transfer it internationally. You have rights to access, correct, delete, or opt out of certain uses of your personal data by contacting Salesforce directly.

Technical Summary

This document is Salesforce's corporate Privacy Statement (effective August 26, 2025), governing the collection, use, sharing, and processing of Personal Data by Salesforce, Inc. and its affiliates acting as data controllers. It covers data collected through website interactions, marketing communications, events, office visits, and related activities, and establishes a comprehensive set of individual rights including access, rectification, erasure, portability, objection, and opt-out of cross-context advertising. The statement addresses international data transfers through mechanisms including EU Standard Contractual Clauses, EU-U.S. Data Privacy Framework, Swiss-U.S. DPF, and Binding Corporate Rules. Notably, Salesforce explicitly carves out its processor role on behalf of enterprise customers, limiting the statement's applicability in those contexts. Contact mechanisms are provided for rights requests via web form, email, phone, and postal address.

Evidence Provenance

Captured May 1, 2026 06:15 UTC

Document ID CA-D-000202

Version ID CA-V-001113

Source URL https://www.salesforce.com/company/privacy/

Wayback Machine View archived versions →

SHA-256 906367235ff8fca154a96b8875671b5ce81f50e21d644d966ef899d5c1e5e037

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed

Institutional Analysis

🔒 Institutional analysis locked

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Upgrade to Professional — $149/mo

Change Timeline

May 1, 2026 — Document updated low

Salesforce added a new 'Transparency Reports' section to their privacy policy on May 1, 2026. This section provides information about how Salesforce handles government requests for customer data, along with links to annual transparency reports dating back to 2020. This is a positive change for consumers as it gives them clearer visibility into how often and under what circumstances governments may access their data.

1 added · 1 modified
View diff → View full record →
90636723…
March 19, 2026 — Initial capture

Initial snapshot — monitoring begins

4a6e0302…

View full version history (0 captures) →

Analyzed Changes

1 change analyzed since monitoring began.

Updated May 1, 2026

low

What changed Salesforce updated their Salesforce Privacy Statement on May 01, 2026. Change detected: 1 sentence(s) added, 1 sentence(s) modified. Document contained 219 sentences after update.

Consumer impact Salesforce has added a dedicated section to its Privacy Statement linking to Transparency Reports that detail government requests for customer data from 2020 through the first half of 2025. This gives consumers and businesses greater insight into how frequently and under what circumstances law enforcement or government agencies may access their data held by Salesforce. You can review the linked transparency reports directly in the updated Privacy Statement to understand the volume and nature of government data requests made to Salesforce.

Why it matters The addition of transparency reports gives consumers and enterprise customers concrete, annually updated information about how often governments request access to Salesforce-held data. This supports informed risk assessments and strengthens trust in Salesforce's data governance practices.

Recent Clause-Level Changes May 1, 2026

10 provisions unchanged.

View full change record →

Medium Severity — 6 provisions

Processor Carve-Out

Salesforce's privacy policy does not apply when Salesforce is processing your data on behalf of one of its business customers — in that case, the business customer's privacy policy governs, not Salesforce's.

Added March 20, 2026
International Data Transfers

Your personal data may be transferred to and stored in the United States or other countries that may have different (potentially weaker) privacy laws than your home country.

Added March 20, 2026
Third-Party Data Sharing

Salesforce shares your personal data with a broad range of third parties including service providers, affiliated companies, event sponsors, advertising partners, and others.

Added March 20, 2026
Automated Decision-Making Opt-Out

You have the right not to be subject to decisions made solely by automated processes — including profiling — that have legal or similarly significant effects on you.

Added March 20, 2026
Advertising Data Sharing Opt-Out

Salesforce shares your personal data with advertising networks to show you ads on non-Salesforce websites and apps, but you can opt out of this sharing.

Added March 20, 2026
Minor's Data Protection

If you are under 16 years old (or the applicable age of consent in your jurisdiction), Salesforce requires you to opt in — rather than opt out — before certain disclosures of your personal data to third parties.

Added March 20, 2026

Low Severity — 4 provisions

Individual Privacy Rights

You have the right to access, correct, delete, restrict, or port your personal data, and to object to or opt out of certain processing activities including automated decision-making and advertising data sharing.

Added March 20, 2026
Data Privacy Framework Certification

Salesforce has certified compliance with the EU-U.S., Swiss-U.S., and UK Extension to the EU-U.S. Data Privacy Frameworks, committing to specific data protection standards for data transferred from those regions to the US.

Added March 20, 2026
Marketing Communications

Salesforce collects and uses your personal data to send you marketing communications, including emails and other outreach about its products and events.

Added March 20, 2026
Third-Party Dispute Resolution

If Salesforce cannot resolve your privacy complaint to your satisfaction, you can contact their U.S.-based third-party dispute resolution provider (TRUSTe/TrustArc) for free.

Added March 20, 2026

Cross-platform context

See how other platforms handle Advertising Data Sharing Opt-Out and similar clauses.

Compare across platforms →

Applicable Regulations

United States Federal

CAN-SPAM

United States Federal

GDPR

European Union