Salesforce · Salesforce Terms of Service · View original document ↗

Privacy Information and Data Protection Reference

Medium severity Medium confidence Explicitdocumentlanguage Unique · 0 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for Salesforce Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

Salesforce maintains a dedicated privacy documentation section that describes how personal information is collected, used, and protected across Salesforce services.

This analysis describes what Salesforce's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

Privacy documentation governs how Salesforce handles personal data belonging to customers, website visitors, and individuals whose data is processed through Salesforce products, which is directly relevant to data rights and compliance obligations.

Interpretive note: The operative privacy terms are in a linked sub-document not reproduced here; the specific data handling practices, retention periods, and rights mechanisms cannot be assessed from this index page.

Clause Stability Stable

0
Changes
3
Months Monitored
May 9, 2026
First Seen
May 22, 2026
Last Seen
This clause type exists across 3350 other provisions on other platforms.

Consumer impact (what this means for users)

The privacy documentation section is where users and organizations can find information about what personal data Salesforce collects, how it is used, and what rights individuals have to access, correct, or delete their data. Reviewing this documentation is essential for understanding how your personal information is handled.

How other platforms handle this

Ledger Medium

At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.

Garmin Medium

If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...

Strava Medium

We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...

See all platforms with this clause type →

Monitoring

Salesforce has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
Find resources and documentation on how Salesforce protects you and your information.

— Excerpt from Salesforce's Salesforce Terms of Service

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

(1) REGULATORY LANDSCAPE: Salesforce's privacy documentation engages GDPR (for EU/EEA data subjects), CCPA and CPRA (for California residents), and potentially other applicable data protection laws depending on the jurisdiction of the data subjects involved. The EU Data Act reference elsewhere on this page adds an additional layer of data rights for EU customers. Enforcement authorities include EU data protection authorities for GDPR matters and the California Privacy Protection Agency and State AG for CCPA/CPRA matters. (2) GOVERNANCE EXPOSURE: Medium. The page points to a privacy documentation section without reproducing the operative privacy terms. Organizations that are Salesforce customers and process personal data through Salesforce products need to assess both Salesforce's privacy policy as it applies to their own relationship with Salesforce and the data processing terms that govern how Salesforce handles data belonging to the customer's end users. (3) JURISDICTION FLAGS: EU/EEA organizations face GDPR obligations and must ensure an appropriate legal basis and data processing agreement is in place with Salesforce. California-based organizations must assess CCPA/CPRA service provider obligations. Organizations in sectors such as healthcare should assess whether any personal health information processed through Salesforce products is subject to HIPAA. (4) CONTRACT AND VENDOR IMPLICATIONS: Privacy documentation alone is insufficient for GDPR compliance; organizations must have a data processing agreement with Salesforce that meets GDPR requirements. Procurement teams should verify that the applicable data processing addendum is executed and current before processing personal data through Salesforce services. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should review Salesforce's full privacy policy, obtain and review any applicable data processing addendum, map personal data flows into and out of Salesforce systems, and ensure data subject rights request processes account for data held by Salesforce. Annual review of these documents is advisable given the pace of regulatory change.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC has authority over unfair or deceptive privacy practices and oversees compliance with privacy-related consumer protection standards applicable to Salesforce's US-facing services
    File a complaint →

Applicable regulations

EU AI Act
European Union
CCPA/CPRA
California, USA
Colorado AI Act
US-CO
Connecticut Data Privacy Act Amendments
US-CT
CAN-SPAM
United States Federal
FTC Act Section 5
United States Federal
GDPR
European Union
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
Universal Opt-Out Mechanism Expansion 2026
US
VPPA
United States Federal

Provision details

Document information
Document
Salesforce Terms of Service
Entity
Salesforce
Document last updated
May 5, 2026
Tracking information
First tracked
April 27, 2026
Last verified
May 9, 2026
Record ID
CA-P-007660
Document ID
CA-D-00201
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
7c8740f523ee42b213fc88edccb5d46185174237c1a8ca31a8fe1a6da45c4db1
Analysis generated
April 27, 2026 14:22 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Salesforce
Document: Salesforce Terms of Service
Record ID: CA-P-007660
Captured: 2026-04-27 14:22:34 UTC
SHA-256: 7c8740f523ee42b2…
URL: https://conductatlas.com/platform/salesforce/salesforce-terms-of-service/privacy-information-and-data-protection-reference/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Salesforce's Privacy Information and Data Protection Reference clause do?

Privacy documentation governs how Salesforce handles personal data belonging to customers, website visitors, and individuals whose data is processed through Salesforce products, which is directly relevant to data rights and compliance obligations.

How does this clause affect you?

The privacy documentation section is where users and organizations can find information about what personal data Salesforce collects, how it is used, and what rights individuals have to access, correct, or delete their data. Reviewing this documentation is essential for understanding how your personal information is handled.

Is ConductAtlas affiliated with Salesforce?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Salesforce.