Salesforce maintains a dedicated privacy documentation section that describes how personal information is collected, used, and protected across Salesforce services.
This analysis describes what Salesforce's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes that the primary data protection obligations and practices are documented in separate resources rather than incorporated directly into the terms. The operational significance is that users must consult referenced materials to understand the full scope of Salesforce's data protection commitments.
Interpretive note: The operative privacy terms are in a linked sub-document not reproduced here; the specific data handling practices, retention periods, and rights mechanisms cannot be assessed from this index page.
The privacy documentation section is where users and organizations can find information about what personal data Salesforce collects, how it is used, and what rights individuals have to access, correct, or delete their data. Reviewing this documentation is essential for understanding how your personal information is handled.
How other platforms handle this
Information You Provide may include sensitive personal information, as defined under applicable state privacy laws. We process such information in accordance with applicable law, such as to provide the Services and other permitted purposes under state privacy laws, like the California Consumer Priva...
Depending on where you live, you may have certain rights regarding your personal information. These rights may include the right to know what personal information we have collected about you, the right to delete your personal information, the right to correct inaccurate personal information, the rig...
Depending on where you live, you may have certain rights regarding your personal information, including: the right to know what personal information we have collected about you; the right to delete personal information we have collected from you; the right to correct inaccurate personal information;...
Monitoring
Salesforce has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Find resources and documentation on how Salesforce protects you and your information.— Excerpt from Salesforce's Salesforce Terms of Service
(1) REGULATORY LANDSCAPE: Salesforce's privacy documentation engages GDPR (for EU/EEA data subjects), CCPA and CPRA (for California residents), and potentially other applicable data protection laws depending on the jurisdiction of the data subjects involved. The EU Data Act reference elsewhere on this page adds an additional layer of data rights for EU customers. Enforcement authorities include EU data protection authorities for GDPR matters and the California Privacy Protection Agency and State AG for CCPA/CPRA matters. (2) GOVERNANCE EXPOSURE: Medium. The page points to a privacy documentation section without reproducing the operative privacy terms. Organizations that are Salesforce customers and process personal data through Salesforce products need to assess both Salesforce's privacy policy as it applies to their own relationship with Salesforce and the data processing terms that govern how Salesforce handles data belonging to the customer's end users. (3) JURISDICTION FLAGS: EU/EEA organizations face GDPR obligations and must ensure an appropriate legal basis and data processing agreement is in place with Salesforce. California-based organizations must assess CCPA/CPRA service provider obligations. Organizations in sectors such as healthcare should assess whether any personal health information processed through Salesforce products is subject to HIPAA. (4) CONTRACT AND VENDOR IMPLICATIONS: Privacy documentation alone is insufficient for GDPR compliance; organizations must have a data processing agreement with Salesforce that meets GDPR requirements. Procurement teams should verify that the applicable data processing addendum is executed and current before processing personal data through Salesforce services. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should review Salesforce's full privacy policy, obtain and review any applicable data processing addendum, map personal data flows into and out of Salesforce systems, and ensure data subject rights request processes account for data held by Salesforce. Annual review of these documents is advisable given the pace of regulatory change.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes that the primary data protection obligations and practices are documented in separate resources rather than incorporated directly into the terms. The operational significance is that users must consult referenced materials to understand the full scope of Salesforce's data protection commitments.
The privacy documentation section is where users and organizations can find information about what personal data Salesforce collects, how it is used, and what rights individuals have to access, correct, or delete their data. Reviewing this documentation is essential for understanding how your personal information is handled.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Salesforce.