Privacy

Privacy Statements

Learn about our commitment to privacy protection
Privacy Statement highlights ›

TRUSTe

Privacy Statement, effective as of April 12, 2017

Salesforce.com, inc. (“Salesforce,” “we,” “us,” “our,” or the “Company”) is committed to protecting the privacy of individuals who visit the Company’s Web sites (“Visitors”), individuals who register to use the Services as defined below (“Customers”), and individuals who register to attend the Company’s corporate events (“Attendees”). This Privacy Statement describes Salesforce’s privacy practices in relation to the use of the Company’s Web sites and the related applications and services offered by Salesforce (collectively, the “Services”), as well as individuals’ choices regarding use, access and correction of personal information.

Certain of Salesforce’s Services comply with the EU–U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively.  You can view a description of how we comply with the Privacy Shield Principles in our Privacy Shield Notice. Salesforce has certified to the Department of Commerce that the Services described in our Privacy Shield Notice adhere to the Privacy Shield Principles. To learn more about the Privacy Shield program and to view our certification, please visit the U.S. Department of Commerce’s Privacy Shield website here.  

If you have questions or complaints regarding Salesforce’s Privacy Statement or associated practices, please contact us here. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

 

 

1. Web sites covered

This Privacy Statement covers the information practices, including how the Company collects, uses, shares and secures the personal information you provide, of Web sites that link to this Privacy Statement (collectively referred to as “Salesforce’s Web sites” or “the Company’s Web sites”). 

AppExchange, https://www.appexchange.com, is an online marketplace for on-demand Web applications that run on the Company’s Force.com platform. Applications may be posted by Salesforce and third parties. When applications are posted by Salesforce and the application links to this Privacy Statement, this Privacy Statement applies. When applications are posted by third parties, the privacy statement of the third party applies, and this Privacy Statement does not apply.

Force.com Sites and Site.com enable Salesforce and Salesforce’s customers to create Web sites and applications that run natively on the Salesforce platform. When Force.com Sites or Site.com Web sites are posted by Salesforce, the site will link to this Privacy Statement, and this Privacy Statement applies. When Force.com Sites or Site.com Web sites are posted by third parties, the privacy statement of the third party applies, and this Privacy Statement does not apply.

Salesforce’s Web sites may contain links to other Web sites. The information practices or the content of such other Web sites is governed by the privacy statements of such other Web sites. The Company encourages you to review the privacy statements of other Web sites to understand their information practices.

 

2. Information collected

When expressing an interest in obtaining additional information about the Services, or registering to use the Web sites or other Services, or registering for an event, Salesforce requires you to provide the Company with personal contact information, such as name, company name, address, phone number, and email address (“Required Contact Information”). When purchasing the Services or registering for an event, Salesforce may also require you to provide the Company with financial qualification and billing information, such as billing name and address, credit card number, and the number of employees within the organization that will be using the Services (“Billing Information”). Salesforce may also ask you to provide additional information, such as company annual revenues, number of employees, or industry (“Optional Information”). When Visitors apply for a job with the Company, Salesforce may also require you to submit additional personal information as well as a resume or curriculum vitae (“Applicant Information”). Required Contact Information, Billing Information, Applicant Information, Optional Information and any other information you submit to Salesforce to or through the Services are referred to collectively as “Data.”

As you navigate the Company’s Web sites, Salesforce may also collect information through the use of commonly-used information-gathering tools, such as cookies and Web beacons (“Web Site Navigational Information”). Web Site Navigational Information includes standard information from your Web browser (such as browser type and browser language), your Internet Protocol (“IP”) address, and the actions you take on the Company’s Web sites (such as the Web pages viewed and the links clicked). For additional information about the collection of Web Site Navigational Information by Salesforce and others, please click here.

Through our “import contacts” feature option, we may also collect information such as the name, company name, address, phone number or email address of contacts that you choose to share with us.  When you provide us with personal information about your contacts, we will only use this information for the specific reason for which it is provided, such as to add new records to your Salesforce account. 

 

3. Use of information collected

The Company uses Data about Salesforce Customers to perform the services requested. For example, if you fill out a “Contact Me” Web form, the Company will use the information provided to contact you about your interest in the Services.

The Company also uses Data about Salesforce Attendees to plan and host corporate events, host online forums and social networks in which event Attendees may participate, and to populate online profiles for Attendees on the Company’s Web sites. Additional information on the Company’s privacy practices with respect to Data about Salesforce Attendees may be found in additional privacy statements on the event Web sites, as the case may be. Please see here for more information on bulletin boards, blogs or chat rooms provided by Salesforce in connection with its corporate events.

The Company may also use Data about Salesforce Customers and Attendees for marketing purposes. For example, the Company may use information you provide to contact you to further discuss your interest in the Services and to send you information regarding the Company, its affiliates, and its partners, such as information about promotions or events.

Salesforce may also receive information about Customers and Attendees from other sources, including third parties from whom we have purchased data, and combine this information with Data we already have about you.  This helps us to update, expand and analyze our records, identify new customers, and create more tailored advertising to provide products and services that may be of interest to you.

Salesforce uses credit card information solely to check the financial qualifications and collect payment from prospective Customers and Attendees.

Salesforce uses Web Site Navigational Information to operate and improve the Company’s Web sites. The Company may also use Web Site Navigational Information alone or in combination with Data about Salesforce Customers and Data about Salesforce Attendees to provide personalized information about the Company. For additional information about the use of Web Site Navigational Information, please click here.

Salesforce partners with third parties to display advertising on our Web sites and Services or to manage our advertising on other sites. Our third-party partners may use cookies or similar technologies provide you advertising based upon your browsing activities and interests. If you wish to opt out of interest-based advertising click here, or if located in the European Union click here. Please note you will continue to receive generic ads.

 

4. Web Site Navigational Information

Cookies, Web Beacons and IP Addresses
Salesforce uses commonly-used information-gathering tools, such as cookies and Web beacons, to collect information as you navigate the Company’s Web sites (“Web Site Navigational Information”). As described more fully below, we and our partners use these cookies or similar technologies to analyze trends, administer Web sites and Services, track users’ movements around our Web sites and Services, serve targeted advertisements and gather demographic information about our user base as a whole.  This section describes the types of Web Site Navigational Information used on the Company’s Web sites and Services, and how this information may be used.

Cookies
Salesforce uses cookies to make interactions with the Company’s Web sites easy and meaningful. When you visit one of the Company’s Web sites, Salesforce’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to Salesforce, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Me” or a “30 Day Free Trial” Web form), you remain anonymous to the Company.

Salesforce uses cookies that are session-based and persistent-based. Session cookies exist only during one session. They disappear from your computer when you close your browser software or turn off your computer. Persistent cookies remain on your computer after you close your browser or turn off your computer. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our Web sites or Services. 

The following sets out how salesforce.com uses different categories of cookies and your options for managing cookies’ settings:

Type of Cookies Description Managing Settings

Required cookies

Required cookies enable you to navigate the Company’s Web sites and use its features, such as accessing secure areas of the Web sites and using Salesforce Services.
If you have chosen to identify yourself to Salesforce, the Company may place on your browser cookies containing an encrypted, unique identifier. These cookies allow the Company to uniquely identify you when you are logged into the Web sites and Services and to process your online transactions and requests.

Because required cookies are essential to operate the Company’s Web sites and the Services, there is no option to opt out of these cookies.

Performance cookies

These cookies collect information about how Visitors use our Web sites and Services, including which pages visitors go to most often and if they receive error messages from certain pages. It is only used to improve how the Company’s Web sites and Services function and perform.
From time-to-time, Salesforce engages third parties to track and analyze usage and volume statistical information from individuals who visit the Company’s Web sites and Services, and to track the performance of the Company’s advertisements. Salesforce and its third-party partners may also utilize HTML5 local storage or Flash cookies for these purposes. Flash cookies and HTML local storage are different from browser cookies because of the amount of, type of, and how data is stored.

To learn how to opt out of performance cookies using your browser settings click here.
To learn how to manage privacy and storage settings for Flash cookies click here. Various browsers may offer their own management tools for removing HTML5 local storage.

Functionality cookies

Functionality cookies allow the Company’s Web sites and Services to remember information you have entered or choices you make (such as your username, language, or your region) and provide enhanced, more personal features.  These cookies also enable you to optimize your use of Salesforce’s Web sites and Services after logging in. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize.
Salesforce uses local shared objects, also known as Flash cookies, to store your preferences or display content based upon what you view on our Web sites and Services to personalize your visit.

To learn how to opt out of functionality cookies using your browser settings click here. Note that opting out may impact the functionality you receive when using Salesforce’s Web sites and Services.
To learn how to manage privacy and storage settings for Flash cookies click here.

Targeting or Advertising cookies

Salesforce sometimes uses cookies delivered by third parties to show you ads for Salesforce products and services that we think may interest you on any devices you may use and to track the performance of Company advertisements.  For example, in these cases, cookies remember information such as which browsers have visited the Company’s Web sites. The information provided to third parties does not include personal information, but this information may be re-associated with personal information after the Company receives it.
Salesforce also contracts with third-party advertising networks that collect IP addresses and other information from Web beacons (see below) on the Company’s Web sites and Services, from emails, and on third-party Web sites. Ad networks follow your online activities over time and across different sites or other online services by collecting Web Site Navigational Information through automated means, including through the use of cookies. These technologies may recognize you across the different devices you use, such as a desktop or laptop computer, smartphone or tablet. Third parties use this information to provide advertisements about products and services tailored to your interests. You may see these advertisements on other Web sites or mobile applications on any of your devices. This process also helps us manage and track the effectiveness of our marketing efforts. Third parties, with whom the Company partners to provide certain features on our Web sites or to display advertising based upon your Web browsing activity, use Flash cookies to collect and store information.  Flash cookies are different from browser cookies because of the amount of, type of, and how data is stored.

To learn more about these and other advertising networks and your ability to opt out of collection, please visit the opt-out pages of the Network Advertising Initiative, here, and the Digital Advertising Alliance, here.
To learn how to manage privacy and storage settings for Flash cookies click here. Various browsers may offer their own management tools for removing HTML5 local storage.

Web Beacons
Salesforce uses Web beacons alone or in conjunction with cookies to compile information about Customers and Visitors’ usage of the Company’s Web sites and interaction with emails from the Company. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular Web site or Service tied to the Web beacon, and a description of a Web site or Service tied to the Web beacon. For example, Salesforce may place Web beacons in marketing emails that notify the Company when you click on a link in the email that directs you to one of the Company’s Web sites. Salesforce uses Web beacons to operate and improve the Company’s Web sites, Services and email communications.


Log Files, IP Addresses, URLs and Other Data
As is true of most Web sites, we gather certain information automatically to analyze trends in the aggregate and administer our Web sites and Services.  This information may include your Internet Protocol (IP) address (or the proxy server you use to access the World Wide Web), device and application identification numbers, your location, your browser type, your Internet service provider and/or mobile carrier, the pages and files you viewed, your searches, your operating system and system configuration information, and date/time stamps associated with your usage. Due to Internet communications standards, when you visit or use the Company’s Websites and Services, we automatically receive the URL of the website from which you came and the website to which you go when you leave our Website. This information is used to analyze overall trends, to help us improve our Websites and Services, to track and aggregate non-personal information, and to provide the Websites and Services. For example, Salesforce uses IP addresses to monitor the regions from which Customers and Visitors navigate the Company’s Web sites. Salesforce also collects IP addresses from Customers when they log into the Services as part of the Company’s “Identity Confirmation” and “IP Range Restrictions” security features.


Social Media Features and Single Sign-on
The Company’s Web sites may use social media features, such as the Facebook “like” button (“Social Media Features”). These features may collect your IP address and which page you are visiting on the Company’s Web site, and may set a cookie to enable the feature to function properly. You may be given the option by such Social Media Features to post information about your activities on the Company’s Web site to a profile page of yours that is provided by a third party social media network in order to share with others within your network. Social Media Features are either hosted by a third party or hosted directly on the Company’s Web site. Your interactions with these features are governed by the privacy policy of the company providing the relevant Social Media Features. Salesforce also allows you to log in to certain of our Web sites and Services using sign-in services such as Facebook Connect. These services will authenticate your identity and provide you the option to share certain personal information with us such as your name and email address to pre-populate our sign-up form.


Do Not Track
Currently, various browsers — including Internet Explorer, Firefox, and Safari — offer a “do not track” or “DNT” option that relies on a technology known as a DNT header, which sends a signal to Web sites’ visited by the user about the user's browser DNT preference setting. Salesforce does not currently commit to responding to browsers' DNT signals with respect to the Company's Web sites, in part, because no common industry standard for DNT has been adopted by industry groups, technology companies or regulators, including no consistent standard of interpreting user intent. Salesforce takes privacy and meaningful choice seriously and will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.

 

5. Public forums, refer a contact, and customer testimonials

Salesforce may provide bulletin boards, blogs, or chat rooms on the Company’s Web sites. Any personal information you choose to submit in such a forum may be read, collected, or used by others who visit these forums, and may be used to send you unsolicited messages. Salesforce is not responsible for the personal information you choose to submit in these forums.

Customers and Visitors may elect to use the Company’s referral program to inform contacts about the Company’s Web sites and Services. When using the referral program, the Company requests the contact’s name and email address. Salesforce will automatically send the contact a one–time email inviting him or her to visit the Company’s Web sites. Salesforce does not store this information.

Salesforce posts a list of Customers and testimonials on the Company’s Web sites that contain information such as Customer names and titles. Salesforce obtains the consent of each Customer prior to posting any information on such a list or posting testimonials.

 

6. Sharing of information collected

Service Providers
Salesforce may share Data about Salesforce Visitors, Customers and Attendees with the Company’s contracted service providers so that these service providers can provide services on our behalf. These service providers are authorized to use your personal information only as necessary to provide the requested services to us.  Without limiting the foregoing, Salesforce may also share Data about Salesforce Visitors, Customers and Attendees with the Company’s service providers to ensure the quality of information provided, and with third–party social networking and media Web sites, such as Facebook, for marketing and advertising on those Web sites. Unless described in this Privacy Statement, Salesforce does not share, sell, rent, or trade any information with third parties for their promotional purposes.

Salesforce.com Affiliates 
The Company may share Data about Salesforce Customers with other companies in order to work with them, including affiliates of the Salesforce corporate group. For example, the Company may need to share Data about Salesforce Customers with other companies within the Salesforce corporate family for customer support, marketing, technical operations and account management purposes.

Business Partners
From time to time, Salesforce may partner with other companies to jointly offer products or services, such as our AppExchange partners. If you purchase or specifically express interest in a jointly–offered product or service from or through Salesforce, the Company may share Data about Salesforce Customers collected in connection with your purchase or expression of interest with our partner(s). Salesforce does not control our business partners’ use of the Data about Salesforce Customers that we collect, and their use of the information will be in accordance with their own privacy policies. If you do not wish for your information to be shared in this manner, you may opt not to purchase or specifically express interest in a jointly offered product or service.
Salesforce does not share Data about Salesforce Attendees with business partners unless: (1) you specifically opt in to such sharing via an event registration form; or (2) you attend a Company event and allow Salesforce or any of its business partners to scan your attendee badge. If you do not wish for your information to be shared in this manner, you may choose not to opt in via event registration forms and elect not to have your badge scanned at Company events.  If you choose to share your information with business partners in the manners described above, your information will be subject to the business partners’ respective privacy statements.

Third Parties
Section 4 of this Privacy Statement, Web Site Navigational Information, specifically addresses the information we or third parties collect through cookies and web beacons, and how you can control cookies through your Web browsers.  We may also disclose your personal information to any third party with your prior consent.

Billing
Salesforce uses a third-party service provider to manage credit card processing. This service provider is not permitted to store, retain, or use Billing Information except for the sole purpose of credit card processing on the Company’s behalf.

Compelled Disclosure
Salesforce reserves the right to use or disclose information provided if required by law or if the Company reasonably believes that use or disclosure is necessary to protect the Company’s rights and/or to comply with a judicial proceeding, court order, or legal process.

 

7. International transfer of information collected

The Company primarily stores Data about Salesforce Customers and Data about Salesforce Attendees in the United States. To facilitate Salesforce’s global operations, the Company may transfer and access such information from around the world, including from other countries in which the Company has operations. A list of the Company’s global offices is available here. This Privacy Statement shall apply even if Salesforce transfers Data about Salesforce Customers or Data about Salesforce Attendees to other countries.

 

8. Communications preferences

Salesforce offers Visitors, Customers, and Attendees who provide contact information a means to choose how the Company uses the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of the Company’s marketing emails. Additionally, you may unsubscribe here or by contacting us using the information in the “Contacting Us" section below.

 

9. Correcting and updating your information

Salesforce may retain your information for a period of time consistent with the original purpose of collection. For instance, we may retain your information during the time in which you have an account to use our Web sites or Services and for a reasonable period of time afterward. We also may retain your information during the period of time needed for Salesforce to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes and enforce our agreements.

You may request to review, correct, delete or otherwise modify any of the personal information that you have previously provided to us through the Company’s Web sites and Services.  If you have registered for an account with Salesforce, you may generally update your user settings, profile, organization’s settings or event registration by logging into the applicable Website or Service with your username and password and editing your settings or profile. To update your billing information, discontinue your account, and/or request return or deletion of Your Data associated with your account, please contact your account representative or the customer service team for the applicable Service (including Salesforce, Marketing Cloud, Desk.com, Pardot and Heroku).  For other requests to access, correct, modify or delete Your Data, please review the “Contacting Us” section below.  Requests to access, change, or delete your information will be addressed within a reasonable timeframe. If you are an employee of a Salesforce customer, you may also wish to contact your company’s system administrator for assistance in correcting or updating your information.

 

10. Customer Data

Salesforce’s Customers may electronically submit data or information to the Services for hosting and processing purposes (“Customer Data”). Salesforce will not review, share, distribute, or reference any such Customer Data except as provided in Salesforce’s Master Subscription Agreement, or as may be required by law. In accordance with Salesforce’s Master Subscription Agreement, Salesforce may access Customer Data only for the purpose of providing the Services or preventing or addressing service or technical problems or as may be required by law. Additional information about the Company’s privacy and security practices with respect to Customer Data is available here.

Salesforce acknowledges that you have the right to access your personal information.  If personal information pertaining to you as an individual has been submitted to us by a Salesforce customer and you wish to exercise any rights you may have to access, correct, amend, or delete such data, please inquire with our customer directly. Because Salesforce personnel have limited ability to access data our customers submit to our Services, if you wish to make your request directly to Salesforce, please provide the name of the Salesforce customer who submitted your data to our Services.  We will refer your request to that customer, and will support them as needed in responding to your request within a reasonable timeframe.

 

11. Security

Salesforce uses robust security measures to protect Data about Salesforce Customers and Data about Salesforce Attendees. Because the Company uses the Services to maintain Data about Salesforce Customers and Data about Salesforce Attendees, this information, which is stored in the Services, is secured in the same manner as described here.

 

12. Mobile applications

Without limiting the generality of this Privacy Statement, in addition to information gathered through its Web sites or submitted to its Services, Salesforce may obtain information through applications (“Mobile Applications”) that Customers or their authorized individuals (“Users”) download to, and run on, their mobile devices (“Devices”). Mobile Applications provided by Salesforce may obtain information from, or access data stored on, Users’ Devices to provide services related to the relevant Mobile Application. For example, a Mobile Application may: access a camera on a User’s Device to enable the User to upload photographs to the Services; access the call history on a User’s Device to enable the User to upload that information to the Services; access calendar information on a User’s Device to enable the User to match meeting attendees with contacts submitted by the User to the Services; access the geographic location of a User’s Device to enable the User to identify contacts submitted by the User the Services who are nearby; or access contact information on a User’s Device to enable the User to sync contact information between the information that is stored on the User’s Device and the information that is submitted to the Services. Information obtained to provide Mobile Application services may include information obtained in preparation for anticipated updates to those services. Mobile Applications may transmit information to and from Devices to provide the Mobile Application services.

Mobile Applications may provide Salesforce with information related to Users’ use of the Mobile Application services, information regarding Users’ computer systems, and information regarding Users’ interaction with Mobile Applications, which Salesforce may use to provide and improve the Mobile Application services. For example, all actions taken in a Mobile Application may be logged, along with associated information (such as the time of day when each action was taken). Salesforce may also share anonymous data about these actions with third party providers of analytics services. In addition, if a User downloads a Salesforce Mobile Application after clicking on a third-party mobile advertisement for the Mobile Application or for Salesforce, the third-party advertiser may provide Salesforce with certain information, such as the User’s Device identification information, which Salesforce may use to track the performance of its advertising campaigns.

Customers may configure Salesforce Mobile Application services, and the information accessed or obtained by the Mobile Application on a User’s Device may be affected by the Customer’s configuration. In addition, if a Customer purchases more than one Service from Salesforce and its affiliates, a Mobile Application may be designed to interoperate with those Services; for instance, to provide a User with access to information from any or all of those Services or to provide information from a User’s Device to any or all of those Services. Information accessed or obtained by the Mobile Application on a User’s Device may be accessible to the Customer and its organization, depending on the intended functionality of the Mobile Application. Salesforce may provide updated versions of its Mobile Applications. If your mobile device’s settings permit, those updates will be downloaded and installed automatically on your mobile device. By installing a Salesforce Mobile Application on your mobile device, you consent to the downloading and updating of that Mobile Application.

In addition to Mobile Applications offered by Salesforce, the Company may offer platforms for the creation of third-party Mobile Applications, including but not limited to the Salesforce1 platform. Third parties may obtain information from, or access data stored on, Users’ Devices to provide services associated with any third-party Mobile Applications that Users download, install, use, or otherwise interact with over a Salesforce platform. Salesforce’s Mobile Applications may also contain links or integrations to other Mobile Applications provided by third parties. Third parties’ use of information collected through third-party Mobile Applications is governed by the privacy statements of such third parties. The Company encourages you to review the privacy statements of third-party providers of Mobile Applications to understand their information practices.

Notices and contractual terms related to a particular Mobile Application may be found in the End User License Agreement or relevant terms of service for that application. The Company encourages you to review the End User License Agreement or relevant terms of service related to any Mobile Applications you download, install, use, or otherwise interact with to understand that Mobile Application’s information practices. The Mobile Application’s access to information through a User’s Device does not cause that information to be "Customer Data" under Salesforce’s Master Subscription Agreement with the Customer or under this Privacy Statement, except as follows: To the extent that a User uses a Mobile Application to submit electronic data and information to a Customer account on our Services pursuant to the Customer's Master Subscription Agreement with Salesforce (or a similar agreement that governs the Customer’s subscription(s) to Salesforce’s Services), that information constitutes “Customer Data” as defined in such agreement, and the provisions of that agreement with respect to privacy and security of such data will apply. Additional information about the Company's privacy and security practices with respect to Customer Data is available here.

 

13. Changes to this Privacy Statement

Salesforce reserves the right to change this Privacy Statement. Salesforce will provide notification of the material changes to this Privacy Statement through the Company’s Web sites at least thirty (30) business days prior to the change taking effect.

 

14. Contacting us

Questions regarding this Privacy Statement or the information practices of the Company’s Web sites and Services should be directed to Salesforce Privacy by filling out this form or by mailing us at:
Salesforce Privacy
The Landmark @ One Market Street, Suite 300
San Francisco, CA 94105