Salesforce and CCPA

At Salesforce, trust is our #1 value. Privacy compliance is paramount. The California Consumer Privacy Act ("CCPA") is a comprehensive privacy law that takes effect on January 1, 2020. While we believe a federal privacy law is necessary so that an individual’s privacy does not depend on their ZIP code, we welcome the CCPA as a step forward in shaping data protection requirements in the United States and as an opportunity for Salesforce to continue to strengthen its commitment to privacy and data protection.

The CCPA creates several new rights so individuals may control access and use of their personal information. These include the right to access or delete personal information collected by a business and the right to opt out of a "sale" of their personal information. The opt-out right is particularly significant because the CCPA defines "sale" in very broad terms that encompass many commonplace data sharing arrangements, even where no money is exchanged. However, transfers to "service providers" are not considered "sales."

Salesforce businesses and organizations subject to our Privacy Statement do not sell personal information.While we do share some data with trusted "service providers" to improve and market our services and to operate our websites, we do not allow any third parties to use the personal information we share with them for their own purposes.

 1Newly acquired companies and organizations may operate under different privacy terms.

What Can Our Customers Expect from our Products and Services?

With respect to our customers doing business in California, we are a "service provider" as defined in the CCPA. As a "service provider," we only use customer data and personal information as permitted in our customer agreements. The terms of our MSA and DPA meet the requirements in the CCPA for "service providers" and are sufficient for our customers to continue to use our services.

Resources and More information

For more information about the CCPA, we encourage you to read our CCPA FAQ and our Fiction vs. Fact white paper. Additionally, our Trust and Compliance Documentation provides more information about our privacy and security certifications and controls for each of our services. To learn more about how we can help you exercise your rights under the CCPA, visit our Privacy Page or you can go directly to our Privacy Statement.

We look forward to working with our customers on their CCPA compliance efforts.

Salesforce understands better customer experiences start with
data privacy.

Contact us if you have questions, comments, or requests related to Salesforce’s Privacy Statement, our data privacy practices, or how Salesforce embraces privacy and data protection laws.