Review Trust and Compliance Documentation

We made seasonal updates to the Salesforce Trust and Compliance Documents.

Infrastructure and Sub-Processors

These changes have been made in the Infrastructure and Sub-Processors Documentation.

Sales Cloud, Service Cloud, Community Cloud, Chatter, Force.com, IoT Explorer, Site.com, Database.com, Einstein Analytics, Einstein Discovery, Work.com, Financial Services Cloud, Health Cloud, Salesforce CPQ and Salesforce Billing

  • Services Covered: Updated to include Einstein Discovery for Customers provisioned on or after October 16.
  • Customer Data Processing: Updated information
  • Content Delivery Networks: Added details for Communities CDN feature.

B2B Commerce

  • Updated to reflect new B2B Commerce branding
  • Customer Data Processing: Added additional location information for sub-processors
  • Content Delivery Networks: Added CDN for Community Cloud feature

Commerce Cloud

  • Customer Data Processing: Updated information to include mailing address for salesforce.com, inc.
  • Content Delivery Networks: Updated to reflect description of CloudFront uses

Data.com

  • Customer Data Processing: Updated information

Einstein Discovery Classic

  • Services Covered: Updated to reflect infrastructure change for new Customers on or after October 16, 2018

“Einstein” (Sales Cloud Einstein, Salesforce Inbox, Einstein Engagement Scoring, Einstein Vision and Language Services, and Einstein Bots)

  • Services Covered: Updated to reflect new Einstein Analytics Plus and Einstein Prediction Services
  • Customer Data Processing: Updated information

Heroku

  • Customer Data Processing: Updated information
  • Updated to use defined terms consistently

Desk.com, Einstein Discovery, LiveMessage, Quip, and SalesforceIQ CRM Services

  • Customer Data Processing: Updated information

IoT Cloud

  • Customer Data Processing: Updated information

Marketing Cloud

  • Scope: Updated to include Interaction Studio. Updated to reflect branding changes.
  • Customer Data Processing: Updated information to include mailing address for salesforce.com, inc. Updated to remove Data Intensity, LLC as a sub-processor and to add Heroku, Inc. as a sub-processor for Interaction Studio.

Pardot

  • Customer Data Processing: Updated information

Salesforce DMP

  • Infrastructure - Customer Data Storage: Updates to reflect branding changes.
  • Customer Data Processing: Revised list of non-storage processors of Customer Data (1) to include mailing address for salesforce.com, inc., and (2) to list Amazon Web Services, Inc.
  • Content Delivery Networks: Added section defining Content Delivery Networks (CDNs) and listing current CDN Fastly, Inc.

Notices and Licenses

These changes have been made in the Notices and Licenses Documentation.

Salesforce

  • Services Covered: Updated scope of Services Covered.
  • Service Cloud Snap-ins for Mobile: This section was added to provide information on third party functionality and terms.
  • Account Intelligence: Account Intelligence feature no longer subject to the Twitter terms of service.

B2B Commerce:

  • Updated to reflect new B2B Commerce branding

Einstein Analytics

  • Services Covered: Updated scope of Services Covered.

Einstein Discovery Classic

  • Services Covered: Updated scope of Services Covered.

“Einstein” (Sales Cloud Einstein, Salesforce Inbox, Einstein Engagement Scoring, Einstein Vision and Language Services, and Einstein Bots)

  • Services Covered: Updated scope of Services Covered.
  • Inbox: Added Google Places API as Non-SFDC Application
  • Inbox: Updated language on Gmail and Microsoft Outlook/Exchange as Non-SFDC Applications

Heroku

  • Quota & Limits: This section was added to provide information on hard/soft limits and the use of login credentials.

Marketing Cloud

  • Services Covered: Updated to reflect branding changes.
  • Advertising Studio: Updated to reflect third party terms associated with use of Onboarding Partners.
  • Interaction Studio: Updated to reflect terms associated with Interaction Studio.
  • Social Studio - Third Party Notices: Terms Applicable to Public Sector Use: Updated to reflect new Pass Through Terms from Twitter.

Pardot

  • Third Party Notices: Updated to reflect third party terms associated with use of Citrix GoToMeeting/GoToWebinar services.

Salesforce DMP

  • Use of Third-Party Data: Clarified the scope of the prohibition on a customer's export of Third-Party Data from the Salesforce DMP Services.

Security, Privacy, and Architecture

These changes have been made in the Security, Privacy, and Architecture Documentation.

Sales Cloud, Service Cloud, Community Cloud, Chatter, Force.com, IoT Explorer, Site.com, Database.com, Einstein Analytics, Work.com, Financial Services Cloud, Health Cloud, Salesforce CPQ and Salesforce Billing

  • Services Covered: Updated scope of Services Covered.
  • Audits and Certifications: Removed exceptions for IOT Explorer.

B2B Commerce:

  • Updated to reflect new B2B Commerce branding
  • Audits & Certifications: Removed reference to TLS 1.1 requirement

Commerce Cloud

  • Security Controls: Updated to reflect additional controls
  • Physical Security: Updated to clarify access controls systems
  • Return of Customer Data: Updated to clarify the return of customer data for environments with different Order End Dates
  • Deletion of Customer Data: Clarified that certain data is retained for Analytics purposes
  • Analytics: Clarified how certain Customer Data and Customer website data is used

Einstein Discovery Classic

  • Services Covered: Updated to reflect infrastructure change for new Customers on or after October 16, 2018

“Einstein” (Sales Cloud Einstein, Salesforce Inbox, Einstein Engagement Scoring, Einstein Vision and Language Services, and Einstein Bots)

  • Services Covered: Updated to reflect new Einstein Analytics Plus and Einstein Prediction Services
  • Analytics: Added language regarding the use of aggregated information that does not identify customers or individuals.

Heroku

  • Audits and Certifications: Added information on ISO 27001/27017/27018 certification and Service Organization Control report. Updated to clarify the applicability of the Payment Card Industry Data Security Standard.
  • Quota & Limits: This section was added to provide information on hard/soft limits and the use of login credentials.

Desk.com, Einstein Discovery, LiveMessage, Quip, and SalesforceIQ CRM Services

  • Services Covered: Updated scope of Services Covered.

Marketing Cloud

  • Services Covered: Added information related to Interaction Studio. Updated to reflect branding changes.
  • Third Party Functionality: Removed processing by AWS for publicly available content for Social Studio.
  • Audits and Certifications: Added EU-US Privacy Shield certification.
  • Security Controls: Updated security controls.
  • Security Policies and Procedures: Updated to clarify data maintained for log entries.
  • Physical Security: Updated to clarify security available in marketing cloud data centers
  • Deletion of Customer Data: Updated to clarify deletion process for Social Studio.

Salesforce DMP

  • Audits and Certifications: Updated to specify request process for SOC 2 reports.
  • Third-Party Functionality: Revised Third-Party Functionality section to state scope of third-party providers' activities.
  • Return of Customer Data: For clarity, revised to state that the data available for export is subject to the customer's lookback window in the associated Order Form.

Deletion of Customer Data: Revised Deletion of Customer Data section to state that the total deletion timeline is 90 days from deprovisioning.