Salesforce is a CRM and customer platform, reviewed for Einstein and Agentforce trust, sharing, tracking, retention, and organization controls.
75
Good
75
Good
Salesforce is stronger on admin control than on telemetry, so the real risk sits in tenant setup, integrations, and Data Cloud sprawl.
Salesforce is strongest where organizations can tightly govern fields, roles, environments, exports, and AI features through admin policy.
Its weakest area is the surrounding tracking and platform surface, where telemetry, connected products, and broad CRM data flows can pile up fast.
85
Good
Salesforce publishes privacy, trust, and AI-governance materials around customer-data processing.
Admins can decide where AI, Data Cloud, and related product features are enabled in the organization.
Salesforce distinguishes many customer workloads where it acts as processor or service provider rather than pure controller.
75
Good
55
Weak
75
Good
85
Good
Salesforce Privacy Page
Open: salesforce.com1. AI Use
Salesforce publishes privacy, trust, and AI-governance materials around customer-data processing.
2. AI Use
Admins can decide where AI, Data Cloud, and related product features are enabled in the organization.
3. Tracking
Salesforce distinguishes many customer workloads where it acts as processor or service provider rather than pure controller.
4. AI Use
Field permissions, role boundaries, and org setup can limit what sensitive CRM context reaches AI features.
5. AI Use
Salesforce says it may use AI to process personal data, including to develop and deploy AI systems.
6. AI Use
AI and Data Cloud features can process broad CRM context depending on org configuration.
Founded
Unknown
Founder
Unknown
Parent Company
Salesforce
Lifecycle
Active
Category
CRM & Customer Support
CEO
Unknown
Security Team
In house
Date Added
05-18-2026
Once you delete a chat, you cannot recover it. Deleting a chat removes it both from your visible chat history and the system after the retention window.
Field permissions, role boundaries, and org setup can limit what sensitive CRM context reaches AI features.
Salesforce says it may use AI to process personal data, including to develop and deploy AI systems.
AI and Data Cloud features can process broad CRM context depending on org configuration.
75
Good
Salesforce provides DPA, trust, security, and subprocessor documentation for enterprise review.
Many customer-service contexts are framed as processor or service-provider activity for customer-owned workloads.
Admins can use roles, field-level security, and access governance to narrow internal sharing.
AppExchange and integration choices are at least customer-governed rather than globally forced.
CRM data can still flow through apps, integrations, processors, marketplace tools, and admin-managed automations.
Salesforce also allows legal, public-source, and business-transfer disclosure paths.
55
Weak
Salesforce websites use cookies, web beacons, pixels, tags, and similar technologies.
The privacy statement also allows tailored advertising and cross-site activity collection on web properties.
Enterprise admins can manage permissions, data access, and AI feature availability inside the product environment.
Salesforce is primarily an enterprise SaaS platform rather than a public consumer advertising surface.
Cookie preferences and privacy choices are disclosed rather than hidden.
75
Good
Salesforce gives organizations administrative control over records, exports, and lifecycle workflows.
Role-based access, auditing, and security controls support more deliberate data-lifecycle management than many lighter SaaS tools.
Customer-controlled deployments and processor contexts let organizations set stronger internal rules for many workloads.
Trust and compliance documentation gives enterprises the information needed to review lifecycle implications across clouds.
Retention still depends on product cloud, org setup, legal requirements, backups, and connected systems.
AppExchange tools and integrations can duplicate or retain customer data outside the core record lifecycle.
85
Good
Admins have extensive roles, field-level security, export, audit, and privacy-request tooling.
Organizations can govern AI, Data Cloud, and connected feature access rather than leaving everything to individual users.
Salesforce publishes trust, privacy, and control documentation that helps teams understand what levers exist.
Identity and access controls such as MFA and related security features further narrow access to sensitive CRM data.
Controls require careful admin configuration and can vary by edition, product cloud, and add-on.
The large product surface makes it easy to create new sharing and AI paths unless teams govern them actively.
