// Trust & Security Report

    Freshworks Inc. logo

    Freshworks Inc.

    Freshworks (Freshsales is the AI-powered Sales CRM; part of the broader Freshworks suite including Freshsales Suite, Freshdesk, Freshchat, Freshservice, Freshmarketer, all powered by Freddy AI)

    Certifications held

    11

    Maturity

    Enterprise

    Trains on your data

    Unknown

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    The Trust Center explicitly displays 'SOC 2 Type 2' among its certifications. Freshworks states it is 'audited by independent audit entities for ISO 27001, SOC 2, and other compliances at least once a year.'

    Verify on trust.freshworks.com
    SOC 1 Type II
    HELD

    Trust Center lists 'SOC 1 Type 2'. Freshworks 'has successfully achieved SOC 1 Type II attestation, covering the period from October 1, 2024, to October 31, 2025.'

    Verify on trust.freshworks.com
    SOC 3
    HELD

    Trust Center lists 'SOC 3' among published reports.

    Verify on trust.freshworks.com
    ISO/IEC 27001:2022
    HELD

    Trust Center lists 'ISO/IEC 27001:2022' and 'ISO/IEC 27001 SoA' (Statement of Applicability).

    Verify on trust.freshworks.com
    ISO/IEC 27701:2019
    HELD

    Trust Center lists 'ISO/IEC 27701:2019' (privacy information management).

    Verify on trust.freshworks.com
    CSA STAR Level 1
    HELD

    Trust Center lists 'CSA STAR Level 1'.

    Verify on trust.freshworks.com
    Cyber Essentials / Cyber Essentials Plus
    HELD

    Trust Center lists both 'Cyber Essentials' and 'Cyber Essentials Plus'.

    Verify on trust.freshworks.com
    TX-RAMP
    HELD

    Trust Center lists 'TX-RAMP' (Texas Risk and Authorization Management Program).

    Verify on trust.freshworks.com
    PCI DSS
    HELD

    PCI DSS was reported by a third-party aggregator but was NOT explicitly listed in the certifications section of the SafeBase Trust Center at verification time. Encryption page notes card data handling but no direct PCI attestation quote was confirmed on the vendor domain.

    Verify on trust.freshworks.com
    HIPAA
    HELD

    A third-party security profile states 'Freshworks is HIPAA Compliant,' but no HIPAA attestation or BAA statement was confirmed directly in the Freshworks Trust Center certification list. Treat as unverified for Freshsales specifically.

    Verify on trust.freshworks.com
    GDPR / EU-US, UK, Swiss Data Privacy Framework
    HELD

    Privacy Notice: 'While processing Personal Data we comply with the principles and rules of the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).' Trust Center also lists 'EU-US DPF', 'Swiss-US DPF', 'UK Extension to EU-US DPF', and 'CCPA'.

    Verify on freshworks.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Offered

    Data region

    Processing in United States, United Kingdom, and the EEA per Privacy Notice; Freshworks operates regional data centers (US, EU, India, Australia) on AWS, and offers data-region selection at provisioning.

    Nuanced. Freshworks states it 'does not use customer data to train third-party hosted generative models' and 'does not share customer data with any third-party providers for AI model training.' However, Freddy AI DOES use customer data from CONSENTING customers to train its own proprietary models: 'Custom Models' (trained only on that org's data, used exclusively in that account) and 'Collaborative Models' (trained on de-identified data from multiple customers). Customers can opt out at any time via support@freshworks.com, after which data is removed from training sets. Net: no third-party/foundation-model training on customer data; first-party model training is consent-based with opt-out, hence 'unknown/conditional' rather than a flat true or false.

    // Security controls

    Encryption at rest

    AES 256-bit encryption when data is encrypted at rest

    freshworks.com

    Encryption in transit

    HTTPS with TLS 1.2 encryption for data in transit

    freshworks.com

    Bug bounty platform

    HackerOne - 'We have partnered with HackerOne to handle security vulnerabilities identified in our products.' (public program at hackerone.com/freshworks)

    freshworks.com

    Penetration testing

    Application VAPT Report and Infrastructure VAPT Report published in Trust Center; 'Vulnerability Assessment and Penetration Test' and 'Code Analysis' documented under App Security

    trust.freshworks.com

    Access control

    Role-based access through IAM enforces segregation of duties, two-factor authentication, and end-to-end audit trails

    freshworks.com

    Hosting / infrastructure

    Hosted on AWS in dedicated VPCs (non-promiscuous mode), n+1 redundancy across multiple availability zones, daily snapshots retained 7 days, near real-time cross-AZ backups

    freshworks.com

    Security operations

    24x7 monitoring and situation awareness through detection, containment, and remediation of suspected or actual security incidents

    freshworks.com

    // Products & data scope

    FreshsalesAI-powered Sales CRM

    data: Lead/contact/deal CRM records, email and conversation data, intent scores; processed by Freddy AI for lead scoring, deal recommendations, and email drafting. Freshworks acts as Processor of this Hosted Data; the customer is the Controller.

    Core product. Freddy AI features can be enabled; customer data used for first-party model training only with consent and with opt-out.

    Freshsales SuiteCombined Sales + Marketing CRM

    data: Adds marketing automation, campaign, and email-engagement data on top of the Freshsales CRM scope. Same Processor relationship and Freddy AI scope.

    Unified sales+marketing CRM; broader marketing/PII processing than standalone Freshsales.

    Freddy AIEmbedded AI layer (across all Freshworks products)

    data: Generative + predictive AI. Does not train third-party/foundation models on customer data; trains first-party Custom and Collaborative models on consenting customers' data with opt-out.

    Shared AI engine; data-use governed by Freddy AI Trust Framework, distinct from base CRM data handling.

    // What to watch

    • AI training is conditional, not a flat no: Freddy AI trains Freshworks' own Custom and Collaborative models on CONSENTING customers' data (Collaborative Models use de-identified cross-customer data). Opt-out exists via support@freshworks.com. Buyers who never want their data in any model training must explicitly opt out.
    • HIPAA and PCI DSS were reported by third-party aggregators but NOT confirmed in the vendor's own Trust Center certification list at verification time. Do not advertise HIPAA/PCI for Freshsales without a signed BAA / direct attestation.
    • Full Trust Center documents (audit reports, VAPT reports) sit behind a SafeBase login/NDA gate; certification names are public but underlying reports require request access.
    • Enterprise-grade vendor: NYSE-listed Freshworks Inc., 74,000+ customers, mature security program with HackerOne bug bounty and annual third-party audits.

    // At a glance

    Pricing model

    Subscription SaaS, per-user per-month tiers starting at $9/user/month (Growth/Pro/Enterprise tiers); 21-day free trial, no credit card required

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Freshworks Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.freshworks.com

    > Browse all vendor trust reports