// Trust & Security Report

    Salesforce, Inc. logo

    Salesforce, Inc.

    Salesforce Einstein (AI for the Salesforce Platform: Einstein Trust Layer, Einstein Copilot/Agentforce, Einstein Generative AI, Einstein Predictions/Discovery)

    Certifications held

    19

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    ISO 27001
    HELD

    ISO 27001 - Salesforce Compliance Site (listed under categories on Salesforce's compliance portal)

    Verify on compliance.salesforce.com
    ISO 27017
    HELD

    ISO 27017 (listed verbatim among Salesforce compliance categories)

    Verify on compliance.salesforce.com
    ISO 27018
    HELD

    ISO 27018 (listed verbatim among Salesforce compliance categories)

    Verify on compliance.salesforce.com
    ISO 42001 (AI Management System)
    HELD

    ISO 42001 (listed verbatim among Salesforce compliance categories)

    Verify on compliance.salesforce.com
    ISO 22301
    HELD

    ISO 22301 (listed verbatim among Salesforce compliance categories)

    Verify on compliance.salesforce.com
    ISO 9001
    HELD

    ISO 9001 (listed verbatim among Salesforce compliance categories)

    Verify on compliance.salesforce.com
    SOC 1
    HELD

    SOC 1 (listed verbatim among Salesforce compliance categories)

    Verify on compliance.salesforce.com
    SOC 2
    HELD

    SOC 2 reports covering controls around security, availability, and confidentiality of customer data; SOC 2 reports available on the compliance portal (e.g. 'SOC 2 Report - Salesforce Services on First Party').

    Verify on compliance.salesforce.com
    SOC 3
    HELD

    SOC 3 (listed verbatim among Salesforce compliance categories)

    Verify on compliance.salesforce.com
    PCI DSS
    HELD

    PCI DSS (listed verbatim among Salesforce compliance categories)

    Verify on compliance.salesforce.com
    HIPAA
    HELD

    HIPAA (listed verbatim among Salesforce compliance categories; Salesforce offers BAA-covered services)

    Verify on compliance.salesforce.com
    HITRUST
    HELD

    HITRUST (listed verbatim among Salesforce compliance categories)

    Verify on compliance.salesforce.com
    FedRAMP (High and Moderate)
    HELD

    FedRAMP High / FedRAMP Moderate (both listed verbatim among Salesforce compliance categories)

    Verify on compliance.salesforce.com
    DoD Impact Levels (IL2/IL4/IL5)
    HELD

    DoD IL2 / DoD IL4 / DoD IL5 (listed verbatim among Salesforce compliance categories)

    Verify on compliance.salesforce.com
    CSA STAR
    HELD

    CSA STAR (listed verbatim among Salesforce compliance categories)

    Verify on compliance.salesforce.com
    TISAX
    HELD

    TISAX (listed verbatim among Salesforce compliance categories)

    Verify on compliance.salesforce.com
    C5 (ISAE 3000)
    HELD

    C5 (ISAE 3000) (listed verbatim among Salesforce compliance categories)

    Verify on compliance.salesforce.com
    IRAP / ISMAP / TX-RAMP / IL national schemes (ENS, NEN 7510, etc.)
    HELD

    IRAP, ISMAP, TX-RAMP, Spain Esquema Nacional de Seguridad (ENS), NEN 7510 all listed verbatim among Salesforce compliance categories

    Verify on compliance.salesforce.com
    GDPR / EU Cloud Code of Conduct / U.S. Data Privacy Framework / BCRs
    HELD

    GDPR, EU Cloud Code of Conduct, U.S. Data Privacy Framework (DPF), Salesforce BCRs all listed verbatim among Salesforce compliance categories

    Verify on compliance.salesforce.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Multi-region. Hyperforce supports data residency in selected regions (US, EU, APAC, etc.); Einstein generative features route through the Trust Layer with regional model hosting options.

    The Einstein Trust Layer enforces a Zero Data Retention agreement with external LLM providers (e.g., OpenAI/Azure OpenAI): prompts and generated responses are not stored by the model provider and are not used to train the third-party LLMs. Per Salesforce documentation/Trailhead, customer data sent to the LLM is deleted after the response is returned, and 'no customer data will be used to train the Large Language Models.' Salesforce's own models are trained on Salesforce-curated data, not on customer data by default. Note: in the broader Salesforce CRM platform, some predictive Einstein features can be configured to use a customer's own org data to build models for that same customer only (tenant-scoped), which is distinct from cross-customer/foundation-model training.

    // Security controls

    Trust Center / Status

    Public trust center with real-time service status by product and security advisories

    trust.salesforce.com

    Bug bounty program

    HackerOne (launched 2015; over $18.9M paid across ~30,600 reported vulnerabilities). Public responsible-disclosure policy on HackerOne; private/invite-only paid program.

    hackerone.com

    Responsible disclosure

    Documented Responsible Disclosure / Report a Concern process linked from the security site

    security.salesforce.com

    Penetration testing

    Third-party penetration testing and external security assessments performed; results referenced under 'External Security Assessments' on the compliance portal

    compliance.salesforce.com

    Encryption

    TLS in-flight encryption; Einstein Trust Layer applies data masking and secure data retrieval; Salesforce Shield offers Platform Encryption (encryption at rest) and event monitoring

    security.salesforce.com

    Einstein Trust Layer guardrails

    Data masking (PII), toxicity/prompt-injection defense, audit trail, zero data retention with external LLMs, secure data retrieval respecting org permissions

    help.salesforce.com

    // Products & data scope

    Einstein Trust LayerAI security/governance layer

    data: Intercepts prompts/responses for generative AI; enforces zero data retention with external LLMs, data masking, audit logging. No customer data used to train third-party models.

    Foundation of Salesforce's trusted-AI posture; governs all Einstein generative features.

    Einstein Generative AI / Einstein Copilot / AgentforceGenerative AI assistant / autonomous agents

    data: Grounds responses in customer CRM data via secure retrieval; routes through Trust Layer; tenant-isolated; zero retention at external LLM.

    Enterprise licensing; data stays within customer trust boundary.

    Einstein Predictions / Discovery / Next Best Action (predictive AI)Predictive ML on CRM data

    data: Builds predictive models from a customer's OWN org data, scoped to that single tenant. This is tenant-local model building, not cross-customer or foundation-model training.

    Customers configure/opt into these models; data does not leave the tenant or train shared models.

    // What to watch

    • Vendor homepage (salesforce.com/einstein) returned Access Denied in raw capture, but trust/security/compliance portals were fully accessible and corroborated by independent sources.
    • Some help.salesforce.com doc pages returned error/403 to automated fetch; training/zero-retention policy confirmed via Salesforce Trailhead and corroborating secondary sources rather than a single verbatim doc quote.
    • Nuance: predictive (non-generative) Einstein features can use a customer's own org data to build tenant-scoped models. This is not cross-customer training and is opt-in, but should be represented accurately so it is not confused with 'no AI on my data at all.'

    // At a glance

    Pricing model

    Enterprise subscription / per-user add-on (Einstein and Agentforce licensed on top of Salesforce platform editions; usage/consumption-based for some generative features). No free consumer tier.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Salesforce, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.salesforce.com

    > Browse all vendor trust reports