// Trust & Security Report
Salesforce, Inc.
Salesforce Einstein (AI for the Salesforce Platform: Einstein Trust Layer, Einstein Copilot/Agentforce, Einstein Generative AI, Einstein Predictions/Discovery)
Certifications held
19
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on compliance.salesforce.com“ISO 27001 - Salesforce Compliance Site (listed under categories on Salesforce's compliance portal)”
Verify on compliance.salesforce.com“ISO 27017 (listed verbatim among Salesforce compliance categories)”
Verify on compliance.salesforce.com“ISO 27018 (listed verbatim among Salesforce compliance categories)”
Verify on compliance.salesforce.com“ISO 42001 (listed verbatim among Salesforce compliance categories)”
Verify on compliance.salesforce.com“ISO 22301 (listed verbatim among Salesforce compliance categories)”
Verify on compliance.salesforce.com“ISO 9001 (listed verbatim among Salesforce compliance categories)”
Verify on compliance.salesforce.com“SOC 1 (listed verbatim among Salesforce compliance categories)”
Verify on compliance.salesforce.com“SOC 2 reports covering controls around security, availability, and confidentiality of customer data; SOC 2 reports available on the compliance portal (e.g. 'SOC 2 Report - Salesforce Services on First Party').”
Verify on compliance.salesforce.com“SOC 3 (listed verbatim among Salesforce compliance categories)”
Verify on compliance.salesforce.com“PCI DSS (listed verbatim among Salesforce compliance categories)”
Verify on compliance.salesforce.com“HIPAA (listed verbatim among Salesforce compliance categories; Salesforce offers BAA-covered services)”
Verify on compliance.salesforce.com“HITRUST (listed verbatim among Salesforce compliance categories)”
Verify on compliance.salesforce.com“FedRAMP High / FedRAMP Moderate (both listed verbatim among Salesforce compliance categories)”
Verify on compliance.salesforce.com“DoD IL2 / DoD IL4 / DoD IL5 (listed verbatim among Salesforce compliance categories)”
Verify on compliance.salesforce.com“CSA STAR (listed verbatim among Salesforce compliance categories)”
Verify on compliance.salesforce.com“TISAX (listed verbatim among Salesforce compliance categories)”
Verify on compliance.salesforce.com“C5 (ISAE 3000) (listed verbatim among Salesforce compliance categories)”
Verify on compliance.salesforce.com“IRAP, ISMAP, TX-RAMP, Spain Esquema Nacional de Seguridad (ENS), NEN 7510 all listed verbatim among Salesforce compliance categories”
Verify on compliance.salesforce.com“GDPR, EU Cloud Code of Conduct, U.S. Data Privacy Framework (DPF), Salesforce BCRs all listed verbatim among Salesforce compliance categories”
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Multi-region. Hyperforce supports data residency in selected regions (US, EU, APAC, etc.); Einstein generative features route through the Trust Layer with regional model hosting options.
The Einstein Trust Layer enforces a Zero Data Retention agreement with external LLM providers (e.g., OpenAI/Azure OpenAI): prompts and generated responses are not stored by the model provider and are not used to train the third-party LLMs. Per Salesforce documentation/Trailhead, customer data sent to the LLM is deleted after the response is returned, and 'no customer data will be used to train the Large Language Models.' Salesforce's own models are trained on Salesforce-curated data, not on customer data by default. Note: in the broader Salesforce CRM platform, some predictive Einstein features can be configured to use a customer's own org data to build models for that same customer only (tenant-scoped), which is distinct from cross-customer/foundation-model training.
// Security controls
Trust Center / Status
Public trust center with real-time service status by product and security advisories
trust.salesforce.comBug bounty program
HackerOne (launched 2015; over $18.9M paid across ~30,600 reported vulnerabilities). Public responsible-disclosure policy on HackerOne; private/invite-only paid program.
hackerone.comResponsible disclosure
Documented Responsible Disclosure / Report a Concern process linked from the security site
security.salesforce.comPenetration testing
Third-party penetration testing and external security assessments performed; results referenced under 'External Security Assessments' on the compliance portal
compliance.salesforce.comEncryption
TLS in-flight encryption; Einstein Trust Layer applies data masking and secure data retrieval; Salesforce Shield offers Platform Encryption (encryption at rest) and event monitoring
security.salesforce.comEinstein Trust Layer guardrails
Data masking (PII), toxicity/prompt-injection defense, audit trail, zero data retention with external LLMs, secure data retrieval respecting org permissions
help.salesforce.com// Products & data scope
data: Intercepts prompts/responses for generative AI; enforces zero data retention with external LLMs, data masking, audit logging. No customer data used to train third-party models.
Foundation of Salesforce's trusted-AI posture; governs all Einstein generative features.
data: Grounds responses in customer CRM data via secure retrieval; routes through Trust Layer; tenant-isolated; zero retention at external LLM.
Enterprise licensing; data stays within customer trust boundary.
data: Builds predictive models from a customer's OWN org data, scoped to that single tenant. This is tenant-local model building, not cross-customer or foundation-model training.
Customers configure/opt into these models; data does not leave the tenant or train shared models.
// What to watch
- Vendor homepage (salesforce.com/einstein) returned Access Denied in raw capture, but trust/security/compliance portals were fully accessible and corroborated by independent sources.
- Some help.salesforce.com doc pages returned error/403 to automated fetch; training/zero-retention policy confirmed via Salesforce Trailhead and corroborating secondary sources rather than a single verbatim doc quote.
- Nuance: predictive (non-generative) Einstein features can use a customer's own org data to build tenant-scoped models. This is not cross-customer training and is opt-in, but should be represented accurately so it is not confused with 'no AI on my data at all.'
// At a glance
Pricing model
Enterprise subscription / per-user add-on (Einstein and Agentforce licensed on top of Salesforce platform editions; usage/consumption-based for some generative features). No free consumer tier.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Salesforce, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.salesforce.com