Security

Browser Extension Description

SalesBolt delivers users a connection between CRM and browser data displaying on selected websites providing context relative to the information viewed, delivered via a Browser Extension. The Browser Extension acts as a proxy between the users Browser and Salesforce with data transmitted between systems.

Hosting Environments

SalesBolt makes use of Amazon's AWS Cloud Services to host SalesBolt's API, the services are accessed by the SalesBolt Chrome Extension to confirm the user’s rights to use SalesBolt and the user's connected Salesforce account to which Salesforce API calls are directed to and from in order to securely provide CRM connectivity via the SalesBolt .

Currently to provide the most performant global solution the SalesBolt platform utilises AWS US-East. SalesBolt has signed with Amazon the AWS Data Processing Addendum, which includes the Model Clauses (https://aws.amazon.com/compliance/eu-data-protection/).

SalesBolt user accounts are linked to Salesforce user accounts, SalesBolt accepts Salesforce as an OAuth identity provider such that while authenticating via Salesforce to the SalesBolt Connected App, SalesBolt does process and store the associated CRM user data in order to provide our services and maintain proper use of the SalesBolt application (for details of information gathered see our Privacy Policy).

Additional metadata such as user preference settings may also be stored. SalesBolt's servers use services such as access monitoring, firewall, threat detection, application performance monitoring and follows Amazon's best practice recommendations: Amazon (AWS) Best Practices.

Access Control

Users connect to SalesBolt via OAuth using Salesforce as an OAuth provider. Initial connection facilitates SalesBolt account (for details of information gathered see our privacy policy) creation, user assignment to org and licensing. All data is accessed in the context of the logged in user and record and field level security is maintained at all times. Users/customers at all time are in control of assigned tokens and can revoke at any time.

The SalesBolt Chrome Extension does not grant its users any further privileges or access  to Salesforce data than that of the currently logged in Salesforce. At any time a Salesforce Administrator can revoke SalesBolt access to a Salesforce account via Salesforce's connected app settings.

Data Access

Application initiated requests for data access pass through multiple application levels to validate that the user is authenticated, licensed and belongs to the customer associated with the data and has the permissions to view/edit as requested. Only upon all checks being successful is data returned. Administrative access to the production environment is locked down to a few select SalesBolt employees via IP restricted VPN requiring multi factor authentication.

Data Retention

Client data required to deliver the service is stored for the period of the contract. Upon contract termination customer data is destroyed after 30 days. Backup data is retained for 30 days.

Logging & Monitoring

All application layers and processing transactions and system requests are logged and monitored. Infrastructure access and application performance is monitored by AWS Cloudwatch. All monitoring systems implement thresholds that when exceeded notify internal personnel via multiple channels 24 / 7 / 365.

Issue Reporting

To report any security concern or suspected vulnerability please contact the SalesBolt Security Team.

Policies & Further Information

SalesBolt Privacy - https://www.salesbolt.com/privacy
SalesBolt Terms of Service - https://www.salesbolt.com/terms
Amazon (AWS) Compliance & Regulations - https://aws.amazon.com/compliance/eu-data-protection/
Amazon (AWS) Best Practices - https://d1.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf
Amazon (AWS) Security - https://aws.amazon.com/security/