Salesforce Marketing Cloud
Based exclusively on public evidence • 20 criteria (Privacy + AI)
Last review: 21 Feb 2026
AI Trust Summary
- •Regarding AI: it does not document the retention period for AI data, which may impact transparency and customer trust.
- •Regarding Core Privacy: it does not specify concrete data retention periods, limiting customers' understanding of how their information is managed.
Safer Alternatives
Higher-rated software in the same category
Attention Points in AI (2)
AI criteria that require attention. Buy the Premium Analysis to see all 2 criteria.
- •Salesforce Marketing Cloud
- •does not inform the retention period for AI data, which may impact transparency.
- •does not mention mechanisms for contesting automated decisions, limiting customer rights.
- •it is necessary to demand clauses addressing these aspects in the contract.
AI data retention (prompts and responses) is not disclosed
The policy mentions data collection, but does not inform about the retention period for customer data, which may impact transparency.
AI decision contestation mechanism not available
There is no mention of mechanisms for contesting automated decisions, limiting customer rights regarding decisions that affect them.
Source: vendor public documents
Compliances in AI (3)
AI criteria the company meets. Buy the Premium Analysis to see all 3 criteria.
- •Salesforce Marketing Cloud
- •provides a Data Processing Agreement (DPA) that ensures clarity on data handling.
- •documents data processing purposes, allowing customers to understand how their information is used.
- •these practices strengthen due diligence and trust in data management.
Use of artificial intelligence clearly disclosed in policies
The policy explicitly states the use of artificial intelligence, allowing customers to understand how their data is processed in marketing campaigns.
Policy on data use for AI training clearly stated
The policy states that Salesforce may use personal data to develop AI systems, which is relevant for personalizing marketing campaigns.
Automated AI decisions explained in an understandable way
The policy clarifies that automated decisions do not occur, ensuring that customers are not impacted by decisions without explanation in marketing campaigns.
Source: vendor public documents
Highlights in Privacy (3)
Most relevant criteria for this category. Buy the Premium Analysis to see all 3 criteria.
Data retention period not stated in the policy
The policy mentions data retention generically, but does not specify concrete periods, which may impact transparency.
Additional safeguards documented for sensitive data processing
The policy identifies sensitive data and describes safeguards, such as explicit consent, ensuring protection when generating marketing campaigns.
Data Processing Agreement (DPA) available for business customers
The company provides a DPA, ensuring that enterprise customers have clarity on data processing when generating marketing campaigns.
Source: vendor public documents
Critical Alerts
- •Mecanismo de contestação de decisões de IA não disponível: Crucial para a proteção dos direitos dos clientes em relação a decisões automatizadas..
- •Período de retenção de dados não informado na política: Importante para a confiança dos clientes e conformidade com a legislação.
Conformance analysis (20)
Additional safeguards documented for sensitive data processing
Reference: ISO/IEC 29100
Data Processing Agreement (DPA) available for enterprise customers
Reference: ISO/IEC 27701 (8.2) + LGPD Art. 39 + GDPR Art. 28
Processing purposes clearly listed by data category
Reference: ISO/IEC 27701 (7.3)
Source: vendor public documents
Follow this company and access all 20 criteria
Track score changes, get alerts on policy updates, and view the full conformance analysis
Don't miss any update
Sign up to follow this company and track changes in privacy and AI scores
Why trust the AITS Index: Open Community Audit
Public transparency, peer review and open evidence trails — all verifiable by the community
Trust guarantees
Peer review
users, professionals and experts confirm or contest items online.
Public history
vendor and index changes are versioned and accessible.
Participate
Evidence, confirmations and contestations
participate in the collaborative validation of AITS criteria
Salesforce Marketing Cloud: Privacy and Security Insights for Users
Strengths of Salesforce Marketing Cloud in Privacy and Security
Salesforce Marketing Cloud has established itself as a leader in marketing automation, and its commitment to privacy is evident through several strengths that benefit users. With an impressive AITS Privacy Score of 86%, the platform provides essential tools and documentation that enhance user trust and data management.
Clear Data Processing Agreement (DPA)
One of the standout features of Salesforce Marketing Cloud is its Data Processing Agreement (DPA), which is readily available for enterprise clients. This agreement outlines how data is processed, ensuring that users have a clear understanding of their rights and the obligations of Salesforce. The DPA is crucial for compliance with regulations such as GDPR and LGPD, as it helps users know how their data is handled and protected. For businesses, this transparency is vital in building trust with customers, as it provides assurance that their data is managed responsibly.
Transparency in Data Transfer
Another significant strength is the platform's transparency regarding international data transfers. Salesforce Marketing Cloud clearly documents how data may be transferred across borders, which is particularly important for companies operating in multiple jurisdictions. This transparency aligns with the requirements of GDPR, which mandates that users must be informed about where their data is being processed. Users can feel more secure knowing that Salesforce has measures in place to protect their data during international transfers.
Weaknesses of Salesforce Marketing Cloud in Privacy and Security
Despite its strengths, Salesforce Marketing Cloud does have notable weaknesses that users should be aware of. With an AITS AI Score of 50%, there are areas of concern that could impact user trust and data management.
Lack of AI Data Retention Information
One of the critical weaknesses is the absence of documented data retention periods for AI-generated data, including prompts and responses. This lack of clarity can lead to uncertainty for users regarding how long their data is stored and when it may be deleted. Without this information, users may struggle to understand their rights concerning data retention and deletion, which is a fundamental aspect of GDPR and LGPD compliance. To mitigate this risk, users should inquire directly with Salesforce about their data retention policies and seek to establish clear guidelines for data management.
Absence of AI Decision Contestation Mechanism
Another significant concern is the lack of a mechanism for contesting AI-driven decisions. This absence can leave users feeling vulnerable, as they may not have recourse if they disagree with decisions made by the AI. This is particularly relevant in contexts where AI impacts customer interactions or marketing strategies. Users should advocate for the implementation of such mechanisms and consider alternative solutions that offer more robust oversight of AI processes. Engaging with Salesforce's support team to express these concerns can also help push for improvements in this area.
Practical Guidance for Users of Salesforce Marketing Cloud
To maximize the benefits of Salesforce Marketing Cloud while minimizing risks, users should take proactive steps to manage their privacy settings and data.
Review Privacy Settings Regularly
Users should regularly review their privacy settings within Salesforce Marketing Cloud. This includes checking the configurations related to data sharing, consent management, and data retention. Ensuring that these settings align with organizational policies and regulatory requirements is essential. Users should also consider enabling features that enhance data protection, such as two-factor authentication and access controls, to safeguard their accounts further.
Stay Informed About Updates
Given the evolving landscape of data privacy regulations, it is crucial for users to stay informed about updates to Salesforce Marketing Cloud's policies and features. Regularly checking for updates on the platform’s privacy practices can help users adapt to changes and ensure compliance with regulations like GDPR and LGPD. Users should also participate in training sessions or webinars offered by Salesforce to better understand how to leverage the platform while maintaining data privacy.
By understanding both the strengths and weaknesses of Salesforce Marketing Cloud, users can make informed decisions about their data management practices and enhance their overall experience with the platform.
Other Marketing Automation software
Dive into in-depth research and analysis of each player
Source: vendor public documents
Analyzed Sources
Public documents used in the audit of Salesforce Marketing Cloud:
Evidence, confirmations and contestations
participate in the collaborative validation of AITS criteria
Scope & Limitations
TrustThis/AITS assessments are based exclusively on publicly available information, duly cited with date and URL, following the AITS methodology (privacy & AI transparency).
The content is indicative in nature, intended for screening and comparison, not replacing internal audits.
TrustThis/AITS does not perform invasive tests, does not access vendor technology environments and does not process customer personal data. Conclusions reflect only the vendor's public communication at the date of collection.
Source: vendor public documents