SalesHud delivers users a connection between CRM and browser data displaying on selected websites providing context relative to the information viewed, delivered via a Google Chrome Extension served from the Google Chrome Webstore. The Chrome extension acts as a proxy between Chrome and Salesforce with data transmitted between systems via SalesHud but no data stored.
SalesHud Cloud Storage (Firebase)
SalesHud Cloud Storage (Firebase) is used only to manage the accounts and licenses necessary to access SalesHud. APIs in the SalesHud Cloud are accessed by the Chrome Extension to confirm the user’s rights to use SalesHud. No data from sources such as Salesforce or third-parties is exfiltrated from those systems and stored in the SalesHud Cloud. The SalesHud Cloud does store some personally identifiable, business critical data having to do with license management and the user’s relationship with SalesHud.
Additional metadata such as user preference settings may also be stored. But no security sensitive data pertaining to Salesforce.com or other third party sites or accounts is stored there.
The SalesHud Cloud uses services such as access monitoring, firewall, threat detection, application performance monitoring and follows Google’s best practice recommendations.
The SalesHud Chrome Extension interacts with the Salesforce REST API on behalf of the currently logged in Salesforce user for the purpose of extending the Salesforce.com functionality and user experience. In addition data from selected third party websites may be linked to, or stored in, Salesforce. The SalesHud Chrome Extension does not grant its users any further privileges or access to Salesforce data than that of the currently logged in Salesforce. At any time a Salesforce Organization Administrator can rescind SalesHud access to a Salesforce account via Salesforce connected app settings.
SaleHud does not have direct access to third-party sites. The Chrome Extension has access only to data for which the current user is entitled. This data may be copied or linked to Salesforce but it is never copied anywhere else; for example it is never copied to the SalesHud Cloud Storage.
SalesHud account data required to deliver the service is stored for the period of the contract. Upon contract termination customer data is destroyed after 30 days. Backup data is retained for 30 days.
Access to the production environment is logged and limited to assigned staff through IP whitelisting, VPN tunnels, and multi-factor authentication.
Incident Response & Disaster Recovery
The SalesHud platform is entirely cloud based. Core services are redundant across multiple data centres and we rely on the BC/DR capabilities of GCP (Google Cloud Platform).
In the case SalesHud determined that any customer information was compromised, SalesHud will immediately notify the customer primary contact within 72 hours.
SalesHud implements security consideration at design time and employs best practice secure coding principles (OWASP), including extensive employee training.
SalesHud runs testing environments which contain no client data. Transition of code between environments is subject to peer review and software based analysis before continuous integration. Application and source code is scanned by vulnerability detectors and we are subject to 3rd party security reviews and penetration testing.
Employees & Contractors
All employees and contractors are vetted before placement and must sign binding confidentiality agreements.
To report any security concern or suspected vulnerability please contact the SalesHud Security Team
Policies & Further Information
SalesHud Terms and Conditions – https://www.saleshud.com/terms
GCP (Google Cloud Platform) Compliance & Regulations – https://cloud.google.com/security/compliance/
GCP (Google Cloud Platform) Best Practices – https://cloud.google.com/storage/docs/best-practices
GCP (Google Cloud Platform) Trust & Security – https://cloud.google.com/security/