Data Privacy Framework Privacy Notice
Effective Date: July 30, 2025
With respect to personal data that Salesloft, Inc. manages on behalf of its customers as a data processor in connection with providing Salesloft’s services (“Personal Data”), Salesloft complies with the EU-U.S. Data Privacy Framework (EU- U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.
Salesloft has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Salesloft has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this DPF Privacy Notice and the DPF Principles, the DPF Principles shall take precedence. To learn more about the DPF program, and to view our certification, please visit dataprivacyframework.gov.
The Federal Trade Commission has jurisdiction over Salesloft’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
Personal Data – Collection, Type, and Purpose for Processing
Personal Data is provided to Salesloft by our customers (including through integrations between Salesloft’s services and customer-owned or -controlled systems) or collected from third parties as determined by the customer’s use of our services. Under these circumstances, each customer is the data controller of Personal Data that it provides to Salesloft. As the data controllers, our customers determine the type and scope of Personal Data processed by Salesloft. This commonly includes, but may not be limited to: name, contact information (such as email address and phone number), employer, employment title, IP address, localization data, and the other types of data described in Schedule 1 of our Data Processing Addendum. If you would like more information about how a Salesloft customer obtained or manages your Personal Data, you should contact the applicable data controller and/or review the data controller’s privacy notice.
Salesloft is a data processor of the Personal Data described above. We process Personal Data for the purposes of providing, securing, troubleshooting, and supporting our services, supporting and optimizing our customer’s use of the services, complying with our legal and contractual obligations, investigating incidents or misuse of the services, and as otherwise outlined in our customer agreements or instructed by our customers. Salesloft retains Personal Data as required by our customer contracts or as directed by our customers.
Transfers to Third Parties
Salesloft discloses Personal Data to a limited number of third-parties acting as sub-processors, contractors, or service providers. These third-parties assist in providing, securing, supporting, troubleshooting, and otherwise maintaining Salesloft’s services, and help Salesloft provide support to customers. The identity of these third-parties generally fall into categories such as cloud service providers, infrastructure providers, communication platforms, analytics providers, customer support tools, and other specialized service providers. For a comprehensive and continuously updated list of our current sub-processors, including their identity and purpose, please refer to our dedicated Sub-processor List available at: https://trust.salesloft.com.
As required by the DPF, Salesloft is liable if these third-parties fail to process Personal Data in compliance with the DPF Principles, unless Salesloft is not responsible for the event giving rise to the damage.
Right to Access, Amend, Delete, Limit Use of, or Limit Disclosure of Personal Data
Individuals located in the European Union, United Kingdom (and Gibraltar), or Switzerland have certain rights over their Personal Data.
Those individuals can access the Personal Data that Salesloft processes about them, request that such data be amended if inaccurate, or deleted if the data is no longer necessary for the purposes for which it was collected or has been processed in violation of the DPF Principles, and limit use and/or disclosure of their Personal Data.
If these rights are applicable to you and you would like to exercise your rights, please contact the applicable data controller of your Personal Data (i.e., the customer that engaged Salesloft to process your Personal Data on its behalf). Salesloft may process your Personal Data only at the instruction of the applicable controller, as required by our contracts and applicable regulations. Accordingly, if you reach out to Salesloft directly with your request, we can only refer your request to the controller. Where needed, and as instructed by the applicable controller, Salesloft will provide assistance to the controller in responding to your request.
If Personal Data covered by this Privacy Notice is to be used for a new purpose that is materially different from that for which the Personal Data was collected or subsequently authorized, or is to be disclosed to a non-agent third party in a manner not specified in this Notice or otherwise notified to or consented by you, it is the responsibility of the applicable controller of your Personal Data to provide you with an opportunity to choose whether to have your Personal Data so used or disclosed. You should submit requests to opt out of such uses or disclosures to the controller of your Personal Data (i.e. the specific customer that engaged Salesloft to process your Personal Data on its behalf). If you are unable to verify the Salesloft customer that is a controller of your Personal Data or the controller is not responding to your request or providing you with a mechanism to exercise your rights as described herein, please contact us at privacy@salesloft.com. Certain personal data, such as information about medical or health conditions, racial or ethnic origin, political opinions, and religious or philosophical beliefs, is considered “Sensitive Information”. We do not typically process Personal Data that is Sensitive Information. However, in the event that we inadvertently receive Personal Data that is Sensitive Information, we will not process it for any purposes other than those which are described in this Notice, unless otherwise consented by you.
Inquiries and Complaints
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Salesloft commits to resolve DPF Principles-related complaints about our collection and use of personal information. EU, UK, Gibraltarian, and Swiss individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the DPF should first contact privacy@salesloft.com. As a data processor, Salesloft processes Personal Data strictly on behalf of and under the instructions of our customers, who act as the data controllers, and to comply with our legal obligations. Our customers are responsible for responding to requests from individuals to exercise their rights, including the right to access, amend, delete, limit the use of, or limit the disclosure of their personal data. Salesloft provides our customers with the necessary mechanisms to enable them to effectively manage and fulfill their responsibilities as data controllers in responding to such requests in connection with our service offerings. Salesloft commits to refer unresolved complaints concerning our handling of Personal Data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If after contacting us at privacy@salesloft.com, you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMs are provided at no cost to you. If neither Salesloft, nor our dispute resolution provider resolves your complaint, you may have the option to engage in binding arbitration through the Data Privacy Framework Panel. For more information on this option, please see Annex I of the EU-U.S. Data Privacy Framework Principles.
If your request relates to our customers’ data processing activities (as opposed to Salesloft’s compliance with the DPF Principles or this Privacy Notice), please note that we will direct your request, or the relevant components thereof, to the controller of your Personal Data.
Requests from Public Authorities
Salesloft may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.