DESK.COM SECURITY, PRIVACY, AND ARCHITECTURE Last Updated: September 9, 2016 Salesforce’s Corporate Trust Commitment Salesforce is committed to achieving and maintaining the trust of our customers. Integral to this mission is providing a robust security and privacy program that carefully considers data protection matters across our suite of services, including data submitted by customers to our services (“Customer Data”). Services Covered This documentation describes the architecture of, the security and privacy-related audits and certifications received for, and the administrative, technical, and physical controls applicable to the services branded as Desk.com (“Desk.com Services”). Third-Party Architecture The architecture used by Salesforce to host Customer Data submitted to the Desk.com Services is provided by a third-party provider, Amazon Web Services, Inc. (“AWS”). Currently, the physical architecture hosted by AWS in the provisioning of the Desk.com Services is located in the United States. Audits and Certifications The following security and privacy-related audits and certifications are applicable to the Desk.com Services: ● TRUSTe Privacy Seal: Salesforce has been awarded the TRUSTe Privacy Seal signifying that the Desk.com Web Site Privacy Statement and associated practices related to the Desk.com Services have been reviewed by TRUSTe for compliance with TRUSTe’s program requirements, including transparency, accountability, and choice regarding the collection and use of personal data. The Desk.com Services undergo security assessments by internal personnel and third parties, which include infrastructure vulnerability assessments and application security assessments, on at least an annual basis. Information about security and privacy-related audits and certifications received by AWS, including information on ISO 27001 certification and Service Organization Control (SOC) reports, is available from the AWS Security Web site and AWS Compliance Web site. Copyright 2000 – 2016 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com, inc., as are other names and marks. Other marks appearing herein may be trademarks of their respective owners. Security Controls The Desk.com Services include a variety of configurable security controls that allow customers to tailor the security of the Desk.com Services for their own use. These controls include: ● Unique user identifiers (user IDs) to ensure that activities can be attributed to the responsible individual. ● Controls to revoke access after several consecutive failed login attempts. ● Password length controls. ● Customer-specific SSL certificates to permit site URL validation. Security Procedures, Policies and Logging The Desk.com Services are operated in accordance with the following procedures to enhance security: ● User access log entries will be maintained, containing date, time, URL executed or entity ID operated on, operation performed (viewed, edited, etc.) and source IP address. Note that source IP address might not be available if NAT (Network Address Translation) or PAT (Port Address Translation) is used by a customer or its ISP. ● Logs will be kept in a secure area to prevent tampering. ● Passwords are not logged under any circumstances. ● User passwords are stored using a salted hash format and are never transmitted unencrypted. Intrusion Detection Salesforce will monitor the Desk.com Services for unauthorized intrusions using intrusion detection services. Any security events are monitored and escalated to the Salesforce Security Operations Center for triage. Salesforce may analyze data collected by users' web browsers (e.g., device type, screen resolution, time zone, operating system version, browser type and version, system fonts, installed browser plug-ins, enabled MIME types, etc.) for security purposes, including to detect compromised browsers, to prevent fraudulent authentications, and to ensure that the Desk.com Services function properly. Security Logs All systems used to provide the Desk.com Services and end user functionalities log their respective information while employing a log management framework that ensures that log rotation and retention policies are enforced. Information on security-related events is also shipped offsite to a hardened, read-only log retention service. Incident Management Salesforce maintains security incident management policies and procedures. Salesforce promptly notifies impacted customers of any actual or reasonably suspected unauthorized disclosure of their respective Customer Data by Salesforce or its agents of which Salesforce becomes aware to the extent permitted by law. 2 Copyright 2000 – 2016 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com, inc., as are other names and marks. Other marks appearing herein may be trademarks of their respective owners. User Authentication Access to the Desk.com Services requires a valid user ID and password combination, which are encrypted via SSL while in transmission. Following a successful authentication, a random session ID is generated and stored in the user’s browser to preserve and track session state. Physical Security Production data centers used to provide the Desk.com Services have access system controls in place. These facilities are designed to withstand adverse weather and other reasonably predictable natural conditions, are secured by around-the- clock guards, two-factor access screening, and escort-controlled access, and are also supposed by on-site back-up generators in the event of a power failure. Further information about physical security provided by AWS is available from the AWS Security Web site, including AWS’s overview of security processes. Reliability and Backup All components of the Desk.com Services are configured in a redundant configuration. All Customer Data submitted to the Desk.com Services is stored on a primary server that is clustered with a backup database server for higher availability. All Customer Data submitted to the Desk.com Services, up to the last committed transaction, is automatically replicated on a near real-time basis at the database layer and is backed up on a regular basis. Encrypted backups are stored offsite in a geographically disparate location. Disaster Recovery Salesforce has disaster recovery plans in place and tests them at least once a year. The Desk.com Services utilize secondary facilities that are geographically remote from their primary data centers, along with required hardware, software, and Internet connectivity, in the event Salesforce production facilities at the primary data center were to be rendered unavailable. Viruses The Desk.com Services do not scan for viruses that could be included in attachments or other Customer Data uploaded into the Desk.com Services by a customer. Uploaded attachments, however, are not executed in the Desk.com Services and therefore will not damage or compromise the Desk.com Services by virtue of containing a virus. 3 Copyright 2000 – 2016 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com, inc., as are other names and marks. Other marks appearing herein may be trademarks of their respective owners. Data Encryption The Desk.com Services use industry-accepted encryption products to protect data at rest, such as user password hashes stored in the database, and Customer Data and communications during transmissions between a customer’s network and the Desk.com Services, including minimum 128-bit SSL certificates and 1024-bit RSA public keys. Return of Customer Data Within 30 days post contract termination, Salesforce provides customers with access to Customer Data via API for purposes of exporting, via a file and attachments in their native format, their respective Customer Data that is submitted to the Desk.com Services. During the term of the contract, Salesforce shall provide such Customer Data via API and attachments in their native format. Salesforce reserves the right to reduce the number of days it provides access to such data after contract termination. Salesforce will update this Desk.com Security, Privacy, and Architecture Documentation in the event of such change. Deletion of Customer Data Post contract termination, to request deletion of Customer Data submitted to the Desk.com Services, contact support@desk.com. This process is subject to applicable legal requirements. Tracking and Analytics Salesforce may track and analyze use of the Desk.com Services for purposes of security and helping Salesforce improve both the Desk.com Services and the user experience in using the Desk.com Services. Without limiting the foregoing, Salesforce may share data about Salesforce’s customers' or their users' use of the Desk.com Services to Salesforce’s service providers for the purpose of helping Salesforce in such tracking or analysis, including improving its users’ experience with the Desk.com Services, or as required by law. Sensitive Personal Data Important: The following types of sensitive personal data may not be submitted to the Desk.com Services: government-issued identification numbers; financial information (such as credit or debit card numbers, any related security codes or passwords, and bank account numbers); information related to an individual’s physical or mental health; and information related to the provision or payment of health care. For clarity, the foregoing restrictions do not apply to financial information provided to Salesforce for the purposes of checking the financial qualifications of, and collecting payments from, its customers, the processing of which is governed 4 Copyright 2000 – 2016 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com, inc., as are other names and marks. Other marks appearing herein may be trademarks of their respective owners. by the Desk.com Web Site Privacy Statement. Interoperation with Other Salesforce Services The Desk.com Services may interoperate with other services provided by Salesforce. The Security, Privacy and Architecture documentation for such services is available in the Trust and Compliance Documentation section of help.salesforce.com. 5 Copyright 2000 – 2016 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com, inc., as are other names and marks. Other marks appearing herein may be trademarks of their respective owners.