Your Salesforce CRM right inside your Gmail inbox.

Security

We understand that to be successful, we need to earn your trust. We want you to understand the steps we take in order to make sure that your business information is safe and secure.

Your Salesforce Password

Cirrus Insight never sees or stores your salesforce.com password. We don’t know anything about your security token. Instead, Cirrus Insight uses oAuth to authenticate with Salesforce and act as you. oAuth is an industry-standard mechanism for users to authorize external applications to interact with a secure system. You have probably seen other sites that offer a “Sign in with Facebook/Twitter/Google”. These sites are using oAuth. Salesforce also uses oAuth for applications like Chatter Desktop and Chatter Mobile.

You can find some of the technical details about how we use oAuth for CI, but in general, it’s important to know how we use your authorization once we receive it. With your authorization, we can:

  1. Search salesforce.com for matching Leads and Contacts.
  2. Create Leads, Contacts, relate emails, etc.
  3. Log you in to salesforce for viewing Leads, Contacts, and other records that Cirrus Insight displays.

Additionally, you don’t need to worry about your access to CI if your password or security token expires. We’re “always on”.

Access to Salesforce Data

When we access Salesforce on your behalf, we are granted the exact same permissions and access to data that you have when you log in to Salesforce yourself. Your custom security profiles, role hierarchy, sharing rules, session timeout policies, and even IP and hour login restrictions are honored. If you do not have permission to change specific fields on the Contact object for example, you will not be able to through CI.

Security in Cirrus Insight

Within the Cirrus Insight application itself, we’ve taken every step to ensure increased security:

  • oAuth refresh tokens (what allow us to log in on your behalf) are encrypted in our database.
  • All communication between you and Cirrus Insight and between Cirrus Insight and Salesforce is SSL encrypted with 256-bit certificates.
  • Your refresh token is never exposed in your browser where it may be observed by malware on your computer.
  • Automated scans of our web services and other exposed end-points to detect possible application vulnerabilities.
We use cookies in Cirrus Insight to store what we know about you during your session. These cookies never include any sensitive information, and simply allow us to easily access look up your Salesforce security profile information and session ID quickly. If you close your browser, your session information is deleted.

Our goal is to be as open and transparent about security policies as we possibly can be. If you have any questions on the information described here or on any other topic, please don’t hesitate to contact us.

email