01Trust Score

Salesforce Einstein GPT

Week 2026-W21 · 26 Apr 2026 Vendor-Neutral
40 /100 Notable Concerns
↑ 35 vs 2026-W17
2.4/5 (5018)
↓ PDF Report
WHY THIS SCORE

The overall trust score of 70 reflects a strong security and compliance posture, evidenced by verified SOC 2 Type II, ISO 27001, GDPR DPA, and HIPAA BAA certifications, contributing significantly to the security score of 95. Financial health is robust with a stability score of 88, and community sentiment is overwhelmingly positive, resulting in a community trust score of 90. However, these strengths are substantially offset by a low legal risk score of 20, primarily due to undisclosed policies regarding AI training data rights, IP indemnification, and liability caps in public legal documentation. To improve the score, Salesforce must provide explicit and transparent legal terms for AI data usage, IP ownership of generated content, and clear liability frameworks.

AUDITOR SUMMARY
Strength: Salesforce Einstein GPT offers robust enterprise-grade security and compliance, including SOC 2 Type II, ISO 27001, GDPR, and HIPAA, with a dedicated Trust Layer for data protection and zero retention claims for external model training.
Trust Score 40/100 CONDITIONAL
Est. Annual Cost Estimated $100,000+/year for 100 users (excluding base Salesforce CRM licenses) 100 users / yr
Top Risk HIGH Reliability Overall: Medium
Priority Action AI Training Data Policy Not Explicitly Disclosed in ToS ↓ PDF  · TCO  · Hardening
Enterprise: DPA ✓ · Residency: Customer-Controlled · Lock-in: High (75/100)

Verified Compliance Facts

Cited and timestamped — every claim traceable to an official vendor source.

Data Processing Addendum
View DPA →
Source ↗ Checked: May 18, 2026 Registry
GDPR
✓ Verified
Source ↗ Checked: May 21, 2026 Registry
HIPAA
✓ Verified
Source ↗ Checked: May 21, 2026 Registry
ISO/IEC 27001
✓ Verified
Source ↗ Checked: May 18, 2026 Registry
SOC 2
✓ Verified
Source ↗ Checked: May 18, 2026 Registry

Enterprise Verdict

! Conditional Approval
Risk: Medium 50 sources
The adoption recommendation is 'conditional_proceed' due to critical transparency gaps in legal and IP terms, specifically concerning AI training data usage and indemnification. For a 'proceed' verdict, Salesforce must provide explicit contractual assurances on customer data exclusion from model training and clear IP ownership for AI-generated outputs.
Priority Action

AI Training Data Policy Not Explicitly Disclosed in ToS

This report updates every week. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.
02Top Risks

Risk Assessment

Seven-category enterprise risk analysis derived from community and vendor signals. Each card shows the evidence tier and the underlying finding.

High Reliability Community Data

Public documentation buyers may want to verify availability of specific uptime commitments or reliability history.

Medium Cost Predictability Community Data

Enterprises should negotiate fixed-rate contracts and monitor pricing changes for overage risks.

Medium Vendor Lock-in Community Data

Data export supported. Integration score: 0/100. Webhooks available, reducing lock-in risk.

Source
Medium Support Quality Community Data

Insufficient public community reviews to verify support quality. Standard support channels (email/documentation) are assumed.

Medium Data Privacy Community Data

Compliance score: 100/100. GDPR status: dpa_available. Encryption at rest: yes.

Low Compliance Posture Community Data

SOC 2: type_ii. ISO 27001: certified. Overall compliance score: 100/100.

Medium AI Transparency Verified

No training on user data detected. Code ownership terms unclear. Legal/ToS risk score: 70/100.

Source
Verified — Confirmed by vendor documentation Community — Derived from community reports

Due Diligence Alerts

Priority reviews, recommended inquiries, and verified strengths — based on 26+ community data points

Recommended Inquiry High AI Training Data Policy Not Explicitly Disclosed in ToS
Sources: Web Community Evidence
Recommended Inquiry High IP Indemnification Not Publicly Disclosed
Sources: Web Community Evidence
Recommended Inquiry High SLA Terms Not Publicly Disclosed — Request MSA Before Procurement
Sources: Web Community Evidence
Recommended Inquiry Medium Opaque Data Lifecycle (Retention)
Sources: Web Community Evidence
03Security & Compliance

Security & Compliance

SOC 2 ✓ Certified
ISO 27001 ✓ Certified
GDPR ✓ DPA
HIPAA ✓ BAA Enterprise + signed BAA required

External Registry Verification

Data Security

Data Residency: US EU
Encryption (At Rest): AES-256
Encryption (In Transit): TLS 1.3

Security Features

SSO SAML
MFA SMS, Hardware Key
Audit Logs 90 days
Vulnerability Disclosure

IT Hardening Guide

Deployment Checklist

Last verified: 21 May 2026

Enterprise Contract Intelligence

DPA availability, data residency, and contract risk signals for procurement teams

DPA ✓ Residency: Customer-Controlled Lock-in: High (75/100)
📄 Data Processing Agreement Available
View DPA ↗

Salesforce provides a Data Processing Addendum (DPA) that outlines data processing obligations and includes provisions for international data transfers via Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs). However, specific clauses regarding AI training data usage require explicit clarification.

🌐 Data Residency Customer-Controlled
Default: US (AWS us-east-1, inferred)
USEUUK

Salesforce offers data residency options in the US, EU, and UK, allowing customers to choose their primary data storage region. This supports compliance with regional data sovereignty requirements, including GDPR and the EU Data Act. International transfers are covered by SCCs and BCRs.

⚠️ Contract Risk High Lock-in (75/100)
Data export on exit: Yes ✓
⚠ 4 contract risk flags — click to review
⚠ Undisclosed AI training data policy
⚠ Lack of explicit IP indemnification
⚠ Opaque liability caps
⚠ Deep integration leading to high switching costs

The contract risk for Salesforce Einstein GPT is high, primarily due to significant transparency gaps in legal terms concerning AI training data, IP ownership, and liability. While data portability is supported, the deep integration into the Salesforce ecosystem creates substantial vendor lock-in and high switching costs. Enterprises must negotiate specific contractual clauses to mitigate these risks.

Compliance & Document Matrix

🛡️ Security Certifications AI-enhanced

Certification Status Auditor Valid Until Source
ISO 27001 📄 Claimed View

🔒 Data Privacy Documents

Document Status URL AI Assessment
Sub-processors ❌ Not Found 🟡 Described, no formal doc
AI/Model Training Policy ❌ Not Found — Unclear
Data Retention Policy ❌ Not Found ⚪ Not disclosed
Data Flow Diagram ❌ Not Found
GDPR Compliance Statement ✅ Active Link ✅ Publicly documented
KVKK Compliance Statement ❌ Not Found ⚪ Not disclosed
CCPA Compliance Statement ❌ Not Found ✅ Publicly documented

⚖️ Legal Contracts

See Legal & IP Assessment section above for full analysis of ToS, DPA, MSA, SLA, EULA, and AUP.

🔧 Operational Readiness

Document Status URL AI Assessment
Business Continuity Plan (BCP) ❌ Not Found ⚪ Not disclosed
Disaster Recovery Plan (DRP) ❌ Not Found ⚪ Not disclosed
Incident Response Plan ❌ Not Found ⚪ Not disclosed
3rd Party Penetration Test ❌ Not Found ✅ Publicly documented

📋 Technical Transparency

Document Status URL AI Assessment
SBOM ❌ Not Found ⚪ Not disclosed
OSS License Inventory ❌ Not Found ⚪ Not disclosed
Vulnerability Management Policy ❌ Not Found ✅ Publicly documented
Patch Management Policy ❌ Not Found ✅ Publicly documented
Offboarding / Data Export Guide ❌ Not Found 🟡 Described, no formal doc
SIG Questionnaire ❌ Not Found
CAIQ ❌ Not Found

💰 Financial Resilience

Item Status Details
Cyber Liability Insurance ❌ Not Found ⚪ Not disclosed
TCO Disclosed ✅ Available Annual: Estimated $100,000+/year for 100 users (excluding base Salesforce CRM licenses)
New risk signals detected weekly. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.
04Community Signals

Community Intelligence

Recurring issues and curated signals from GitHub, Hacker News, Reddit, Stack Overflow, web sources, and enterprise review platforms.

Intelligence Synthesis

Community and official sources this week highlight Salesforce Einstein GPT as a transformative advancement in CRM, integrating generative and agentic AI across sales, marketing, and service. Positive sentiment emphasizes its ability to automate tasks, personalize customer interactions, and enhance decision-making, all within a secure 'Trust Layer' that promises data privacy and zero retention for external model training. However, a critical gap remains in the explicit legal documentation regarding AI training data rights, IP ownership of generated content, and liability, which contrasts with the strong marketing claims of trust and security.

Source Signals

💬 Reddit
Salesforce Einstein GPT - Reddit
r/salesforce
🌐 Web Findings
Enterprise_Reviews Salesforce Einstein GPT: What It Is & How to Use It
Saashub Salesforce Einstein GPT - Apex Hours
Details the Einstein GPT Trust Layer, emphasizing secure data retrieval, dynamic grounding, data masking, toxicity detection, auditing, and zero retention, along with specific CRM features for sales, service, marketing, Slack, and developers.
Weekly_Buzz Breaking News: Salesforce Einstein GPT Officially Announced | Salesforce Ben
Announces Einstein GPT's official launch, combining public and private AI models with CRM data for AI-generated content. Highlights partnership with OpenAI and 'bring your own model' extensibility.
Homepage Artificial Intelligence (AI) at Salesforce | Salesforce
Official homepage detailing Salesforce's AI evolution from predictive to generative and agentic AI, emphasizing the Agentforce 360 Platform, Data Cloud, Trust Layer, and open ecosystem for third-party models.
05Financial Impact

Financial Impact Panel

Cost intelligence and pricing signals for enterprise procurement decisions

Pricing data from public sources — enterprise rates differ. Verify with vendor.

TCO Calculator

Calculate the real monthly cost for your team. Adjust seats, usage, and pricing tier below.

Estimated Monthly Cost

Base Subscription $0
AI Credits / Tokens $0
Hidden Costs (onboarding, overages, support) $0
Total Monthly TCO $0
Per User / Month $0
Annual Projection $0

Swanum Independent Estimate (100 users)

Implementation $50000
Training $20000
Integration $30000
Total Annual TCO Estimated $100,000+/year for 100 users (excluding base Salesforce CRM licenses)

Pricing for Salesforce Einstein GPT is not publicly disclosed and requires direct engagement with Salesforce sales. The estimated TCO for 100 users is based on typical enterprise AI implementation, training, and integration costs, assuming existing Salesforce CRM licenses. Base license costs for Einstein GPT features are not included in this estimate. Base $0/mo × 12 = $0 + Implementation $50000 + Training $20000 + Integration $30000 = $100000 total (Reported total: $100,000+)

Don't evaluate blind next quarter. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.
Learn more about our Audit Methodology →

Synthesized from 20+ independent public sources: developer forums & repositories, security databases, vendor disclosures, regulatory filings, and community review platforms. Not affiliated with any vendor. Corrections?

© 2026 Swanum. All rights reserved. This report is provided “as is” for informational purposes only. It does not constitute legal, financial, or technical advice. Community-sourced data may contain inaccuracies. Reproduction or redistribution requires written permission. Vendors seeking corrections may contact us.

Download PDF Report

Create a free account to download the full enterprise audit PDF.

Sign up — it's free →

Already have an account? Log in