BBAA Atlas

Does Salesforce offer EU data residency?

Salesforce, Inc. · CRM · official site ↗

EU data residency availableEU-US DPF + SCCsDPA available
Where does Salesforce store EU data — and who can touch it?
Salesforce offers EU data residency, and relies on the EU-US Data Privacy Framework plus SCCs for transfers.
Salesforce offers EU data residency through Hyperforce regions (incl. Germany and France), is certified to the EU-US Data Privacy Framework, and falls back to Standard Contractual Clauses for transfers.

EU data residency

Can you keep data in the EU?
Customers can provision orgs in EU Hyperforce regions (e.g. Germany, France) so core CRM data stays at rest in the EU. Region is chosen at provisioning; migrating an existing org to Hyperforce is a managed process, not a toggle.
Transfer mechanism
Salesforce self-certifies to the EU-US Data Privacy Framework and incorporates the EU SCCs into its DPA as the fallback transfer mechanism for personal data leaving the EEA.

Sub-processors

Who else processes your data?
Salesforce publishes an infrastructure-and-sub-processors list per cloud/product. Sub-processors vary by product line (Sales Cloud, Marketing Cloud, Slack, Tableau), so the relevant list depends on which Salesforce products you use. General authorisation with advance notice of changes. current sub-processor list ↗

Data Processing Agreement (DPA)

Does Salesforce sign a DPA?
A Data Processing Addendum is incorporated into Salesforce's standard customer agreements; no separate negotiation is required for standard terms. DPA ↗
What the trust-badge pages don't tell you
The sub-processor list a buyer needs depends on the specific Salesforce product — Marketing Cloud and Slack carry different sub-processors than core Sales/Service Cloud. Treat 'Salesforce' as a family, not one processor.
Last checked 2026-06-02confidence: medium · GDPR terms, residency regions and sub-processors change — confirm current terms with Salesforce, Inc. and run your own transfer impact assessment. This is not legal advice.
$249/moto monitor up to 25 vendors' DPA & residency
$3,000/yr, incl. cited bulk export

Monitor your whole vendor list for DPA & residency changes

The free lookup answers one vendor at a time. Teams running EU vendor intake track dozens and need to know the moment a sub-processor, residency region or DPA term changes. Leave your work email and we'll set up monitoring + a cited export for your list.

We'll reply to set up your vendor list and confirm pricing. No card, no checkout here.

Get notified when this changes

Compliance isn't one-and-done. Leave your email and we'll alert you when any vendor's BAA or HIPAA status we cover changes.

One email per change. No newsletter, no selling your address.

Frequently asked questions

Does Salesforce offer EU data residency?
Yes. Customers can provision orgs in EU Hyperforce regions (e.g. Germany, France) so core CRM data stays at rest in the EU. Region is chosen at provisioning; migrating an existing org to Hyperforce is a managed process, not a toggle.
Where does Salesforce send my data, and does it rely on SCCs?
Salesforce self-certifies to the EU-US Data Privacy Framework and incorporates the EU SCCs into its DPA as the fallback transfer mechanism for personal data leaving the EEA.
Who are Salesforce's sub-processors?
Salesforce publishes an infrastructure-and-sub-processors list per cloud/product. Sub-processors vary by product line (Sales Cloud, Marketing Cloud, Slack, Tableau), so the relevant list depends on which Salesforce products you use. General authorisation with advance notice of changes. See the current list at https://www.salesforce.com/company/legal/sub-processors/.
Does Salesforce sign a GDPR Data Processing Agreement (DPA)?
Yes — A Data Processing Addendum is incorporated into Salesforce's standard customer agreements; no separate negotiation is required for standard terms.
Is Salesforce GDPR compliant?
Salesforce can be used in a GDPR-compliant way, but compliance depends on your configuration, not just the vendor: Salesforce offers EU data residency through Hyperforce regions (incl. Germany and France), is certified to the EU-US Data Privacy Framework, and falls back to Standard Contractual Clauses for transfers. You are the controller — confirm the current DPA, residency and sub-processor terms with Salesforce, Inc. and run a transfer impact assessment before processing EU personal data. This is not legal advice.

Sources

Salesforce — Agreements and Terms (incl. Data Processing Addendum)
https://www.salesforce.com/company/legal/agreements/
Supports: DPA incorporated into standard agreements; SCCs as transfer mechanismdated: 2026-06-02
Salesforce — Infrastructure and Sub-Processors
https://www.salesforce.com/company/legal/sub-processors/
Supports: Per-product sub-processor list with general authorisationdated: 2026-06-02
Salesforce — Data Privacy Framework
https://compliance.salesforce.com/en/data-privacy-framework
Supports: EU-US DPF self-certificationdated: 2026-06-02
This page is cited public information, not legal or compliance advice. Whether Salesforce can lawfully process your EU personal data depends on your plan, configured region, contract and a transfer impact assessment you control. Always confirm current terms with Salesforce, Inc. before sending EU personal data.

Check another vendor

AirtableEU residency on higher tiersAmplitudeEU data residency availableAsanaEU residency on higher tiersAtlassian (Jira & Confluence)EU data residency availableBoxEU residency on higher tiersCalendlyNo EU data residency

Browse all 25 vendors →