Trust & Security

We believe in privacy

We will NEVER sell your data or keep it hostage.

Scratchpad inherits your Salesforce rules and guardrails

You may have experienced other tools using the Salesforce API that don’t inherit your configuration, rules, and guardrails. But Scratchpad does, by default. When any user from your company signs up, we instantly implement your rules, permissions, layouts, and workflows - everything you’ve carefully configured in Salesforce to fit the needs of your business. You also don’t have to worry about data out of sync. Scratchpad isn't a heavy integration you need to manage.

Enhanced audit trail availability

Have you ever wanted the ability to view the history of long form text fields in Salesforce? Even though Salesforce doesn’t provide this, we do. You can have visibility into changes for any field - including long form text fields. For sales reps, they won’t need to copy and paste previous entries on top of their next steps or notes. Instead, Scratchpad provides a complete audit trail and history view.

Record type layout support

Different Salesforce record type layouts can contain additional customization on field and pick list visibility. This requires supporting multiple layouts, not just the “default” layout.  If enabled, your users enjoy the simplicity of seeing only the fields or pick lists that matter to their workflow instead of hundreds of different options. Sales teams love this because it helps them stay focused on the fields that need to be updated. RevOps love it, because their processes are followed and they can change rep behaviors more effectively.

Managed packaged provisioning

Don’t worry about all or nothing. Scratchpad has a managed package available that administrators can provision on a user profile basis. We give you the choice for who in your company you want using Scratchpad.

Data center & application security

We are hosted by Amazon Web Services (AWS) on US-based servers. AWS maintains a robust security system managed by World Class Security Experts. Review Amazon’s Security Center for more detailed information.

We built our app on Heroku, a Salesforce company. Heroku’s first value is trust. Learn more about how they exemplify trust, and what standards they’ve implemented on their security certifications and polices on Heroku’s Compliance page.
‍
We conduct continuous network vulnerability testing and contract an independent third-party to conduct penetration testing at least annually.

We use Salesforce’s OAuth to authenticate users, allowing your team to access Scratchpad without entering login credentials into our system. We also work with SSO providers, like Okta.

We maintain a current list of third-party subprocessors for your information.
‍
We maintain disaster and incident response plans to ensure that even in the worst scenarios our team is prepared to protect your information. We test and audit these plans annually, so we’re always ready to respond.
‍
We work to ensure that our service is always available. You can view our status page at any time to review the current status of our platform, incidents, and scheduled outages.

Data security

We require all sensitive data, both in transit and at rest to be encrypted using strong, industry-recognized algorithms. We regularly review all encryption algorithms in use to ensure that they follow the Advanced Encryption Standard.

All encryption keys generated, stored, and managed by Scratchpad are created and stored in a manner that prevents loss, theft, or compromise.

We maintain a stringent password policy, requiring all passwords to be complex, updated from the system default, and unique.
‍
We practice least-privileged access for all of our systems and applications. This means that the only people with access to your account and data are Scratchpad employees that require access in order to fulfill their job responsibilities. We audit access regularly to ensure that the minimum number of individuals have access to your data.

We maintain and store logs for at least 12 months to identify each Scratchpad staff member that has accessed or created an action related to customer data.

We believe in collecting the minimum amount of data needed to ensure your account is managed and secure. We only store and process data required to power features for your team, and you always have the choice to opt out. We are committed to ensuring that data remains secure and hold it to the same security standards as our own customer data.
‍
We back up and encrypt all of our data daily, so you don’t have to worry about losing any of your account information.

Scratchpad and AI

Scratchpad utilizes ChatGPT Enterprise via API, meaning that OpenAI will not store our queries, and no customer data is used for any model training. Our questions and inputs are processed in real-time and are not stored or linked to any personal identifiers.

We leverage OpenAI to generate a summary of call transcripts and use it to answer relevant Salesforce fields. We display these to the end user for further application as needed.

Security procedures

We require all employees and contractors to acknowledge and undergo security awareness training at the time of hire and to refresh their knowledge at least annually. Employees and contractors in developer roles are provided with Secure Development Life Cycle (SDLC) training at the time of hire and annually thereafter. This training includes acknowledgment and understanding of the OWASP Top 10 common coding vulnerabilities.

Our development process was designed to ensure that code deployments are made in a manner that maximizes site uptime, productivity, and security while minimizing the exposure to risks. We employ version control development, code reviews, automated and manual testing prior to deploying code changes.

We work diligently to ensure that our service is secure, if you believe you have found a vulnerability, please email us at security@scratchpad.com. We will work to resolve the issue quickly and follow our vulnerability disclosure policy.