We protect your company’s data.
We maintain SOC 2 Type 2 compliance and have automated continuous monitoring in place to ensure that we stay compliant.
Looking for the specific details? Request access to our security documentation.
We maintain SOC 2 Type 2 compliance and have automated continuous monitoring in place to ensure that we stay compliant.
Looking for the specific details? Request access to our security documentation.
We will NEVER sell your data or keep it hostage.
You may have experienced other tools using the Salesforce API that don’t inherit your configuration, rules, and guardrails. But Scratchpad does, by default. When any user from your company signs up, we instantly implement your rules, permissions, layouts, and workflows - everything you’ve carefully configured in Salesforce to fit the needs of your business. You also don’t have to worry about data out of sync. Scratchpad isn't a heavy integration you need to manage.
Have you ever wanted the ability to view the history of long form text fields in Salesforce? Even though Salesforce doesn’t provide this, we do. You can have visibility into changes for any field - including long form text fields. For sales reps, they won’t need to copy and paste previous entries on top of their next steps or notes. Instead, Scratchpad provides a complete audit trail and history view.
Different Salesforce record type layouts can contain additional customization on field and pick list visibility. This requires supporting multiple layouts, not just the “default” layout. If enabled, your users enjoy the simplicity of seeing only the fields or pick lists that matter to their workflow instead of hundreds of different options. Sales teams love this because it helps them stay focused on the fields that need to be updated. RevOps love it, because their processes are followed and they can change rep behaviors more effectively.
Don’t worry about all or nothing. Scratchpad has a managed package available that administrators can provision on a user profile basis. We give you the choice for who in your company you want using Scratchpad.
We built our app on Heroku, a Salesforce company. Heroku’s first value is trust. Learn more about how they exemplify trust, and what standards they’ve implemented on their security certifications and polices on Heroku’s Compliance page.
We conduct continuous network vulnerability testing and contract an independent third-party to conduct penetration testing at least annually.
We use Salesforce’s OAuth to authenticate users, allowing your team to access Scratchpad without entering login credentials into our system. We also work with SSO providers, like Okta.
We maintain a current list of third-party subprocessors for your information.
We maintain disaster and incident response plans to ensure that even in the worst scenarios our team is prepared to protect your information. We test and audit these plans annually, so we’re always ready to respond.
We work to ensure that our service is always available. You can view our status page at any time to review the current status of our platform, incidents, and scheduled outages.
All encryption keys generated, stored, and managed by Scratchpad are created and stored in a manner that prevents loss, theft, or compromise.
We maintain a stringent password policy, requiring all passwords to be complex, updated from the system default, and unique.
We practice least-privileged access for all of our systems and applications. This means that the only people with access to your account and data are Scratchpad employees that require access in order to fulfill their job responsibilities. We audit access regularly to ensure that the minimum number of individuals have access to your data.
We maintain and store logs for at least 12 months to identify each Scratchpad staff member that has accessed or created an action related to customer data.
We believe in collecting the minimum amount of data needed to ensure your account is managed and secure. We only store and process data required to power features for your team, and you always have the choice to opt out. We are committed to ensuring that data remains secure and hold it to the same security standards as our own customer data.
We back up and encrypt all of our data daily, so you don’t have to worry about losing any of your account information.
Our development process was designed to ensure that code deployments are made in a manner that maximizes site uptime, productivity, and security while minimizing the exposure to risks. We employ version control development, code reviews, automated and manual testing prior to deploying code changes.
We work diligently to ensure that our service is secure, if you believe you have found a vulnerability, please email us at security@scratchpad.com. We will work to resolve the issue quickly and follow our vulnerability disclosure policy.
