Secure for enterprise
Global enterprise revenue teams including the largest Cloud 100 companies trust and rely on Dooly.
- Notes taken
- Uptime SLA
- G2 rating
Your Salesforce data is protected.
Sign in with Salesforce
Keep your account secure by signing in with Salesforce (SSO).
Keep to your records
Access to records and fields is controlled by your Salesforce permissions.
Your data stays private
We never sell or monetize your data, period.
Own your data
Your Salesforce data is accessed on-demand.
Trusted by forward-thinking companies
We follow a comprehensive information security program that follows the criteria set forth by the SOC 2 framework.
- Third-party audits
- Our security controls are regularly audited by a third-party.
- Third-party penetration testing
- Penetration tests are regularly conducted by a third-party.
- Roles and responsabilities
- Team members are required to review and accept security policies.
- Security awareness training
- Team members are required to complete security awareness training.
- Team members are required to sign an industry standard confidentiality agreement.
- Background checks
- Background checks are completed in accordance with local laws.
Our services are hosted on Google Cloud Platform. Google Cloud employs a robust security program with multiple certifications.
- Encryption at rest
- Databases at rest are encrypted and OAuth tokens are stored encrypted.
- Encryption in transit
- Network data is encrypted using TLS/SSL.
- Vulnerability scanning
- Our infrastructure is continuously scanned for vulnerabilities and threats.
- Logging and monitoring
- Cloud services are actively logged and monitored.
- Business continuity
- We use our data hosting provider's backup services to reduce any risk of data loss.
- Incident response plans
- We keep detailed incident response plans so we're always prepared to respond events.
Access to systems is closely managed and monitored.
- Permissions and authentication
- Access is limited to authorized team members.
- Least privilege access control
- Access is granted according to the principle of least privilege.
- Quarterly access reviews
- We perform quarterly access reviews of all sensitive systems.
- Password requirements
- Team members are required to adhere to a minimum set of password requirements.
- Password Managers
- Team members utilize a password manager to ensure unique and strong passwords.
Vendor and risk management
Vendors must be secure.
- Annual risk assessments
- Annual risk assessments are done to identify any potential threats.
- Vendor risk management
- Vendor risk is determined and the appropriate reviews are completed.
Read our reviews
Have questions? Get answers!Live chat with us now →
- How do I report a security incident?
If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at firstname.lastname@example.org. We will acknowledge your email within five business days.
- Is Dooly GDPR compliant?
Yes! Dooly is 100% GPDR compliant (DPA available for all the fine print, just ask).
- How secure is my Salesforce data with Dooly?
Extremely secure. Your data stays private. Top enterprise businesses worldwide choose Dooly every day for a reason. We use the same encryption the NSA uses for classified information (data at rest is encrypted over TLS and AES-256 at rest).
Dooly interfaces with Salesforce data on an as-needed basis, meaning we store very little of your data at any given time. Our servers are managed by Google, taking advantage of their secure-by-design infrastructure and built-in-protection. SOC-2 compliance is underway.