November 6, 2025 · Agentforce · 8 min read
Data Privacy & Trust Architecture
Agentforce operates under the same Data Processing Addendum as other Salesforce services. Key privacy controls:
- Zero data retention for model training — customer data isn't used for model training or retained beyond the immediate task
- Bring Your Own Model — for organizations wanting full control, models run within the trusted boundary
- Data masking & logging — sensitive information masked before being passed to models
Security & Compliance
- Guardrails & topic controls — agents operate within defined topics, reject inappropriate prompts
- Attribute-Based Access Control — data masking policies, purpose-based sharing
- Audit & monitoring — logs, usage tracking, governance dashboards
- Certifications — ISO 42001, ISO 9001, PCI covered
Best Practices for Regulated Deployments
- Define data domains and access policies
- Use trusted model boundaries for sensitive data
- Apply least-privilege and dynamic masking
- Establish governance board with business, IT, compliance stakeholders
- Monitor continuously via Command Center
- Pilot with lower-risk workflows first
Discuss Agentforce security for your organization →