More than 22,000 businesses world-wide trust Cloudingo with their data.

As a team we’ve worked on SaaS solutions since 2003. Customer security and privacy are at the forefront of every decision we make regarding development, support, and expansion of Cloudingo. We combine enterprise-level security with extensive audits of our application, systems, and networks to ensure customer and business data is always protected. Our customers rest assured knowing their data is safe, their interactions are secure, and their businesses are protected.

We’re a certified Salesforce ISV (Independent Software Vendor) company.
This means we must meet Salesforce’s strict partnership requirements, including periodic security reviews. We proudly exceed the vigorous security standards every year. For you, this means that you can trust that you’re working with a loyal, trustworthy company.

The security behind Cloudingo

When records are modified in Salesforce, the Cloudingo agent (which is 100% Force.com and sits inside Salesforce) looks at the filters setup inside the Cloudingo web portal. If Salesforce records are within the scope of the filters, the agent logic fires.

When you click on a group of duplicate records in the Cloudingo portal, Cloudingo makes a real-time API call to Salesforce to display the records side-by side. Once a merge takes place, the Cloudingo Web Portal calls the native Salesforce merge command. The actual data is not cached, so as soon as you move off the Cloudingo merge screen, information is released from the Cloudingo UI and only exists in Salesforce.

Access to Data
What we see
Outside the indexed fields, we receive some stats from Cloudingo, but they are only raw numbers based on the filters within our application. (This is equivalent to Salesforce knowing how much data is stored in the instance or in a given object)

From our logs, we can report on the configuration of Cloudingo filters as well as their results in terms of raw numbers (numbers of duplicates identified).

What we don’t see
Cloudingo team members cannot see your Salesforce instance. In the event that our team needs to troubleshoot merge/convert issues due to flows, validation rules or custom Apex, we’ll request support access via the native Salesforce login-as feature.
Data Storage
What data is stored
Cloudingo stores very little data, only field maps and the data from the primary field used to establish matches. See our Data Protection Addendum (DPA), here.
Credentials
Salesforce credentials are stored in Cloudingo. They are fully encrypted. Once saved, they can be updated as needed but never viewed again.
Real-time API Calls When opening a group of duplicates, Cloudingo employs a sophisticated algorithm to make a secure Salesforce API call (via either OAuth or with the stored AES encrypted credentials for the user) to pull the data in real-time for user review. Once the group is closed, the data is released.
Resources and Data Usage
Resource conservative
Cloudingo uses the minimum amount of resources possible while balancing the actual speed of the responses back from Salesforce. Cloudingo strives to get the most out of every API call so that any other applications or custom codes in Salesforce you may be using also have plenty to work with. This is why we work hard to performance tune the native agent and save resources whenever possible including CPU cycles, heap size, message size, DML rows, “bulkified” triggers, etc.
Index modes
Cloudingo automatically switches between “real-time” index mode and “batch” index mode based on user preferences and available resources. You can also easily apply hard limits on resources.
Network Security
256-bit SSL Encryption
Any and all information that you see and interact with inside Cloudingo is protected using industry standard 256-bit SSL encryption. When you pull up a group of potential duplicate records, Cloudingo actually pulls those records in real-time so that the application can avoid storing data. The Cloudingo Agent (AppExchange managed package) acts like a secure endpoint that whitelists servers used by the application inside Salesforce (called “trusted sites”). Our servers then only talk to whitelisted Salesforce servers to perform merges.
Regular Security Audits
As an application listed on the Salesforce AppExchange, Cloudingo is subject to a mandatory annual security audit. Every year Cloudingo has passed Salesforce’s intensive audit without fail. Internally we perform security audits each time a release goes out (oftentimes more frequently).
3rd Party Penetration Testing
Annual 3rd party penetration testing.
Servers and Compliance
Location
Both our hardware and all members of the Cloudingo team are located in the United States. Nothing is outsourced.
SOC 2 Type II
Cloudingo is SOC 2 Type II compliant. All the standard physical security features are present: biometric access controls, intrusion detection, redundant power feeds and generators, fire suppression, climate control, etc.
Whitelisted Servers
The Cloudingo servers are whitelisted, and the Salesforce servers are the only servers allowed to communicate with the Cloudingo web service end-points.
Monitoring
All systems, networked devices, and circuits are constantly monitored by our security team.

Made in America

Our company, our team, and all of our hardware are located in the USA. We do not outsource jobs, projects, hosting, or anything at all.

Do you need more support? Check out our help website.