Salesforce security and privacy FAQs
We have a firewall in place. Can we allowlist Sprout IP addresses?
Sprout can't guarantee or provide a list of static IPs. We use AWS and Cloudflare which leverage dynamic IPs.
To allow Sprout traffic, we recommend creating a new Salesforce user profile for the integration user that is used when connecting Sprout and disabling the IP restriction.
What API does Sprout use to connect to Salesforce?
Sprout uses the Salesforce REST APIs to connect to Salesforce.
How does authentication with Salesforce work?
Sprout uses OAuth 2 to authenticate Sprout’s access to a Salesforce instance. The credentials stored in Sprout’s systems are short-lived and are refreshed per Salesforce’s exposed OAuth 2 mechanism.
What Salesforce data does Sprout store?
All data is live-queried and nothing is stored within the Sprout system except for ID information such as contact ID and case ID.
What data does Sprout have access to?
The integrations have access to whatever data the customer "pushes" to the integration by creating a new entity. With our pre-fill functionality, this data can include:
- Message data
- Network profile data such as name, username
- Sprout CRM data such as email address, phone number, etc.
- Sprout metadata, such as tags
Do social users opt-in or consent to data being transferred to a CRM tool?
For our integrations, we are compliant with the privacy and partner terms set by the social networks. The end user opts in when they accept the terms of the social platform. Sprout Social does not store or send any PII data to our integrations automatically.