Enterprise-grade data security, built from the ground up
Your data is encrypted, audited, and handled with the same rigor your compliance team demands. Security isn't a feature — it's the foundation.
Built for enterprise trust
Every layer of Salmon is designed with security, privacy, and compliance as first-class requirements.
SOC 2 Compliance
We are actively pursuing SOC 2 Type II certification. Our infrastructure, access controls, and data handling procedures are built to SOC 2 standards from day one.
GDPR & CCPA
Full compliance with GDPR and CCPA regulations. We process only publicly available and licensed data — no private user scraping. Privacy by design, not afterthought.
Data Encryption
All data encrypted in transit (TLS 1.3) and at rest (AES-256). API communications are encrypted end-to-end. No plaintext data storage at any point in the pipeline.
Role-Based Access Control
Granular RBAC across all platform functions. Team members see only the data relevant to their role. Admin controls for provisioning, deprovisioning, and permissions.
Audit Logging
Every data access, modification, and API call is logged with timestamps, user identity, and action context. Full audit trail for compliance reviews and internal governance.
Infrastructure Security
Cloud-hosted on enterprise-grade infrastructure with redundant systems, automated failover, and 99.9% uptime SLA. Regular penetration testing and vulnerability assessments.
How we handle your data
Salmon operates on a principle of minimal data exposure. We access only the data fields required for enrichment and verification, and we never store raw CRM exports beyond the processing window.
Our AI engine queries external sources in real time and returns verified results. We don't maintain persistent copies of your CRM data — enrichments are streamed directly into your system.
For API customers, all requests are authenticated via scoped API keys with configurable rate limits. Every response includes source attribution and confidence scoring for full traceability.
- No persistent storage of raw CRM data beyond processing
- Ethically sourced data from public and licensed sources only
- No scraping of private, gated, or sensitive user data
- Scoped API keys with configurable rate limiting
- Source attribution and confidence scoring on every field
- Data deletion on request, compliant with right-to-erasure
The standards we hold ourselves to
We're building Salmon to meet the security and compliance bar that enterprise customers require.
SOC 2 Type II
In progress
GDPR
Compliant
CCPA
Compliant
TLS 1.3 + AES-256
Encryption standard
99.9% Uptime
SLA on enterprise
Need details for your security review?
We're happy to walk your security and compliance team through our practices, share documentation, and answer any questions.