Last updated:
1. Who we are
CIO Pipelines is a Salesforce managed package built and operated by Creative Round Ltd. ("we", "us"). The package runs entirely inside the customer's Salesforce org. We do not host customer data on our infrastructure.
2. What data the package processes
CIO Pipelines processes Salesforce records that the running user is permitted to see (Contact, Lead, Account, Opportunity, Case) and read-only Customer.io engagement data fetched live from Customer.io's App API on each panel render. No customer data is shipped from the subscriber's Salesforce org to Creative Round's infrastructure.
3. Outbound traffic
The only outbound HTTP traffic from the package is to the configured Customer.io endpoints:
cdp.customer.ioorcdp-eu.customer.io(Pipelines CDP write)api.customer.ioorapi-eu.customer.io(App API read)
No analytics, telemetry, or usage reporting is sent to Creative Round.
4. Credentials
Customer.io API credentials are stored in EncryptedText fields with Salesforce platform encryption (AES-256). Subscriber-org users see masked values unless they hold the "View Encrypted Data" permission.
5. Data retention
Activity log bodies are retained for 30 days by default (admin-tunable, 7-day floor). A daily purge batch ships in the package. The activity log can be configured to skip body capture entirely.
6. Subprocessors
We have no subprocessors. The customer's Salesforce org and Customer.io are the only systems in the data path.
7. Marketing site
This marketing site (ciopipelines.com) is a static site hosted on Cloudflare Pages. We do not operate analytics on this site. Cloudflare provides edge logging for security purposes per its standard data processing terms.
8. Contact
Questions about this policy: [email protected].
Need a SOC 2 questionnaire response or a custom DPA? Available on the Enterprise tier.
Talk to us