You are here:
Encryption
In Einstein Activity Capture, encryption means a layered approach to data protection.
Required Editions
| Available in: Lightning Experience |
| Available with Einstein Activity Capture Standard in Sales in Starter, Pro Suite, Professional, and Enterprise Editions |
| Available with Unlimited Edition, Einstein 1 Sales Edition, and Agentforce 1 Edition |
| Available with Einstein for Sales, which is included in Einstein 1 Sales Edition and available for an extra cost in Enterprise and Unlimited Editions |
| Available with Sales Engagement, which is included with Sales in Performance and Unlimited Editions, and available for an extra cost in Professional and Enterprise Editions |
| Available with Revenue Intelligence, which is available for an extra cost in Enterprise and Unlimited Editions |
Einstein Activity Capture handles encrypted email fields in these ways.
- When you encrypt the Contact Email field, Einstein Activity Capture can’t read the encrypted data. It attempts to sync contacts by using the first matched email field it finds, whether custom or standard.
- When you encrypt the User Email field, Einstein Activity Capture stores an unencrypted
copy of user emails in a hidden field for matching.
Data synced to Salesforce main instance, such as email, activity, and contact data, supports Shield Platform Encryption and the Bring Your Own Key (BYOK) service.
Shield Platform Encryption isn’t available for captured emails and events. Instead, Salesforce encrypts the data at rest by using AES-256 server-side encryption.
Shield Platform Encryption
When Shield Platform Encryption is enabled, synced emails and events on the activity timeline show the names of encrypted contacts and leads.
Salesforce uses Transport Layer Security (TLS) 1.2 or higher to protect synced events and contacts during transfer. For authorization, Einstein Activity Capture requires that the data connection meets Salesforce TLS security requirements.
Salesforce uses TLS 1.2 or higher and HTTPS to protect data moving between the user’s email account, Salesforce platform servers, and Activity Platform Hyperforce infrastructure servers. Token-based authentication is used to protect transferred data.
Shield Platform Encryption is supported when syncing contacts and events, with some exceptions. For details, see Considerations for Setting Up Einstein Activity Capture.
If your org uses Shield Platform Encryption, review these considerations for Einstein Activity Capture.
- Einstein Activity Capture encrypts captured data by using its own methods. Shield Platform Encryption doesn’t apply to captured data unless it’s synced to Salesforce records.
- If source data is encrypted, related Einstein Activity Capture data can appear masked. For example, if you encrypt contact names, they appear masked on the activity timeline unless the user has permission to view encrypted data.
- If you encrypt the User Email field, Salesforce stores an unencrypted copy of the email address in a hidden field to support record matching. While Shield Platform Encryption doesn’t prevent Einstein Activity Capture from working, Salesforce stores necessary data in plain text to facilitate matching logic.
