Security & Compliance

We take security very seriously across all our cloud services, and aim to lead the market in certifications, policies, architecture and response. is a 100% web-based application and it is not available on-premises. It uses oAuth 2.0 so users can log into with existing Salesforce credentials without compromising security.

The CSV file used to import, export or delete data in Salesforce is stored within our data centers, so users can re-run the same task without having to upload/download the file again. CSV data can be completely removed from our servers by deleting a task from UI. Also, since July ‘16 release we allow users to save result files externally to cloud services like (S)FTP, Box, Dropbox and avoid information to be stored in our data centers (more information here).

From a security standpoint, all communications are securely encrypted and only resource owners have access to the CSV file - no other user (within the company or external party) has access to the data. In addition, we use Amazon S3 server-side encryption and Amazon RDS encrypted instances that uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt data. For information about our terms of service please refer to MuleSoft Privacy PolicyAlso, all our communications are securely encrypted using SSL.

In regards to HIPAA, MuleSoft is not subject to HIPAA regulations, as we do not directly handle personal health information. HIPAA is only applicable to covered entities.

We are also a level 1 PCI service provider and are SSAE16 certified. You can see more about our approach to security at our Trust Center.

Have more questions? Submit a request


Article is closed for comments.