Compliance
At GridMate, security, privacy, and trust are non-negotiable. Here’s how we keep your data safe and ensure you stay in control at all times.
App Security
GridPal LLC does not have access to your Salesforce instance by default. Customers and prospects may optionally grant temporary login access for support purposes, in accordance with Salesforce’s recommended process.
GridMate is a set of Lightning Components — all 100% native to the Salesforce platform. Our package is a Salesforce-certified managed package, listed on the AppExchange, and installed directly into your Salesforce org. No third-party services are required to run the software.
All GridMate components are built to comply with Salesforce’s native security model, including:
FLS (Field Level Security)
CRUD (Object-Level Permissions)
Sharing
As part of being listed on the Salesforce AppExchange, GridMate undergoes an annual security review, along with reviews for each patch release.
Security and trust are core to our values. If you discover or suspect a security issue, please contact us at support@gridmate.io.
Data Privacy
Privacy is one of our core values. The GridMate package does not collect or store any usage data from customer Salesforce instances.
GridMate includes an export feature that allows end users to download data locally. This feature can be disabled by a Salesforce Administrator at any time, based on user or profile-level permissions, depending on your internal policies.
As part of our sales and customer support process, we collect and store:
Publicly available data
Information provided directly by prospects or customers through communication
Licensing data made available via Salesforce AppExchange’s license management system
Sales data is securely stored in our Salesforce org, and used strictly for sales, support, and renewal purposes.
We do not collect, store, or share any customer or prospect data during support interactions.
As a Salesforce ISV, we remain fully aligned with Salesforce’s Security & Trust principles.
FedRAMP Assessment
GridMate has been reviewed by Fortreum LLC, a certified 3PAO (Third-Party Assessment Organization), for use in Salesforce Government Cloud environments.
As part of this assessment:
GridMate was evaluated against the full set of FedRAMP Moderate baseline controls, as defined by NIST 800-53 Rev. 5
The attestation confirms that GridMate:
- Operates entirely within Salesforce Government Cloud infrastructure
- Inherits relevant FedRAMP controls from Salesforce
- Requires no separate infrastructure or third-party systems
- Does not require standalone FedRAMP authorization
For more details, view our FedRAMP Attestation Letter here.
Questions?
If you have any questions about security, compliance, or data privacy, please reach out to our team at support@gridmate.io.