Learn more about how Dooly is safe and secure for enterprise 🔒

Laura Liggett avatar
Written by Laura Liggett
Updated over a week ago


Global enterprise revenue teams – including some of the largest Cloud 100 companies – trust and rely on Dooly.

  • Compliance: Dooly's information security program maintains full SOC 2 and GDPR compliance.

  • Cloud security: Dooly’s services are hosted on the Google Cloud Platform. Google Cloud employs a robust security program with multiple certifications.

  • Access security: Access to Dooly systems is closely managed and monitored.

  • Vendor and risk management: Dooly completes annual risk assessments to identify any potential threats.

Frequently Asked Questions

How easy is Dooly to set up and use?

Dooly connects to your Salesforce instance in seconds. There is no manual setup or IT support required by the user.

How does Dooly integrate with Salesforce?

Dooly accesses Salesforce using OAuth. Salesforce users are prompted to explicitly grant Dooly access to do requests on behalf of their account. OAuth tokens are automatically expired by Salesforce according to the session timeout and a refresh token policy setting configured on your instance. Tokens in our database are encrypted at rest, in transit, and use AES-256 on our live database.

What Salesforce editions does Dooly support?

Dooly only supports paid Salesforce editions. Dooly no longer supports Salesforce Dev, Trial, or Scratch editions.

Is any customer data stored in Dooly?

We don't store your Salesforce data as most other sales tools do. We very intentionally built Dooly from the ground up to access Salesforce data on demand. When data needs to be shown in Dooly, it’s fetched directly from Salesforce. We don't save your Salesforce data in our database, except for content created inside Dooly. Information that is stored in Dooly includes: user emails, user name, notes taken by the user, and call recordings (if using Dooly’s call recording service).

What can Dooly read in Salesforce?

Dooly has access to Salesforce data according to the user’s Salesforce account permissions, including account and opportunity data.

Are a user’s Salesforce permissions respected in Dooly?

Yes. A user's Dooly permissions are governed by a user’s Salesforce account permissions, as enforced by the Salesforce API. So a user can only access objects, fields, and other resources in Dooly that are also accessible to them in Salesforce.

How secure is my Salesforce data with Dooly?

Extremely secure. Your data always stays private. Top enterprise businesses worldwide choose Dooly every day for a reason. Data in transit is encrypted over TLS and data at rest with AES-256. Plus, our servers are managed by Google. So we can take advantage of their secure-by-design infrastructure and built-in protection.

Is Dooly SOC 2 Compliant?

Yes. We maintain SOC 2 compliance and have continuous monitoring in place to ensure we stay compliant.

Is Dooly GDPR Compliant?

Yes. Under GDPR, Dooly is a processor, customers are controllers, and third parties that receive customer data are sub-processors.

Does Dooly support Okta?

Yes. You can push your existing Okta groups to Dooly, so employees get signed up and added to Dooly. Okta works with Dooly so administrators can control users and permissions on a per-user basis. If you require Okta for your team, please contact

Is Dooly listed on the Salesforce App Exchange?

Yes. And Dooly passed a comprehensive security review to do so.

Do you maintain an infosec program?

As part of our commitment to keeping your data safe, we follow a rigorous information security program that follows the criteria set by the SOC 2 framework.

Have more questions about security?

If you require an infosec review or have questions, please contact us at

Did this answer your question?