Security & Data Practices

Last updated 9 July 2026

Salesmotion is an account intelligence platform. It monitors publicly available company information (news, filings, earnings calls, job postings, funding events) and turns it into signals, research briefs, and outreach drafts for B2B sales teams. This page explains what data the platform processes, what it does not, and how it is protected, in the order security reviewers usually ask.

1. Public data by design

The intelligence layer of Salesmotion is built on publicly available company information: press and news coverage, regulatory and financial filings, earnings call transcripts, company websites, job postings, podcasts, and funding disclosures. The subject of the data is the company you sell to, not private records about individuals.

This matters for risk assessments: Salesmotion does not process patient data, clinical records, health information, payment card data, or any special-category personal data. For life sciences and other regulated industries, the distinction between tracking target accounts on public data and processing sensitive records typically places Salesmotion in a materially lower risk tier during vendor review.

2. The customer data we do process

To run your workspace, Salesmotion stores:

  • Workspace data: your tracked account list, keyword configuration, and workspace settings.
  • User data: names, work email addresses, and authentication credentials for your team's users.
  • Business contact data: professional contact information for decision-makers at the companies you track (names, titles, business emails and phone numbers), processed in line with applicable data protection laws.
  • CRM data you connect: if you enable the Salesforce or HubSpot integration, the fields you configure to sync. The scope is under your control, and the integration can be disconnected at any time.
  • Usage data: product analytics that help us improve the platform.

3. Infrastructure and encryption

Salesmotion runs on established cloud infrastructure providers in certified data centers. Data is encrypted in transit (TLS) and at rest. Access to production systems is restricted to authorized personnel, authenticated and logged. Backups run automatically, and infrastructure providers maintain their own industry certifications for the physical and platform layers.

4. GDPR and privacy

Salesmotion Limited offers a standard Data Processing Agreement covering GDPR, UK GDPR, and applicable U.S. state privacy laws, including subprocessor terms and international transfer mechanisms. Our Privacy Policy describes processing in full. Data subject requests and deletion requests are honored per the DPA: when a customer leaves, workspace data is deleted on request.

5. Certifications

Salesmotion does not currently hold an ISO 27001 or SOC 2 certification. We are transparent about this because security reviewers ask, and because the platform's narrow data surface (public company information plus workspace configuration) keeps the practical risk profile small. For enterprise evaluations we support security questionnaires, DPIA processes, and vendor reviews with documentation, and we answer them quickly. Several enterprise and life sciences customers have completed vendor review with these materials.

6. Access control in the product

  • Workspace admins control who joins the workspace; users are added by invitation only.
  • Each user has individual credentials; account ownership scopes alerts and visibility.
  • Single sign-on is available for enterprise plans, contact us for details.
  • API access uses scoped keys that can be rotated.

7. Responsible disclosure

If you believe you have found a security vulnerability, email support@salesmotion.io with the details. We acknowledge reports quickly and prioritize verified issues.

Frequently asked questions

Does Salesmotion process patient or clinical data?

No. Salesmotion processes publicly available company information and business contact data. It does not touch patient records, trial subject data, health information, or any special-category data, which is why life sciences vendor reviews typically place it in a low-risk category.

Is Salesmotion GDPR compliant?

Yes. Salesmotion Limited processes personal data in line with GDPR and UK GDPR, offers a standard DPA with subprocessor and international transfer terms, and honors data subject and deletion requests.

Does Salesmotion have ISO 27001 or SOC 2?

Not currently. We state this plainly rather than obscuring it. The platform's data surface is public company information plus your workspace configuration, and we support enterprise security reviews with questionnaires and documentation. If a certification is a hard requirement for your procurement process, talk to us about timeline.

Where can I get a security questionnaire completed?

Email support@salesmotion.io or raise it with your point of contact. Standard questionnaires (including DDQ and CAIQ-style formats) are typically returned within a few business days.