Data Security Practices

This document explains how the Geopointe application handles our customer’s data in order to deliver the functionality we offer.

Common Principles

Common principles that Geopointe adheres to are…

  • Geopointe runs natively in your Salesforce system, not on Geopointe servers.
  • Your data stays in your Salesforce system and Geopointe uses it directly within your Salesforce system.
  • Geopointe adheres to Salesforce’s data security model. A Geopointe user is only able to map data they have been given access to through the Salesforce Sharing Model. If a user cannot see a record in Salesforce, they cannot map it in Geopointe.
  • Geopointe adheres to Salesforce’s field-level security model. A Geopointe user is unable to see fields they would not otherwise see in the application.
  • All mappable data and geocode data is stored in your Salesforce system. With the exception of any items documented below, data does not leave a Geopointe customer’s Salesforce system.

External Services

In order for Geopointe to fully operate, it must communicate with external services. Those services are listed below. All external URLs that Geopointe communicates with are also setup as Remote Site Settings which you can find at Setup | Security | Remote Site Settings in Salesforce.

Endpoint URL
Description Arrowpointe’s Salesforce system Geopointe API endpoint Google web services endpoint for many APIs Google Maps website Google Maps web services endpoint for APIs MixPanel API endpoint SpatialKey API endpoint built for in partnership with Geopointe

The Geopointe Master Services Agreement further discusses our legal relationship with these 3rd parties as needed.

Geopointe customer’s Salesforce systems communicate with Arrowpointe’s Salesforce system for a few reasons.

  • The Geopointe Setup page has an Organization Settings section where our customers can input contact information and other preferences. This information is sent to Arrowpointe’s system for support purposes.
  • Select customer settings and Map Object configurations are sent back for the purposes of helping us understand how the application is being used. This helps especially for support purposes, but also helps us understand how the application features are being used.
  • Upon completion of each Geocoding job, metrics for the job are sent to Arrowpointe. These include #of records processed, # of records, geocoded, # successes, # failures, failure reasons. We use this information to track geocoding usage and also to proactively follow up with customers having issues. Detailed information about the actual records being geocoding are not communicated back to us.

As Geopointe has matured, it has required us to build our own APIs to provide services to our customers. This URL must be available on your company network. We have submitted this URL to the major players in the corporate firewall space, but it could not hurt to whitelist this URL on your firewall if you have a whitelist policy. We use as this endpoint. We currently use this endpoint for two purposes:

  • The Map Markers for the map are generated by our servers to allow us to provide a rich library of options. This communication takes place from the client browser.
  • Geopointe provides a library of boundary data that is usable from within the map and in our automated assignment features. In both cases, communications are made to our API to retrieve the detailed boundary data. When these boundaries are saved in customer systems, only a reference to our library is saved, not the actual boundaries themselves.
  • Demographics data is delivered through this endpoint. A Geopointe system makes a request to this endpoint and the API responds in the form of map tile images that overlay the Google Map in the browser.
  • For customers using our old Static Map API, we provide these images through this endpoint.
  • Geopointe's geocoding operations occur through this endpoint. We then geocode your data with Google.

Most customers have questions about the data sent out for a geocode. Geopointe contains a batch process that communicates with this endpoint to obtain geocodes (latitude and longitude) for address data. No information that identifies the Geopointe customer is sent and the custom data that is communicated is limited to the address and the record ID from which it came.

A typical request looks like below.

        street: '123 Main St',
        city: 'Philadelphia',
        postalCode: '19107',
        stateProvince: 'PA',
        country: 'US'
        recordId: '0011400001eJBQM'

Geopointe communicates this information in batches of 200 records at a time unless our customers has configured a different limit.

Google offers a number of APIs and most of them are hosted under this domain. Geopointe uses this domain to communicate to those APIs offered by Google.

Google offers a number of Mapping APIs and most of them are hosted under this domain. Geopointe uses this domain to communicate to those Mapping APIs offered by Google.

This endpoint has been deprecated from use in Geopointe.

A service called MixPanel ( is used for tracking application feature usage. This is primarily done to understand how users are interacting with the user interface, what features are being used and how often. This provides us input into our roadmap and user experience design.

A Geopointe Analytics feature exists and, if licensed by the Geopointe customer, it provides a mechanism for pushing data to a 3rd party geo-analytics service, SpatialKey ( This transmission is done via the Salesforce servers at the request of a licensed Salesforce user. Prior to utilizing this feature, the Geopointe customer is made aware that their data will leave Salesforce.

KML Hosting

Geopointe provides the ability to add KML files to the map. When creating a new KML Layer, the user is prompted to upload the KML file. This file will be upload to and hosted on Geopointe servers. This file is encrypted with a randomly generated customer provided AES-256 encryption key. Geopointe has no way to access or view the content of the uploaded file. Only your company can access the file with the provided key, which is an automatic process when using the Geopointe application.

Thematic Layers

Thematic Layers allow you to aggregate, group, and color your Salesforce data by geographic regions. This is a very computational intense operation that cannot be performed on the platform due to technical limitations. It requires us to send some of your data outside of to Geopointe servers. The data sent to Geopointe servers is as follows:
  • Organization Id
  • Record Id
  • Latitude and Longitude coordinates of records used in the thematic layer.
  • Numeric field values used for the thematic map.
  • Obfuscated numeric field labels.
For example, if a Data Set is syncing Account data that has two numeric fields of Revenue ($45,666) and Number of Employees (4), it would look like the following when stored in Geopointe servers.
"876573454": 45666
"127489962": 4
An admin must opt-in and enable Thematic Layers before any data is sent to Geopointe servers. All data is stored in an encrypted at rest database on AWS servers using an AES-256 key.