What Is PXM?

What Is PXM?

PXM for Brands

Lead the digital shelf with Product Experience Management (PXM).

PXM for Retailers

Source supplier product content efficiently and at scale with PXM.

What Is the Digital Shelf?

Learn about the digital shelf, including strategies for winning sales.

Build Winning Shopping Experiences

Learn how to engage and convert more shoppers with these winning tips.

Solutions

For Brands

Centralize

Centralize all your product content, no matter where it lives.

Connect

Connect across the digital shelf to deliver engaging product experiences.

Automate

Automate manual processes to improve efficiency and accuracy.

For Retailers

Onboard

Accelerate your retail suppliers and product data onboarding.

Validate

Ensure up-to-date product data is always available to your customers.

Automate

Gain the freedom to scale your business with automation.
Products

PXM Product Experience Management

PIM

Manage all product content in one central system of record.

Syndication

Easily syndicate product content to every consumer touch point.

Enhanced Content

Enrich product pages with below-the-fold content and rich media.

GDSN Data Pool

Synchronize standard supply chain, marketing, and ecommerce attributes globally.

Grocery Accelerator

Leverage the first-ever category-wide PXM accelerator in the grocery industry.

Digital Shelf Analytics

Continuously optimize your organization’s product content syndication.

Catalog Sites

Share secure, on-brand, and always up-to-date digital product catalogs.

Automation and AI

Automate business processes and enhance Salsify workflows with AI.

PXM Platform, Integrations, and APIs

Integrate the PXM platform with the rest of your enterprise systems architecture.

SXM Supplier Experience Management

Supplier Onboarding

Accelerate supplier onboarding while ensuring your schema requirements are met.

Product Listing

Sell products faster with Product Listing.

Content Enrichment

Increase online conversions with Content Enrichment.

Automation

Save time and increase operational efficiency with retail automation.

SXM Platform, Integrations, and APIs

Integrate the SXM platform with the rest of your enterprise systems architecture.

PXM Network

Syndication Network

Automate how you exchange product content data to the digital shelf.

Enhanced Content Network

Turn product pages into product experiences with Enhanced Content.

Commerce Platform Integrations

Create winning product experiences everywhere shoppers are, including on owned sites.

GDSN Data Pool

Synchronize standard supply chain, marketing, and ecommerce attributes globally.

Open Catalog

Connect to the digital shelf faster with an open, standardized, and free product catalog.
Partners

Solution Partners

Find a Solution Partner

Learn more about Salsify solution partners.

Become a Solution Partner

Learn how to become a Salsify solution partner.

Technology Partners

Find a Technology Partner

Learn more about Salsify technology partners.

Become a Technology Partner

Learn how to become a Salsify technology partner.
Resources

Resources

Resource Library

Explore our ecommerce resources to get everything you need to win on the digital shelf.

Blog

Read our blog to get actionable insights for navigating changing markets and industry demands.

Webinars

Watch our on-demand ecommerce webinars to gain expert advice and tips from our community of industry leaders.

Knowledge Base

Investigate our knowledge base to build your Salsify skills and understanding.

Product Updates

Explore the latest news and updates for Salsify products.

API

Examine our comprehensive API and webhook guides to start working with Salsify quickly.
2025 Consumer Research Report - Feature Image

2025 Consumer Research: Meet Every Shopper, Every Channel, Every Moment

Download our report for emerging consumer trends with direct insights from shoppers that will help you thrive on the digital shelf.

Request Demo

      Security and Reliability

      Compliance

      At Salsify, we know your content, product information and personal data/information relating to your customers are some of your organization's most valuable assets. We are committed to protecting your data and the investment you’ve made in our technology and infrastructure. Here are some key security best practices and compliance tools that we employ which we can publicly share.

      ProductXM and SupplierXM

      Salsify has achieved SOC 2 Type II Compliance for its ProductXM and SupplierXM platforms. Salsify certifies its systems annually to AICPA SOC 2 Type II, successfully auditing the operational and security processes of our service and our company. You can request a copy of our SOC2 Type2 report through your Salsify sales or customer success contact.

      The Information Security System that manages the controls around our ProductXM and SupplierXM platform is based on ISO 27001:2013. This certification proves our expertise in securely managing information technology systems. 

      Download the ISO 27001 certificate

      Security

      People

      People can be the greatest asset but also your greatest security risk. We work hard to make sure that everyone in our organization goes through annual security awareness training. New hires are trained as well.

      Our business continuity plans and physical security safeguards help ensure that during a non-system event that people know what to do.

      Our office is secured by security keycode access and other security protection methods. Employees have individual key cards to access our floor.

      We conduct thorough background checks on all of our employees prior to employment, including criminal and personal reference checks.

      Off-boarding procedures are put in place so that access is terminated when someone leaves the organization.

      Process

       

      Standardized Security Processes

      Salsify maintains standard security policies and processes. The policies, standards, and procedures are reviewed at least annually and updated as necessary. Our security framework is built based off of NIST 800 recommendations.

      Salsify arranges for rigorous third-party security assessments to be conducted at least once per year, including network and application vulnerability threats, penetration testing, and application security framework controls auditing. A letter of attestation of the test can be furnished upon customer request.

      We have a formal, management approved Incident Response and Security Incident Response plans. The Incident Response Plan defines the roles and responsibilities for the Incident Commander and supporting roles, as well as the response process, including customer notification, as well as a postmortem process to capture remediation actions. The Security Incident Response plan defines the security incident response team (SIRT) roles and responsibilities, as well as response plan steps.

      Software Development Lifecycle (SDLC)

      Salsify utilizes an agile development process with Continuous Integration (CI). Our CI pipeline includes development, staging, and production environments. This configuration allows for authorized access controls per environment.
      Security is built into each step of our process. Data handling, code deployment, configuration, and patch management each follow security best practices outlined in our security policies and SDLC.

      Our SDLC requires code review and approval for all changes, as well as a green build on all automated tests in our CI environment before deployment. All developed code is reviewed manually and automatically tested for potential security vulnerabilities. We strive to follow OWASP (Open Web Application Security Project) best practices.

      Identified and confirmed security vulnerabilities go through an impact and risk assessment. Patches or other means of remediation are first deployed in a development environment, tested in staging, and then sent into production.

      In addition, automated application penetration tests are run internally on a regular basis.

      Administrative Controls

      Salsify follows the principle of “least privilege”. Our practice is to only issue credentials to the individuals, and systems that absolutely need access to a system or resource. Access can only be granted by a member of our Operations team and is tracked for auditing purposes. Administrators can revoke access at any time; this supports our off-boarding process.

      Technology

       

      High-Availability Architecture

      Salsify hosts all services on resilient and elastically scalable infrastructure, using a fault tolerant application architecture. This ensures high availability and consistent application performance, as described in our Terms of Service.

      Our cloud service providers adhere to industry standard compliance, certifying in ISO 27001, SOC 2 or similar. We obtain and review these reports on an annual basis to confirm compliance.

      All SSL certificates are created and updated with 2048-bit key length and SHA-256.

      Our keys are encrypted and stored using a key management service.

      Disaster Recovery

      Our infrastructure architecture supports a recoverable process. Automated data backups, documented recovery procedures and annual testing ensures that we have everything in place in the event of a disaster.

      Salsify has a defined Recovery Time Objective (RTO) and Recovery Point Objective (RPO) for our service.

      Authentication & Authorization

      Salsify utilizes a cloud service provider solution which includes multi-factor authentication in order to access environments. User defined groups and roles follow our “least privilege” concept. 

      Remote access to infrastructure is restricted to only authorized users and is accessible only through our VPN.

      Log monitoring is in place and we retain audit logs in accordance with our retention policy. Any suspicious activity or unauthorized access triggers alerting to our operations staff. The security team is engaged, as necessary, per our Incident Response plan.

      Passwords are rotated on a regular cadence for staff that supports our infrastructure.

      Customer Data

      We host customer data in a multi-tenant environment. Data segregation is supported at the application level, per customer. This prevents the potential of exposing customer data to unauthorized users at other organizations.

      All traffic is encrypted with a minimum of TLS V1.2. Salsify implements the latest encryption algorithms. We test and upgrade to newer and more secure standards as they become available. We currently use 256-bit AES encryption including the key management service as part of our cloud service provider’s offering.

      Data is also encrypted at rest including our system and database backups.

      Access to customer data is only provided to authorized personnel.

      Product Security

      Authentication & Single Sign-On (SSO)

      We support SAML 2.0 based Single Sign-On (SSO) integrations with many of the large identity providers, such as Okta, Onelogin, ADFS, and Google. This allows for simplicity and a better user experience as a user will only need to account for one login credential.

      Logins are based on only HTTPS requests and each user session requires an authentication token.

      Authorization

      Customers assign administrators in their organization to the Salsify product. These administrators set up user groups for their organization, usually based on the function of the group (ie, Marketing Team). Permissions are defined at the user group level and individuals are assigned to the appropriate group(s).

      Logging

      Application logging occurs using a combination of service providers. Logs are used for troubleshooting, issue resolution and forensic analysis by our development and security teams.

      We retain the logs based upon our retention policy.

      Disclosure

      If you need to report a security concern please email: security@salsify.com.

      If you would like to report a security related bug or configuration issue please review our Responsible Disclosure Guidelines prior to submitting your report.

      For privacy questions or concerns, please refer to our privacy policy.

      Privacy

      GDPR

      Salsify’s IAM system provides a strong foundation for GDPR compliance and can help reduce your risk. You can learn more and download Salsify’s GDPR-compliant DPA by clicking the link.

      Learn more

      CCPA

      As of January 1, 2020, Salsify updated its privacy policy and necessary internal procedures to comply with CCPA.

      Learn more

      Sub-Processors

      To deliver platform services, we leverage selected sub-processors to support certain functionality. The services we engage may change over time as the platform evolves, but a current list of sub-processors is maintained here.

      Learn more

      Data Subject Requests

      You may submit Data Subject Access Requests (DSAR) here.

      Data Request

      Agreements

      TOS

      Terms of Service

      Read Terms of Service
      PDF

      Data Processing Agreement

      Download PDF
      PDF

      US Mutual Non-Disclosure Agreement


      Download PDF
      PDF

      EMEA Mutual Non-Disclosure Agreement


      Download PDF
      Also of Interest
      Copyright © 2025 Salsify. All Rights Reserved Privacy Policy Terms of Service Security Sitemap Glossary