Yes, Salesforce can track your location. Several Salesforce products — including Salesforce Maps, Field Service Mobile, the Salesforce Mobile App, Marketing Cloud, and Consumer Goods Cloud — use GPS, geofencing, and IP-based geolocation to pinpoint where users and customers are in real time. Under the Electronic Communications Privacy Act (ECPA), employers are allowed to monitor employees on company-owned devices when they obtain consent or use the monitoring in the ordinary course of business. A 2023 survey by the American Management Association found that over 78% of major employers use some form of electronic monitoring on their workforce — and location tracking is one of the fastest-growing categories.
Here is what you will learn in this article:
- 📍 Which Salesforce products track location and exactly how each one works behind the scenes
- ⚖️ The federal and state laws that control whether your employer can legally track you through Salesforce
- 🛡️ How to protect your privacy and turn off location tracking on your specific device
- 🚨 The most common mistakes employers make that expose them to lawsuits and regulatory fines
- ✅ Do’s and don’ts for both employees and employers when Salesforce location tracking is involved
How Salesforce Tracks Location: The Core Technology
Salesforce does not rely on a single method to determine where someone is. It uses a combination of technologies depending on the product, the device, and the configuration the employer has chosen. Understanding these methods matters because each one carries different privacy implications, different accuracy levels, and different legal requirements.
GPS (Global Positioning System) is the most precise method. When a user opens the Salesforce Mobile App or Field Service Mobile app, the app can request access to the device’s native GPS hardware. This gives the employer coordinates accurate to within a few meters. The data is only collected when the user grants the app permission through the phone’s operating system settings. On iPhones, this shows up as a prompt asking whether to allow location access “While Using the App,” “Always,” or “Never.”
Geofencing creates a virtual boundary around a physical location. Salesforce Field Service uses geofencing to trigger automatic actions — like clocking in an employee, opening a work order, or sending a notification to a manager — when a mobile worker enters or exits a defined radius. The minimum radius Salesforce allows for a geofence trigger is 100 meters. This means the system does not need to know your exact coordinates to take action — it only needs to know whether you are inside or outside the virtual boundary.
IP-Based Geolocation is less precise but does not require GPS permission. Marketing Cloud Intelligence uses IP addresses to determine a user’s approximate country, region, and city. This method is common for marketing analytics and campaign segmentation rather than pinpoint employee tracking. An employer cannot use IP-based geolocation to see which street you are standing on, but they can see which city you are connecting from.
Bluetooth Beacons work at the smallest scale. The Marketing Cloud MobilePush SDK can detect Bluetooth Low Energy beacons placed inside stores, warehouses, or event venues. When a customer’s phone detects a beacon, the SDK can trigger a push notification or log the interaction. This works within buildings where GPS signals are weak or unavailable.
| Tracking Method | Accuracy | Salesforce Product | Requires User Permission? |
|---|---|---|---|
| GPS | Within a few meters | Field Service Mobile, Salesforce Mobile App | Yes |
| Geofencing | 100+ meter radius | Field Service, Consumer Goods Cloud | Yes |
| IP Geolocation | City-level | Marketing Cloud Intelligence | No |
| Beacon/SDK | Within a store or building | Marketing Cloud MobilePush | Yes |
Salesforce Products That Track Location
Salesforce Maps
Salesforce Maps is a location intelligence tool built directly into the Salesforce platform. It plots Salesforce records — like leads, accounts, and opportunities — as pins on a map based on their address data. Sales managers use it to plan territories, optimize field routes, and visualize where their pipeline is concentrated geographically. The tool integrates with Sales Cloud and Service Cloud, meaning location data flows into broader reports and dashboards.
The product also includes a Live Tracking add-on. Live Tracking allows organizations to monitor the real-time location of delivery drivers, field technicians, vehicles, and company assets. It works by placing a pin on the map that updates as the tracked person or vehicle moves. Managers can see time on site, traffic congestion, and estimated arrival times — all refreshed continuously throughout the day.
One feature that catches many employees off guard is auto-logging. Salesforce Maps can use geofencing to automatically log customer visits when a field rep enters a client’s location. This updates CRM records without the employee doing anything manually. While this boosts data accuracy and eliminates the need for manual check-ins, it also means the system is recording where the employee goes, when they arrive, how long they stay, and when they leave — all without requiring any manual input from the employee.
Salesforce Maps can also be enabled for mobile access, giving field teams access to location data, navigation tools, and route optimization on their phones. This means a field rep is not just being tracked — they are also using location data to plan their day, which creates a two-way data flow between the employee’s device and the Salesforce platform.
Salesforce Field Service Mobile
Salesforce Field Service is purpose-built for organizations that dispatch workers to job sites — think HVAC companies, utilities, telecommunications providers, and healthcare organizations. The mobile app is where most of the location tracking happens. It tracks a mobile worker’s location to automate geolocation-based actions like opening records, triggering quick actions, or silently logging timestamps when workers arrive at or leave a service location.
The system supports three types of automated actions. Platform Alerts silently log a timestamp based on the worker’s location when they arrive or leave a job site — the worker may not even realize this is happening. View Records automatically open a relevant record when the worker enters or exits a geofence. Quick Actions trigger a pop-up — like a parts checklist or a safety acknowledgment — when the worker reaches a specific location.
Here is a real-world scenario. A plumbing company dispatches a technician named Marco to three service calls. When Marco drives within 100 meters of the first customer’s home, the Field Service app detects his entry into the geofence and automatically updates the work order status to “In Progress.” When he leaves, the app logs his departure time and calculates how long he spent on site. His dispatcher sees all of this live on a map dashboard back at the office.
| What Happens | What Salesforce Records |
|---|---|
| Marco arrives at Customer A’s home | Geofence entry timestamp, work order status change to “In Progress” |
| Marco spends 45 minutes on site | Time-on-site calculation logged to the work order |
| Marco leaves Customer A’s home | Geofence exit timestamp, travel time to next job begins |
| Marco arrives at Customer B late | Late arrival flag visible to dispatcher on live map |
| Marco’s van passes near the warehouse | A notification reminds him to pick up a missing part |
Salesforce also provides the ability to exclude specific mobile workers from location tracking. Salesforce acknowledges that not all workers may be legally subject to geolocation monitoring depending on their state or employment agreement, and it provides admin-level controls to turn tracking off for individual users. Workers themselves can also revoke location permissions through their phone’s operating system settings.
The geolocation-based actions feature also ties into worker safety. When a mobile worker arrives at company headquarters, the app can automatically clock them in. When they enter a high-risk service area, the system can notify a manager. When they return from a hazardous job, a confirmation message can be sent to the service territory manager. This creates an automated safety net that does not require the worker to remember to check in.
Salesforce Mobile App and the LocationService API
The standard Salesforce Mobile App is not just for viewing dashboards and reports on your phone. Since 2024, Salesforce has given developers access to the LocationService API, which lets custom Lightning Web Components tap directly into a device’s native GPS hardware. This means a company can build a custom component inside the Salesforce app that tracks your location in real time — and the possibilities are limited only by what the developer codes.
The LocationService API supports two main functions. First, it can determine a user’s current GPS coordinates with a single request. Second, it can subscribe to ongoing location updates, meaning the app receives a callback notification every time the device moves a significant distance. This makes continuous, real-time tracking possible — not just periodic one-time check-ins.
The API is available in the Salesforce Mobile App, Mobile Publisher for Salesforce App, Mobile Publisher for Experience Cloud, and the Field Service Mobile app. It does not work in a standard web browser — whether on desktop or mobile — because it relies on native device hardware that browsers cannot access in the same way. So if you only use Salesforce through your laptop’s browser, this particular tracking method does not apply to you.
As one Salesforce community member explained on Reddit, what the company does with that GPS data is entirely up to the developer and the employer. Salesforce provides the API. The employer’s developer builds the component. The employer decides how to use the data. This could mean displaying your location on a helpful map for dispatching — or it could mean logging every location change to a database for managerial review. Many companies have policies that would prohibit invasive tracking, but many do not.
The critical safeguard here is device-level permission. The API cannot access GPS data unless the user has granted the Salesforce app location access through their phone’s settings. On a personal device, the employee can revoke this permission at any time. On a company-owned device managed through Mobile Device Management (MDM) software, the employer may be able to force-enable location permissions — which raises significant legal questions about consent and privacy.
Marketing Cloud and Customer Geolocation
Salesforce does not limit location tracking to employees. Marketing Cloud’s MobilePush SDK enables businesses to track customer locations through branded mobile apps. When a customer installs a company’s app that uses the MobilePush SDK with location enabled, their device can detect geofences and Bluetooth beacons set up by the business.
Here is how it works in practice. A retail chain sets up a geofence around each of its stores. First, the business integrates the MobilePush SDK into their mobile app with location enabled. Then they define geofences for their store locations and optionally place Bluetooth beacons in key areas. When a customer who has the retailer’s app installed walks within that geofence, their device detects the boundary and alerts Marketing Cloud. Marketing Cloud then triggers a pre-configured message — for example, “Welcome back! Here’s 20% off your next purchase.”
Apple requires apps using this feature to request “Always” location permissions for full geofence and beacon functionality. If a customer selects only “When In Use” authorization, the app will not receive geofence messages when it is running in the background. The MobilePush SDK also only sends precise location updates to Marketing Cloud servers — approximate location data from iOS 14 and above is ignored. This is one reason many users see persistent location-permission requests from retail and brand apps.
Marketing Cloud Intelligence takes a different approach for analytics. It uses IP-based geolocation to map campaign performance by region. This does not track individual movements but does associate user interactions with geographic areas — useful for seeing which country or city generated the most clicks, conversions, or revenue from a campaign.
Consumer Goods Cloud
Consumer Goods Cloud uses geofencing and time tracking for retail field visits. Sales reps visiting retail stores are tracked to ensure they actually arrive at the correct location and spend adequate time there. The Visit object captures the user’s time and location data, and it flags visits that start or complete outside the geofencing range. This is designed to prevent reps from logging visits they did not actually make — a common form of time fraud in field sales organizations.
The system records when the visit began, when it ended, whether the rep was inside the geofence for the duration, and whether the visit met minimum time requirements. Managers can pull reports showing which reps consistently log visits outside of geofence ranges, creating an audit trail that holds the field team accountable.
Federal Law: What the ECPA Says About Tracking Employees
The primary federal law governing electronic employee monitoring is the Electronic Communications Privacy Act (ECPA) of 1986. The ECPA prohibits the unauthorized interception or disclosure of wire, oral, or electronic communications. However, it contains two important exceptions that employers rely on every day to justify monitoring.
The first is the business extension exception. This allows monitoring if the interception device is part of the employer’s communication system and used in the ordinary course of business. If Salesforce is installed on a company-owned phone as part of the employer’s standard toolkit, GPS tracking through that app may fall under this exception — as long as the tracking serves a legitimate business purpose like dispatching, safety, or route optimization.
The second is the consent exception. If the employee agrees to be monitored — usually by signing a workplace policy during onboarding — the employer has broad latitude to track location, communications, and activity. This is why nearly every company that uses Salesforce Field Service or Salesforce Maps requires employees to sign an electronic monitoring acknowledgment before they are issued a device or granted app access.
The ECPA was written in 1986, long before smartphones and GPS-enabled CRM platforms existed. It does not specifically address GPS location tracking, and courts have had to interpret its provisions to fit modern technology. The case of Fercello v. County of Ramsey is one example where a federal court evaluated employer monitoring practices under the ECPA framework. Courts have generally upheld employer tracking when consent was obtained and a business purpose existed, but the lack of explicit GPS provisions means the boundaries are often set by state law and individual court decisions.
Employers should reinforce their rights under the ECPA by maintaining a written policy stating their monitoring practices and having every employee sign it. Employers must also be cautious not to monitor personal communications on private, non-company-owned devices — even if those devices are connected to company networks. These policies should be clearly stated and accessible so that employees are fully aware of what is being collected.
State Laws: Where Tracking Gets Complicated
While federal law provides a baseline, state laws vary dramatically in how they regulate employer GPS tracking. Some states require written consent. Others only require notice. A few have almost no restrictions at all. If your company uses Salesforce to track employees across multiple states, you must comply with the strictest law that applies to each employee based on their location.
California
California has the most comprehensive privacy framework in the country. Under the California Consumer Privacy Act (CCPA), as expanded by the California Privacy Rights Act (CPRA) effective January 1, 2023, employers must inform employees about the categories of personal information being collected, explain the purposes for collection, and allow employees to request access to or deletion of their data. This explicitly includes geolocation tracking data, data collected through monitoring software, and biometric scans.
The CCPA currently requires notice but does not require opt-in consent before collecting geolocation data. However, California Assembly Bill 1355 proposed layering even stricter obligations on top of the CCPA, pushing toward a mandatory opt-in model for location data. AB 1355’s prohibition on making inferences from location data would limit an employer’s ability to monitor remote employees, prevent timecard fraud, or enforce attendance policies. For example, if an employee calls out sick but their Salesforce data shows them logging in from Hawaii, the employer may be unable to question that discrepancy under the proposed law.
The CCPA also requires that monitoring be reasonably necessary and proportionate to the particular employment context, and that the processing purposes are not surprising to employees. Starting January 1, 2027, certain employee monitoring technologies involving automated decision-making will face additional regulation under CCPA regulations.
California also has a constitutional right to privacy that applies in the employment context. GPS tracking on a personal device without consent could trigger a constitutional privacy violation independent of the CCPA — a claim that carries more weight in California than in most other states.
Connecticut
Connecticut was one of the first states to regulate electronic workplace monitoring. Under its electronic monitoring statute, employers must provide prior written notice to all employees who may be monitored. The notice must identify the types of electronic monitoring in use and must be posted in a conspicuous place visible to all affected workers. Consent is not technically required, but the written notice requirement is strictly enforced.
Texas
Texas requires consent before GPS tracking. State law prohibits tracking without the employee’s explicit approval. This applies even to company-owned devices. An employer using Salesforce Field Service in Texas must get each technician’s agreement before turning on geolocation-based actions or Live Tracking. Failure to obtain consent violates state privacy law and exposes the employer to civil liability.
New York
New York allows GPS tracking but requires employers to inform employees before monitoring begins. Under Civil Rights Law §52-c, employers must provide notice of electronic monitoring. The state does not require written consent, but failing to provide notice can expose the employer to statutory penalties and civil liability.
Illinois
Illinois has the Biometric Information Privacy Act (BIPA), which is the strictest biometric privacy law in the country. While BIPA focuses on fingerprints, voiceprints, and facial recognition — not GPS data directly — employers in Illinois should be aware that any Salesforce integration using biometric check-ins alongside location tracking could trigger BIPA obligations. These include obtaining written, informed consent before collecting biometric data and maintaining a published data retention and destruction policy.
Other Notable States
Several other states have specific GPS tracking requirements worth noting. Colorado allows employer GPS tracking but prohibits tracking that causes emotional distress under Vonnie’s Law. Indiana requires written consent before any GPS tracking. Virginia and Vermont both require consent, with Vermont’s anti-stalking law providing an additional layer of protection. Delaware makes it illegal to install a tracking device without the person’s permission.
| State | Consent Required? | Notice Required? | Key Law |
|---|---|---|---|
| California | No (notice only under CCPA) | Yes | CCPA/CPRA |
| Connecticut | No | Yes (written) | Electronic Monitoring Statute |
| Texas | Yes | Yes | State Privacy Law |
| New York | No | Yes | Civil Rights Law §52-c |
| Illinois | Yes (for biometrics) | Yes | BIPA |
| Colorado | No | Recommended | Vonnie’s Law (anti-stalking) |
| Indiana | Yes (written) | Yes | State Tracking Law |
| Virginia | Yes | Yes | State consent statute |
Three Real-World Scenarios
Scenario 1: The Field Sales Rep
Sarah is a pharmaceutical sales rep. Her company issues her an iPad with Salesforce Maps installed and the Live Tracking add-on enabled. Her manager uses Live Tracking to see where she goes during the day and whether she visits all her assigned physician accounts.
| Sarah’s Activity | What the Company Sees |
|---|---|
| Drives to first doctor’s office at 8:30 AM | Live pin shows Sarah traveling; route visible on map |
| Spends 30 minutes at the office | Geofence auto-logs a 30-minute visit to the account record |
| Stops at a coffee shop for 45 minutes | Live pin shows Sarah stationary at a non-account location for 45 minutes |
| Skips her last scheduled visit | No geofence entry logged; manager sees she never arrived |
| Returns home at 3:15 PM | Live pin shows Sarah traveling to a residential location |
Sarah’s employer is within its rights to track her on a company-issued iPad — as long as she was notified and consented during onboarding. If Sarah is in California, the company must have disclosed the categories of data collected and the purpose under the CCPA. If she is in Texas, written consent is mandatory before the first day of tracking. The 45-minute coffee stop could be grounds for a performance conversation, and the skipped visit is documented automatically through the absence of a geofence entry. The key question is whether Sarah knew this level of detail was being captured when she signed her monitoring agreement.
Scenario 2: The HVAC Technician
Derek is an HVAC technician using the Salesforce Field Service Mobile app on his personal Android phone. His company turned on geolocation-based actions so that work orders update automatically when he arrives at a job site. Derek did not realize the app was tracking him until he noticed work orders updating before he even opened the app.
| Derek’s Concern | Legal Reality |
|---|---|
| He uses his personal phone | The company can still track him if he granted app-level location permission |
| He wants to stop tracking after hours | He can revoke location permission in Android settings at any time |
| His company forces “Always On” location | On a personal device, the company cannot technically force this without his cooperation |
| He is in Connecticut | His employer must have provided written notice of the monitoring |
| He revokes permission and gets disciplined | State law may protect him, but at-will employment complicates the picture |
Because Derek uses a personal device, he holds significant power. He can revoke GPS access to the Salesforce app through his phone’s settings, and the app will no longer be able to collect his coordinates. However, if his employer makes location sharing a condition of employment, refusing could lead to disciplinary action — which raises a separate legal question about whether that requirement is enforceable in his state. In Connecticut, the employer needed to provide written notice before tracking began. If they did not, Derek may have grounds for a complaint regardless of his employment status.
Scenario 3: The Retail Customer
Ava downloads a clothing brand’s mobile app. The app uses Salesforce Marketing Cloud’s MobilePush SDK with geofencing enabled. She starts receiving push notifications whenever she walks near one of the brand’s stores. She did not realize that allowing location access on the app would trigger location-based marketing messages.
| Ava’s Experience | What’s Happening Behind the Scenes |
|---|---|
| She downloads the app and allows “Always” location | The MobilePush SDK begins monitoring geofences set by the brand |
| She walks within 200 meters of a store | Her device detects the geofence boundary and alerts Marketing Cloud |
| She receives a push notification with a coupon | Marketing Cloud triggered a geofence-entry message automatically |
| She changes permission to “When In Use” | Geofence messages stop working when the app is in the background |
| She deletes the app entirely | All geofence monitoring for her device stops immediately |
Ava’s data is governed by consumer privacy laws, not employment law. Under the CCPA, the brand must disclose that it collects geolocation data, explain why it is collected, and give Ava the right to opt out of the sale of that data. The brand cannot collect her precise location without her device-level permission. If Ava is concerned about ongoing tracking, the simplest solution is to change her location permission to “Never” or delete the app. The MobilePush SDK requires “Always” permissions for full geofence functionality, so downgrading to “When In Use” effectively disables background location monitoring.
Mistakes to Avoid
Both employers and employees make costly errors when it comes to Salesforce location tracking. Here are the most common ones and their direct consequences.
For Employers:
- Tracking employees without written notice. Even in states that do not require consent, failing to provide notice violates the CCPA and Connecticut’s monitoring statute. The consequence is regulatory fines, employee lawsuits, and reputational damage.
- Tracking personal devices without a clear BYOD policy. If a technician uses their own phone with the Field Service app and the company tracks their location without a written BYOD agreement covering location data, the employer faces invasion-of-privacy claims.
- Failing to turn off tracking after hours. Continuous 24/7 tracking on company devices — even when the employee is off the clock — has been challenged in courts as exceeding the “ordinary course of business” exception under the ECPA. After-hours tracking without justification weakens the employer’s legal defense.
- Not encrypting or securing location data. Salesforce stores location data in its cloud. If that data is breached and the employer did not use Salesforce Shield encryption or follow data privacy best practices, the employer is liable under state breach notification laws.
- Ignoring multi-state compliance. A company with field workers in California, Texas, and New York must follow three different sets of rules. Applying a one-size-fits-all policy nationwide risks violating the strictest state’s requirements and triggering enforcement actions.
For Employees:
- Assuming the company cannot see your location. If you granted Salesforce location permission on your phone, the app can collect GPS data. Many employees forget they approved this during initial device setup.
- Not checking app permissions regularly. Mobile operating systems update, and permissions can change or reset. Review your location settings for the Salesforce app at least quarterly.
- Refusing tracking without understanding the consequences. In most at-will employment states, an employer can make GPS tracking a condition of employment. Refusing may be your right, but it could also cost you the job depending on your state’s laws and your employment agreement.
Salesforce’s Built-In Privacy Controls
Salesforce does not ignore privacy concerns. The platform includes several tools designed to help organizations comply with data protection laws and manage individual privacy preferences.
The Individual Object lets organizations track a person’s data privacy preferences directly within Salesforce. Administrators can record whether someone has consented to geolocation tracking, web activity monitoring, data sharing, or solicitation. The Individual record links to Contacts, Leads, Person Accounts, and Community Users. When a person’s preferences change, the organization must update the record and honor the new preference by adjusting what data is collected and how it is used.
Salesforce also supports data obscuring and deletion for compliance with the CCPA and GDPR. When a person exercises their right to be forgotten, the organization can either delete the record entirely or replace personal data with generic values — for example, using “Forgotten” as the last name field. Salesforce recommends consulting legal counsel before choosing between obscuring and deleting because personal data may be linked to workflows, automation rules, or related records that could break if the data is removed.
Salesforce Shield provides platform-level encryption for personal data fields, including the Name field in data privacy records. Organizations handling sensitive location data should use Shield encryption to protect against unauthorized access — both from external threats and from internal users who should not have visibility into employee location histories. Custom fields containing location data can also be encrypted.
Do’s and Don’ts
For Employers
| Do | Don’t |
|---|---|
| Provide written notice to all employees before enabling any location tracking feature | Track employees without disclosure — even on company-owned devices |
| Create a BYOD policy that explicitly addresses Salesforce location data collection | Assume that tracking on personal devices is automatically legal |
| Limit tracking to work hours whenever operationally possible | Monitor employees 24/7 without a documented, specific business justification |
| Encrypt location data using Salesforce Shield or equivalent security tools | Store raw GPS coordinates in unencrypted fields without access controls |
| Review the privacy laws for every state where you have field workers | Apply one state’s rules to your entire national workforce |
| Document consent with signed acknowledgments stored in each employee’s file | Rely on verbal agreements, implied consent, or generic handbook language |
For Employees
| Do | Don’t |
|---|---|
| Read your employer’s monitoring and BYOD policy before signing it | Assume Salesforce cannot track you because it is “just a CRM” |
| Check your phone’s location permissions for the Salesforce app regularly | Forget that granting “Always” location access enables 24/7 background tracking |
| Ask your employer in writing what location data is collected and how long it is stored | Ignore the BYOD policy — it likely contains location tracking provisions |
| Know your state’s specific laws on employer GPS tracking | Assume federal law is the only law that matters for your situation |
| Revoke location access on personal devices if you are uncomfortable with tracking | Disable tracking on a company-owned device without first discussing it with your employer |
Pros and Cons of Salesforce Location Tracking
Pros
- Operational efficiency. Dispatchers can assign the nearest technician to an urgent service call, reducing response times, fuel costs, and customer wait times.
- Accurate CRM data. Auto-logged visits eliminate the need for manual check-ins, which are often forgotten, delayed, or falsified by field reps under pressure.
- Customer experience. Real-time ETAs and automated arrival notifications improve customer satisfaction scores and reduce “Where is my technician?” calls to the support center.
- Safety monitoring. Employers can locate workers who enter hazardous areas or fail to check in from a remote job site, enabling faster emergency response.
- Accountability. Location data provides objective, timestamped evidence of work performed — protecting both employers and employees in performance disputes or billing disagreements.
Cons
- Privacy erosion. Continuous tracking can feel invasive, especially on personal devices or when tracking continues outside of scheduled work hours.
- Legal exposure. Non-compliant tracking programs can result in CCPA fines, invasion-of-privacy lawsuits, and significant reputational damage.
- Employee morale. Workers who feel surveilled report lower job satisfaction and higher turnover intentions, which can offset the productivity gains from tracking.
- Data security risk. Stored GPS coordinates are sensitive personal data. A breach could expose employees’ daily movement patterns, home addresses, and routines.
- Over-reliance on data. A 45-minute stop at a coffee shop might look like slacking on a dashboard, but the employee might have been on a client call or waiting for a delayed appointment.
Key Entities and Their Roles
Understanding who is involved in the Salesforce location tracking ecosystem helps clarify where responsibilities and risks fall.
- Salesforce (the company) provides the platform and tracking tools. It does not decide how individual employers use location data. Salesforce publishes data privacy best practices and builds compliance tools like the Individual Object and Shield encryption, but it places the legal responsibility for lawful use squarely on the customer.
- The Employer (Salesforce customer) configures which tracking features to enable, decides who gets tracked, sets retention policies, and determines what happens with the collected data. The employer bears all legal responsibility for compliance with the ECPA, CCPA, and applicable state laws.
- The Salesforce Administrator is the technical person who sets up location tracking within the platform — enabling geofences, configuring the LocationService API, managing user permissions and profiles, and building reports on location data.
- The Employee (end user) is the person being tracked. They control device-level permissions on personal devices, have rights under state privacy laws to know what data is being collected, and in some states can request deletion of their location data.
- The FTC and State Attorneys General enforce privacy laws at the federal and state levels. The California Attorney General and the California Privacy Protection Agency enforce the CCPA/CPRA, while other state AGs enforce their respective monitoring and privacy statutes.
- Mobile Device Management (MDM) Providers are third-party tools employers use to manage company-owned devices. MDM software can force-enable location permissions, install apps without employee action, and prevent employees from changing certain settings — making tracking on company devices much harder to avoid.
FAQs
Can Salesforce track my location without my knowledge?
No. Salesforce requires device-level location permission from the phone’s operating system. Your phone will prompt you before granting access, and you can revoke that permission in your settings at any time.
Can my employer see my location when I am off the clock?
Yes. If you granted “Always” location permission and your employer has configured continuous tracking in Salesforce, your location data is visible even outside of work hours.
Can I turn off Salesforce location tracking on my personal phone?
Yes. Go to your phone’s settings, find the Salesforce or Field Service app, and change location permission to “Never.” The app will no longer access your GPS data.
Is Salesforce location tracking legal in California?
Yes. Employers can track employees with proper notice under the CCPA. Opt-in consent is not required under current law, but the employer must disclose what data is collected and why.
Does Salesforce Maps track employees in real time?
Yes. The Live Tracking add-on for Salesforce Maps shows real-time locations of field workers, vehicles, and assets on an interactive map with continuous updates throughout the day.
Can Salesforce track me through a web browser?
No. The LocationService API does not access native GPS hardware in a browser. Desktop Salesforce users cannot be GPS-tracked, though IP-based geolocation may reveal an approximate city.
Can I be fired for refusing to share my location with Salesforce?
Yes. In most at-will employment states, an employer can make location sharing a job requirement. Refusing could lead to termination, though some state laws may provide additional protections.
Does Salesforce sell my location data?
No. Salesforce is a platform provider and does not sell individual user data. Your employer controls the data collected through Salesforce and must comply with CCPA rules on sharing personal information.
Can customers be tracked through Salesforce Marketing Cloud?
Yes. If a customer’s mobile app uses the MobilePush SDK with location enabled, the business can detect when the customer enters a geofence and send targeted push notifications.
Is GPS tracking through Salesforce accurate?
Yes. GPS-based tracking through the Salesforce Mobile App or Field Service is as accurate as the device’s native GPS sensor — typically within a few meters under clear-sky conditions.
Does the ECPA protect employees from Salesforce GPS tracking?
No. The ECPA has exceptions for employer monitoring with consent and in the ordinary course of business. Most employers satisfy these exceptions through signed monitoring policies.
Can Salesforce track my location if I use a VPN?
No. A VPN masks your IP address for IP-based geolocation, but it does not affect GPS tracking. If you granted GPS permission to the Salesforce app, a VPN will not hide your physical location.