Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Jan. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	When a company purchases our service offerings, they gain a trusted digital advisor who will work together with them in their efforts to protect their data. We aim to provide a secure and compliant enterprise cloud platform and we work to build trust and in-depth defense into all of our systems. Among other things, we employ an experienced team of cybersecurity professionals, engage in community events and offer free online cybersecurity incident prevention training to help enable our customers to focus on their business, knowing their data is safe and accessible as needed. We seek to address material cybersecurity risks through a company-wide approach that assesses, ranks and prioritizes cybersecurity threats, vulnerabilities and issues as they are identified to maintain the confidentiality, integrity and availability of our information systems and the information that we collect and store. The Company’s cybersecurity policies, standards, processes and practices are informed by recognized frameworks established by the National Institute of Standards and Technology, the International Organization for Standardization and an array of other applicable standards-setting bodies, which are integrated into a broader risk management framework and related processes. We also hold various security-related industry certifications and attestations that have been validated by external auditors, including SOC 1, SOC 2, SOC 3, ISO 27001, 27017 and 27018, CSA STAR and others. Leveraging threat intelligence and other signals, the Company undergoes periodic testing, audits and reviews of its policies, standards, processes and practices to identify, assess and address cybersecurity risks and events. The Company also undergoes routine internal and external penetration testing. The results of such tests and assessments are evaluated by management and periodically reported to the Committee. The Company further adjusts its cybersecurity policies, standards, processes and practices based on these results and evolving industry practices. The Company also publishes attestations of its various certifications, audits, and penetration tests on its global compliance webpage.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	We seek to address material cybersecurity risks through a company-wide approach that assesses, ranks and prioritizes cybersecurity threats, vulnerabilities and issues as they are identified to maintain the confidentiality, integrity and availability of our information systems and the information that we collect and store. The Company’s cybersecurity policies, standards, processes and practices are informed by recognized frameworks established by the National Institute of Standards and Technology, the International Organization for Standardization and an array of other applicable standards-setting bodies, which are integrated into a broader risk management framework and related processes. We also hold various security-related industry certifications and attestations that have been validated by external auditors, including SOC 1, SOC 2, SOC 3, ISO 27001, 27017 and 27018, CSA STAR and others.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	As mentioned above, the Board established the Committee to provide dedicated oversight of cybersecurity-related management, strategy, initiatives, risks, threats and remediation activities. The Committee receives regular presentations, reports and updates from the Company’s Chief Trust Officer (“CTrO”) and other members of management on developments regarding the Company’s cybersecurity program, broader cybersecurity trends, evolving industry standards, the threat environment and other topics. After each quarterly meeting of the Committee, the Board receives a report from the Chair of the Committee with an update on the Company’s oversight of cybersecurity risks and mitigation efforts. The Committee also receives periodic reports from an experienced outside consultant with information security expertise providing insights on key focus areas to aid in the Committee’s oversight of the Company’s cybersecurity program. The Company’s processes also allow for the Board and the Committee to be informed of key cybersecurity risks outside the regular reporting schedule. While regular meetings of the Committee are scheduled on a quarterly cadence, the Committee is authorized to meet with management or individual directors at any time it deems appropriate to discuss matters relevant to the Committee. In between meetings, the Board and the Committee receive information regarding relevant cybersecurity risks (including cybersecurity incidents) that meet pre-established reporting thresholds, as well as ongoing updates regarding any such risks.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	As mentioned above, the Board established the Committee to provide dedicated oversight of cybersecurity-related management, strategy, initiatives, risks, threats and remediation activities.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Committee receives regular presentations, reports and updates from the Company’s Chief Trust Officer (“CTrO”) and other members of management on developments regarding the Company’s cybersecurity program, broader cybersecurity trends, evolving industry standards, the threat environment and other topics. After each quarterly meeting of the Committee, the Board receives a report from the Chair of the Committee with an update on the Company’s oversight of cybersecurity risks and mitigation efforts. The Committee also receives periodic reports from an experienced outside consultant with information security expertise providing insights on key focus areas to aid in the Committee’s oversight of the Company’s cybersecurity program.
Cybersecurity Risk Role of Management [Text Block]	Management Oversight and Governance The CTrO, reporting to the Company’s Chief Engineering & Customer Success Officer (“C/E”), is responsible for designing and implementing a security program and strategy based on the mandate provided by the Board and senior management. The CTrO has extensive experience in the management of cybersecurity risk programs, having served in various leadership roles in information technology and information security for over 15 years, including serving as the Chief Security Officer of two other large public technology companies. He also holds an undergraduate and master’s degree in computer science. We believe the Company’s business leaders, including our CEO, CFO, C/E and CLO, who have experience managing cybersecurity risk at the Company and at similar companies, have the appropriate expertise, background and depth of experience to manage risks arising from cybersecurity threats. The CTrO, in coordination with other members of senior management, works collaboratively across the Company to implement a program designed to help protect the Company’s information systems from cybersecurity threats and to promptly respond to cybersecurity incidents in accordance with the Company’s incident response and recovery plans. To facilitate the success of the Company’s cybersecurity program, cross-functional teams throughout the Company are tasked with addressing cybersecurity threats and responding to cybersecurity incidents. Through ongoing communications with these teams, the CTrO and senior management are able to be informed promptly about, and monitor the prevention, detection, investigation, mitigation and remediation of, cybersecurity threats. These teams are expected to operate pursuant to documented plans and playbooks that include processes for escalation of incidents to leadership and to the Committee and Board, as appropriate, based on the severity level of a cybersecurity incident. In addition, the Company periodically consults with outside advisors and experts to assist with assessing, identifying and managing cybersecurity risks, including to anticipate future threats and trends, and their impact on the Company’s risk management environment. Specifically, management implements the Company’s cybersecurity and risk management strategy across several areas: •Identification and Reporting. The Company has implemented a robust, cross-functional approach to identifying, assessing and managing cybersecurity threats and risks. The Company’s program includes controls and procedures designed to properly identify, classify, and escalate cybersecurity risks and incidents to provide management with visibility and prioritization of risk mitigation efforts and to publicly report material cybersecurity incidents when appropriate. •Threat Intelligence. The Company maintains a Threat Intelligence team focused on profiling, intelligence collection, and threat analysis supporting the Company’s ongoing efforts to identify, assess and manage cybersecurity threats. The team’s input supports both near-term response to cybersecurity events, and long-term strategic planning and development of the Company’s cybersecurity risk management framework. •Technical Safeguards. The Company implements technical safeguards that are designed to protect both the Company’s service offerings and other information systems we control from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality, vulnerability management, encryption processes and access controls, all of which are periodically evaluated and improved through risk and control assessments and in response to cybersecurity threat intelligence as well as outside audits and certifications. •Incident Response and Recovery Planning. The Company has established and maintains incident response, business continuity and disaster recovery plans designed to address the Company’s response to a cybersecurity incident, including the public disclosure and reporting of material incidents in a timely manner. These plans and procedures serve to guide and document a rigorous incident response program that reflects the roles of an array of stakeholders, including personnel providing technical, operational, engineering, legal and other perspectives across the Company. The Company conducts regular tabletop exercises involving multiple operational teams, including senior management, to test these plans and to familiarize personnel with their roles in a response scenario. •Third-Party Risk Management. The Company maintains a risk-based approach to identifying and overseeing cybersecurity threats presented by certain third parties, including vendors, service providers and other external users of the Company’s systems, as well as the systems of third parties that could adversely impact our business in the event of a significant cybersecurity incident affecting those third-party systems. •Education and Awareness. The Company regularly provides employee training on security-related duties and responsibilities, including knowledge about how to recognize cybersecurity incidents and how to proceed if an actual or suspected incident should occur. This training is mandatory for employees across the Company, and is intended to provide the Company’s employees with effective tools to address cybersecurity threats, and to communicate the Company’s evolving information security policies, standards, processes and practices. The Company maintains several plans designed to prepare the Salesforce Security Response Center (SSRC) with the proper training, processes and capabilities needed to effectively respond to incidents.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	The CTrO, reporting to the Company’s Chief Engineering & Customer Success Officer (“C/E”), is responsible for designing and implementing a security program and strategy based on the mandate provided by the Board and senior management.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	The CTrO has extensive experience in the management of cybersecurity risk programs, having served in various leadership roles in information technology and information security for over 15 years, including serving as the Chief Security Officer of two other large public technology companies. He also holds an undergraduate and master’s degree in computer science. We believe the Company’s business leaders, including our CEO, CFO, C/E and CLO, who have experience managing cybersecurity risk at the Company and at similar companies, have the appropriate expertise, background and depth of experience to manage risks arising from cybersecurity threats.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	The CTrO, in coordination with other members of senior management, works collaboratively across the Company to implement a program designed to help protect the Company’s information systems from cybersecurity threats and to promptly respond to cybersecurity incidents in accordance with the Company’s incident response and recovery plans. To facilitate the success of the Company’s cybersecurity program, cross-functional teams throughout the Company are tasked with addressing cybersecurity threats and responding to cybersecurity incidents. Through ongoing communications with these teams, the CTrO and senior management are able to be informed promptly about, and monitor the prevention, detection, investigation, mitigation and remediation of, cybersecurity threats. These teams are expected to operate pursuant to documented plans and playbooks that include processes for escalation of incidents to leadership and to the Committee and Board, as appropriate, based on the severity level of a cybersecurity incident. In addition, the Company periodically consults with outside advisors and experts to assist with assessing, identifying and managing cybersecurity risks, including to anticipate future threats and trends, and their impact on the Company’s risk management environment.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Jan. 31, 2025

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

When a company purchases our service offerings, they gain a trusted digital advisor who will work together with them in their efforts to protect their data. We aim to provide a secure and compliant enterprise cloud platform and we work to build trust and in-depth defense into all of our systems. Among other things, we employ an experienced team of cybersecurity professionals, engage in community events and offer free online cybersecurity incident prevention training to help enable our customers to focus on their business, knowing their data is safe and accessible as needed.

We seek to address material cybersecurity risks through a company-wide approach that assesses, ranks and prioritizes cybersecurity threats, vulnerabilities and issues as they are identified to maintain the confidentiality, integrity and availability of our information systems and the information that we collect and store. The Company’s cybersecurity policies, standards, processes and practices are informed by recognized frameworks established by the National Institute of Standards and Technology, the International Organization for Standardization and an array of other applicable standards-setting bodies, which are integrated into a broader risk management framework and related processes. We also hold various security-related industry certifications and attestations that have been validated by external auditors, including SOC 1, SOC 2, SOC 3, ISO 27001, 27017 and 27018, CSA STAR and others.

Leveraging threat intelligence and other signals, the Company undergoes periodic testing, audits and reviews of its policies, standards, processes and practices to identify, assess and address cybersecurity risks and events. The Company also undergoes routine internal and external penetration testing. The results of such tests and assessments are evaluated by management and periodically reported to the Committee. The Company further adjusts its cybersecurity policies, standards, processes and practices based on these results and evolving industry practices. The Company also publishes attestations of its various certifications, audits, and penetration tests on its global compliance webpage.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

As mentioned above, the Board established the Committee to provide dedicated oversight of cybersecurity-related management, strategy, initiatives, risks, threats and remediation activities. The Committee receives regular presentations, reports and updates from the Company’s Chief Trust Officer (“CTrO”) and other members of management on developments regarding the Company’s cybersecurity program, broader cybersecurity trends, evolving industry standards, the threat environment and other topics. After each quarterly meeting of the Committee, the Board receives a report from the Chair of the Committee with an update on the Company’s oversight of cybersecurity risks and mitigation efforts. The Committee also receives periodic reports from an experienced outside consultant with information security expertise providing insights on key focus areas to aid in the Committee’s oversight of the Company’s cybersecurity program.

The Company’s processes also allow for the Board and the Committee to be informed of key cybersecurity risks outside the regular reporting schedule. While regular meetings of the Committee are scheduled on a quarterly cadence, the Committee is authorized to meet with management or individual directors at any time it deems appropriate to discuss matters relevant to the Committee. In between meetings, the Board and the Committee receive information regarding relevant cybersecurity risks

(including cybersecurity incidents) that meet pre-established reporting thresholds, as well as ongoing updates regarding any such risks.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

As mentioned above, the Board established the Committee to provide dedicated oversight of cybersecurity-related management, strategy, initiatives, risks, threats and remediation activities.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Committee receives regular presentations, reports and updates from the Company’s Chief Trust Officer (“CTrO”) and other members of management on developments regarding the Company’s cybersecurity program, broader cybersecurity trends, evolving industry standards, the threat environment and other topics. After each quarterly meeting of the Committee, the Board receives a report from the Chair of the Committee with an update on the Company’s oversight of cybersecurity risks and mitigation efforts. The Committee also receives periodic reports from an experienced outside consultant with information security expertise providing insights on key focus areas to aid in the Committee’s oversight of the Company’s cybersecurity program.

Cybersecurity Risk Role of Management [Text Block]

Management Oversight and Governance

The CTrO, reporting to the Company’s Chief Engineering & Customer Success Officer (“C/E”), is responsible for designing and implementing a security program and strategy based on the mandate provided by the Board and senior management. The CTrO has extensive experience in the management of cybersecurity risk programs, having served in various leadership roles in information technology and information security for over 15 years, including serving as the Chief Security Officer of two other large public technology companies. He also holds an undergraduate and master’s degree in computer science. We believe the Company’s business leaders, including our CEO, CFO, C/E and CLO, who have experience managing cybersecurity risk at the Company and at similar companies, have the appropriate expertise, background and depth of experience to manage risks arising from cybersecurity threats.

The CTrO, in coordination with other members of senior management, works collaboratively across the Company to implement a program designed to help protect the Company’s information systems from cybersecurity threats and to promptly respond to cybersecurity incidents in accordance with the Company’s incident response and recovery plans. To facilitate the success of the Company’s cybersecurity program, cross-functional teams throughout the Company are tasked with addressing cybersecurity threats and responding to cybersecurity incidents. Through ongoing communications with these teams, the CTrO and senior management are able to be informed promptly about, and monitor the prevention, detection, investigation, mitigation and remediation of, cybersecurity threats. These teams are expected to operate pursuant to documented plans and playbooks that include processes for escalation of incidents to leadership and to the Committee and Board, as appropriate, based on the severity level of a cybersecurity incident. In addition, the Company periodically consults with outside advisors and experts to assist with assessing, identifying and managing cybersecurity risks, including to anticipate future threats and trends, and their impact on the Company’s risk management environment.

Specifically, management implements the Company’s cybersecurity and risk management strategy across several areas:

•Identification and Reporting. The Company has implemented a robust, cross-functional approach to identifying, assessing and managing cybersecurity threats and risks. The Company’s program includes controls and procedures designed to properly identify, classify, and escalate cybersecurity risks and incidents to provide management with visibility and prioritization of risk mitigation efforts and to publicly report material cybersecurity incidents when appropriate.

•Threat Intelligence. The Company maintains a Threat Intelligence team focused on profiling, intelligence collection, and threat analysis supporting the Company’s ongoing efforts to identify, assess and manage cybersecurity threats. The team’s input supports both near-term response to cybersecurity events, and long-term strategic planning and development of the Company’s cybersecurity risk management framework.

•Technical Safeguards. The Company implements technical safeguards that are designed to protect both the Company’s service offerings and other information systems we control from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality, vulnerability management, encryption processes and access controls, all of which are periodically evaluated and improved through risk and control assessments and in response to cybersecurity threat intelligence as well as outside audits and certifications.

•Incident Response and Recovery Planning. The Company has established and maintains incident response, business continuity and disaster recovery plans designed to address the Company’s response to a cybersecurity incident, including the public disclosure and reporting of material incidents in a timely manner. These plans and procedures serve to guide and document a rigorous incident response program that reflects the roles of an array of stakeholders, including personnel providing technical, operational, engineering, legal and other perspectives across the Company. The Company conducts regular tabletop exercises involving multiple operational teams, including senior management, to test these plans and to familiarize personnel with their roles in a response scenario.

•Third-Party Risk Management. The Company maintains a risk-based approach to identifying and overseeing cybersecurity threats presented by certain third parties, including vendors, service providers and other external users of the Company’s systems, as well as the systems of third parties that could adversely impact our business in the event of a significant cybersecurity incident affecting those third-party systems.

•Education and Awareness. The Company regularly provides employee training on security-related duties and responsibilities, including knowledge about how to recognize cybersecurity incidents and how to proceed if an actual or suspected incident should occur. This training is mandatory for employees across the Company, and is intended to provide the Company’s employees with effective tools to address cybersecurity threats, and to communicate the Company’s evolving information security policies, standards, processes and practices. The Company maintains several

plans designed to prepare the Salesforce Security Response Center (SSRC) with the proper training, processes and capabilities needed to effectively respond to incidents.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

The CTrO has extensive experience in the management of cybersecurity risk programs, having served in various leadership roles in information technology and information security for over 15 years, including serving as the Chief Security Officer of two other large public technology companies. He also holds an undergraduate and master’s degree in computer science. We believe the Company’s business leaders, including our CEO, CFO, C/E and CLO, who have experience managing cybersecurity risk at the Company and at similar companies, have the appropriate expertise, background and depth of experience to manage risks arising from cybersecurity threats.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true