When Salesforce, Microsoft, and Zoom added AI features to their products, they did not stop processing your data. They added new data flows that route customer information through AI infrastructure — sometimes the vendor's, sometimes a third-party model provider's, sometimes both — under terms that materially differ from what your 2023 Data Processing Agreement assumed.
This post is for CFOs, CIOs, IT directors, and procurement leaders who renewed these contracts before 2024 and have not re-papered them since. It walks through what each of three major vendors' AI features actually do with submitted data, what changed in 2024–25 terms, and what an enterprise-grade DPA review surfaces. The goal: enough specificity that you can have an informed conversation with your account rep, your security team, and your insurance broker — without taking a vendor's marketing summary at face value.
Disclaimer: vendor terms change. The patterns described below reflect the public state of the documentation as of mid-2026. Always read the current version yourself for your specific entitlement tier and geography before acting.
Salesforce Einstein
Salesforce embeds AI across the Customer 360 platform under the "Einstein" brand: Einstein GPT for content generation, Einstein Trust Layer for governance, Einstein Copilot for conversational interactions, plus dozens of feature-specific AI capabilities (Einstein Conversation Insights for Sales Cloud, Einstein Case Classification for Service Cloud, Einstein Prediction Builder for custom models, and others).
What the features do with submitted data:
Einstein GPT and Einstein Copilot route prompts through Salesforce's "Trust Layer" infrastructure, which sits between the customer org and the underlying foundation model. The Trust Layer performs data masking on identifiable customer data, then sends the masked prompt to the foundation model (typically OpenAI, but Salesforce has been adding alternate providers including AWS Bedrock and Anthropic).
The model returns a response, which the Trust Layer unmaskes and presents back to the user. According to Salesforce's documentation, prompts and responses are not retained by the foundation model provider beyond the immediate request, and customer data is not used to train Salesforce's models.
What changed in 2024–25:
Three updates worth knowing about. First, the set of supported foundation models expanded substantially — meaning more third-party model providers are now in scope for the data flow, each with their own data handling terms. Second, "Einstein Generative AI Audit Trail" was added as an enterprise-tier feature for compliance teams; the audit trail captures prompts and responses for review but adds its own retention question. Third, in late 2025 Salesforce announced expanded "Bring Your Own LLM" capabilities, which raise vendor-of-vendors questions for organizations using non-Salesforce-hosted models.
What your 2023 DPA almost certainly doesn't cover:
If your Salesforce DPA was signed before Einstein GPT general availability in mid-2024, it doesn't address the Trust Layer, foundation model subprocessors, or the audit trail retention. The "list of subprocessors" exhibit in a 2023-era DPA does not include OpenAI, AWS Bedrock, or Anthropic. The data residency commitments may not have been updated for AI processing zones. The deletion and portability obligations may not have been updated for AI-generated content stored in the platform.
What to ask for:
A current Salesforce Master Services Agreement, the latest Data Processing Addendum specific to Einstein features, the current subprocessor list with effective dates, and clarification on which foundation model is processing your specific org's data. Salesforce's account team will provide this on request, but in our experience the request itself is what triggers the disclosure — without the question, the documentation does not flow proactively.
Microsoft 365 Copilot
Microsoft 365 Copilot is integrated across Office (Word, Excel, PowerPoint, Outlook), Teams, OneDrive, SharePoint, and Microsoft Graph. It is licensed at the user level (typically as part of E5 or as a Copilot add-on to lower tiers) and processes substantial amounts of customer data — emails, documents, meeting transcripts, calendar entries, files — through Microsoft's AI infrastructure.
What the features do with submitted data:
Copilot processes data within the Microsoft 365 service boundary, using customer data that the user has access to (per Microsoft's "grounding" model) plus the underlying OpenAI GPT model that Microsoft hosts in Azure. According to Microsoft's documentation, Copilot prompts and responses are not used to train Microsoft's or OpenAI's models; customer data does not leave the Microsoft 365 service boundary for OpenAI's commercial APIs.
In practice this means Copilot can summarize your last 100 emails, draft replies based on conversation history, generate documents grounded in SharePoint content, and produce meeting summaries from Teams transcripts — all of which involve large amounts of internal data being processed through the AI layer in near-real-time.
What changed in 2024–25:
The most significant change was the introduction of "Copilot Studio" (formerly Power Virtual Agents), which lets organizations build custom AI assistants integrated with their data. This dramatically expanded the surface area: every Copilot Studio agent is essentially a custom AI application with its own data flow design, its own connector dependencies, and its own governance implications.
Microsoft also expanded the set of "extensibility" connectors — third-party plugins that let Copilot pull data from non-Microsoft sources (Salesforce, Adobe, ServiceNow, dozens of others). Each connector represents a new data flow that the underlying DPA may or may not adequately cover.
What your 2023 DPA almost certainly doesn't cover:
If your Microsoft 365 agreement predates Copilot general availability (late 2023/early 2024), it doesn't specifically address Copilot data handling, the Copilot Studio platform, or the connector ecosystem. The Microsoft Online Services Terms have been updated multiple times in 2024–25 to address AI processing — and those updates apply automatically — but procurement teams often have not reviewed the updated terms or briefed internal stakeholders.
For HIPAA-covered entities, the Microsoft Business Associate Agreement does cover Copilot's processing of PHI within the M365 service boundary — but only at certain entitlement tiers, and only when properly configured. Verifying your specific BAA scope is essential.
What to ask for:
Current Microsoft Online Services Terms (link is public; Microsoft updates them quarterly), current Products Terms applicable to your specific subscription, the current BAA if PHI is in scope, documentation of your tenant's Copilot configuration (which features enabled, which connectors active), and any internal Copilot Studio applications and their data scopes. The Copilot Studio inventory is often the most surprising part of the review — internal builders create agents that procurement and security never see.
Zoom AI Companion
Zoom AI Companion is the AI feature set integrated across Zoom Meetings, Zoom Phone, Zoom Team Chat, and Zoom Mail. It generates meeting summaries, extracts action items, drafts replies, and supports a growing list of AI-powered productivity features.
What the features do with submitted data:
AI Companion processes meeting transcripts, chat messages, and email contents through Zoom's AI infrastructure. According to Zoom's documentation (revised in mid-2023 after early controversy about training data clauses), customer audio and video are not used to train Zoom's AI models. Meeting transcripts and AI-generated summaries are stored within the customer's Zoom tenant and subject to the tenant's retention configuration.
Zoom uses a "federated" AI architecture: AI Companion can route requests to Zoom's own models, Anthropic's Claude, OpenAI's GPT, or Meta's Llama depending on configuration and feature. Administrators can constrain which models are available; the default is to allow Zoom's federated approach.
What changed in 2024–25:
The mid-2023 training-data clause controversy resulted in clearer language in subsequent versions: Zoom explicitly committed not to use customer content to train its models. That commitment is now in the standard terms. However, the federated model architecture means that some AI features may route to third-party model providers — each with their own data handling commitments. The default configuration is generally privacy-respecting, but the audit question is what the default is in your specific tenant.
AI Companion's scope expanded substantially in 2024–25: it now operates across Phone (call summaries), Team Chat (message summaries and drafting), and Mail (email drafting). Each of these represents a new processing surface that may not have been part of the original feature set when your Zoom agreement was signed.
What your 2023 DPA almost certainly doesn't cover:
If your Zoom DPA was signed before the AI Companion expansion (mid-2024 and onward), it likely covers Zoom Meetings AI summaries but not Zoom Phone, Team Chat, or Mail AI features. The subprocessor list may not include the third-party model providers (Anthropic, OpenAI, Meta) that are now part of the federated architecture. The data retention provisions for AI-generated content may not have been explicitly addressed.
What to ask for:
Current Zoom Master Subscription Agreement, current Zoom Data Processing Addendum, current Zoom Subprocessor List, your tenant's AI Companion configuration (which features enabled, which models available, retention settings), and clarification on data residency for AI processing if you have non-US data residency requirements.
What an enterprise-grade vendor review actually checks
The patterns above are not vendor-specific. Every major SaaS vendor that has added AI features in the 2023–25 window has some version of this fact pattern: AI features were added, the DPA was updated automatically or required active acceptance, and procurement teams often did not review the changes carefully because the vendor relationship was already in place.
An enterprise-grade vendor review checks five things for each vendor:
- Current MSA, DPA, and subprocessor list with effective dates
- Whether the customer's specific entitlement tier includes the AI features in question
- Whether a BAA, GDPR DPA, or equivalent special-data agreement is in place where required
- Whether the vendor's stated data handling commitments (training, retention, residency) match what the customer needs to be able to claim about their own data handling
- Whether internal-builder platforms (Copilot Studio, Einstein Builder, Zoom Apps marketplace, etc.) are in use and whether those custom applications have their own governance
Most SMBs we work with discover that for their top 5–10 vendor relationships, at least 2 or 3 have material AI-related gaps in the existing DPA. The remediation is typically straightforward — the vendors have current language available and will provide it on request — but the work has to be done explicitly. It does not happen passively.
What to do next
If you have a 2026 cyber insurance renewal coming up, an upcoming SOC 2 audit, or an enterprise customer DD ask that mentions vendor AI, the vendor governance review is on your timeline whether you scheduled it or not.
The free AI Risk Assessment includes a question about your top vendor relationships and AI feature usage — useful for getting a baseline. For organizations that need the full review documented in a format that satisfies external stakeholders, the AI Risk Sprint produces a vendor inventory and gap analysis as part of Deliverable 03 (Carrier Rider / Audit Scope Gap Analysis), with specific findings per vendor and remediation language for each.
The vendors are not going to wait for you to catch up. The 2026 renewal cycle, the next audit, and the next enterprise customer DD review will arrive on their own timeline. The DPA refresh is one of the cheapest, fastest items in the entire AI governance build — most engagements close 80% of the gap in 2–4 weeks of vendor conversations. Better to do it now than in the 30 days before a renewal deadline.
