Privacy Policy

Effective date: September 24, 2004 • Last reviewed and updated September 30, 2015


Medallia, Inc. (“Medallia”) is committed to safeguarding the privacy of your personally identifiable information (“PII”). This statement sets forth Medallia’s privacy policy. The policy complies with the privacy principles of TRUSTe, in which Medallia is a member.

For the purposes of this policy, Medallia defines the term “client” as a business with which Medallia has an established relationship, “customer” as a customer of a Medallia client, and “respondent” as an individual who takes Medallia’s surveys independent of Medallia’s clients.

This privacy policy covers how Medallia handles personally identifiable information, including personally identifiable information associated with the URLs and

Safe Harbor Framework

Medallia complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personally identifiable information from European Union member countries and Switzerland. Medallia has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.  Medallia’s designated provider for alternative dispute resolution under the Safe Harbor is TRUSTe.

To learn more about the Safe Harbor program, and to view Medallia’s certification, please visit  To contact Medallia regarding this privacy policy or the Safe Harbor program, you may reach Medallia using the contact information provided at the bottom of this policy.

Information Medallia Collects

Medallia collects survey and other market research data about individuals’ usage of products and services. The data is used by Medallia clients to improve their products and services.

Medallia does not receive, use or collect personally identifiable information, such as names, addresses, phone numbers and e-mail addresses, except under the following circumstances:

When an existing or prospective client goes to to request a demonstration of a Medallia product, he or she must provide contact details including person-specific information (name, title, phone number and e-mail address) and organization-specific information (name and address). Medallia uses this information solely for the purpose of contacting the interested party and scheduling demonstrations and providing information about Medallia products and services.

When Medallia surveys customers on behalf of its clients, it receives customers’ personally identifiable information from its clients. Medallia enters into confidentiality and non-disclosure agreements with clients that legally obligate Medallia to protect the personally identifiable customer information it receives and use it only for the purposes specified in the contract. From time to time Medallia may collect personally identifiable information during a survey, if requested to do so by a client. This personally identifiable information will be shared with the client, and will be used as described in that survey.

Medallia may, with the written consent of its clients, ask questions of customers for whom it has received personally identifiable information, and bundle and sell those responses in an aggregate form. Before providing any survey results to third parties, responses are stripped of personally identifying or client-identifying information, aggregated, and adjusted using Medallia’s proprietary methodologies.

When Medallia surveys respondents on its own behalf, it typically does not collect or have any other access to personally identifying information. If Medallia does request personally identifiable information during a survey, it will use the personally identifiable information as described in that survey. When Medallia provides resulting proprietary research to third parties, it sometimes reveals individual responses, but these do not contain any personally identifying information.

When collecting data from survey respondents on behalf of our clients, Medallia does not collect sensitive personally identifiable information such as: credit card numbers, social security numbers, political opinions, religious or philosophical beliefs, or trade union membership. Medallia does collect demographic information for statistical purposes. Responses to demographic questions are entirely voluntary.

Medallia’s mobile reporting application, used by Medallia’s clients, uses third-party services to gather data on application usage and stability. This data is shared only with the relevant client. A user may unsubscribe from tracking through the user settings screen within the mobile application.

Medallia and its service providers use cookies primarily to identify returning users from the same computer and ensure the integrity of its research. As part of its basic uses of Internet technology to provide surveys, Medallia also collects technical information such as: respondent IP address; the date and time at which respondents access Medallia’s website and respondent HTTP request headers.

Registration information for Medallia Institute and Events

When registering for a Medallia event or Medallia Institute course, you may be asked to provide a credit card number to fulfill your order. The credit card number and associated registration information will be collected and processed by a third-party vendor. You may also provide personal information about other people, such as their name and email address. This information is only used for the sole purpose of completing your request or for whatever reason it may have been provided.

Location-based services

Some of the surveys Medallia provides on behalf of its clients ask the clients’ customers to provide their location data, including the real-time geographic location of the customer’s device.  This data will only be collected with the customer’s consent.  The location based-data allows Medallia to provide surveys that related to a client’s specific store, restaurant, hotel or other business location. All such information will be shared only with the client on whose behalf dealt with in accordance with the terms of this Privacy Policy.


Survey and Reporting Application

Medallia and its service providers use cookies primarily to identify returning users from the same computer and ensure the integrity of its research. As part of its basic uses of Internet technology to provide surveys, Medallia also collects technical information such as: respondent IP address; the date and time at which respondents access Medallia’s website and respondent HTTP request headers. Medallia also uses third-party analytical cookies for tracking web traffic and usage.


As is true of most web sites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.

In order to improve services we offer you, to improve marketing, analytics, or site functionality, we may combine this automatically collected log information with other information we collect about you.

Technologies such as: cookies, beacons, tags and scripts are used by Medallia and our partners (e.g. marketing partners), affiliates, or analytics or service providers These technologies are used in analyzing trends, administering the site, or tracking users’ movements around the site. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.

We use cookies to enhance the user’s experience on our website, for example to complete forms, identify returning users and offer related content. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our site, but your ability to use some features or areas of our site may be limited.

We use Local Storage Objects (LSOs) such as HTML5 to store content information and preferences. Third parties with whom we partner to provide certain features on our site or to display advertising based upon your Web browsing activity use LSOs such as HTML 5 or Flash to collect and store information. Various browsers may offer their own management tools for removing HTML5 LSOs. To manage Flash LSOs please click here.

We partner with a third party to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on this site and other sites in order to provide you advertising based upon your browsing activities and interests.  If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the European Union click here) Please note this does not opt you out of being served ads.  You will continue to receive generic ads.

Protection of Personally-identifiable Information

Medallia is not in the business of selling or renting personally identifiable information gathered on its website or in the course of client work to third parties. Medallia shares information with third parties, such as its clients, only as described in this policy or as described at the time information is collected. For example, Medallia may, at the request of a client, ask you for your email address so a client can follow up with you about your responses to a survey. The provision of such information is typically voluntary, and at all times participation in a survey is, of course, voluntary.

Voluntary Participation

Individuals may choose not to participate in Medallia’s research and are under no obligation to take surveys sent to them.  An opt-out choice is included in communications to individuals where required, and those who exercise it will be added to Medallia’s opt-out list for the relevant client within ten (10) business days of unsubscribing. For each client, Medallia does not send survey invitations to any e-mail address on the applicable opt-out list. Medallia also provides its opt-out lists on a timely basis to its clients and third party agents so that they may properly update their records.

Individuals may also elect to opt out at any time from receiving email from Medallia regarding Medallia’s products and services.  An opt-out choice will be added to Medallia’s opt-out list for communications about products and services within ten (10) business days of unsubscribing.

Individuals who wish to reverse an earlier unsubscribe option may contact Medallia’s Privacy Contact (see contact information below) to change their opt-out status.


Customers and respondents may contact Medallia (see Privacy Contact below) at any time if they feel there is an error in their personally identifiable information or request deletion of personally identifiable information. Because Medallia generally receives and retains personally identifiable information as an agent of its clients, it will usually refer individuals reporting inaccuracies in their personally identifying information to the originating source for correction.

Subsequent to verifying the identity of a person making a request, Medallia will respond to a request for offline access to personally identifiable information within 30 days of receiving the request.

Data Retention

We will retain your information for as long as needed to provide you services. If you wish to request that we no longer use your information to provide you services contact us at the contact information listed below, and we will coordinate with the Medallia client for which the data was collected. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Third-party Partners

From time to time, Medallia may contract with third parties to perform functions necessary for its research operations and, under the terms of those contracts, may transfer data to those third parties. Medallia requires any such third party to maintain confidentiality of such data.


Medallia takes the security of our users’ data seriously, and our security practices may be reviewed at Trust at Medallia.


Medallia has received TRUSTe’s Privacy Seal signifying that this privacy policy and our practices have been reviewed for compliance with the TRUSTe program viewable on the validation page available by clicking the TRUSTe seal.  The TRUSTe program does not cover information that may be collected through downloadable software. The TRUSTe program covers only information that is collected through this Web site, // and does not cover information that may be collected through our mobile application and our service platform.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact TRUSTe at

Legal Disclaimer

When requested by legal authorities to disclose personally identifiable information, Medallia will inform the court of various factors justifying confidentiality and respondent anonymity. However, Medallia may be required by law to disclose personally identifiable information where judicial or other governmental subpoenas, warrants, or orders are properly issued or if the Medallia reasonably believes that use or disclosure is necessary to protect its rights. Individuals’ unsubscribe option in no way limits Medallia’s use, disclosure or distribution of personally-identifiable information to the extent such use, disclosure or distribution is required by law, court order or other valid legal process.  Medallia will communicate with the affected client as soon as possible, unless prohibited by law or court order.

If Medallia is involved in a merger, acquisition, or sale of all or a portion of its assets, Medallia may transfer your data.  In such a circumstance, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personally identifiable information, as well as any choices you may have regarding your personally identifiable information.

Links to 3rd Party Sites

Our Site includes links to other Web sites whose privacy practices may differ from those of Medallia. If you submit personally identifiable information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any Web site you visit.

Social Media Features and Widgets

Our Web site and some surveys include Social Media Features, such as the Facebook Like button and Widgets, such as the Share this button or interactive mini-programs that run on our site. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy policy of the company providing it.


We display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at


Our Web site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personally identifiable information from our blog or community forum, contact us at

Children’s Privacy

Medallia does not knowingly collect personally identifiable information from any individual under the age of 13.

Notification of Changes

If we decide to change our privacy policy, we will post these changes to the Medallia website. All changes will be posted to this privacy policy, the homepage, and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. The date of last revision will be shown on the website.

We reserve the right to modify this privacy policy at any time, so please review it frequently. If we make material changes to this policy, we will notify you here, by e-mail, or by means of a notice on our home page prior to the change becoming effective.

Privacy Contact

If you have any questions or comments about this privacy policy or the practices of this site, please contact Medallia by e-mailing, faxing (650) 321-3156, calling (650) 321-3000, or writing Attention: Privacy, Medallia, Inc., 395 Page Mill Road, Suite 100, Palo Alto, CA 94306. Medallia responds to non-frivolous privacy-related requests in a timely fashion, not to exceed ten (10) business days.