Medallia & Data Protection
Ensure data privacy, security and accuracy across your CX programs
Setting the Bar for CX Data Protection
Whether you need to comply with GDPR, CCPA, or other similar privacy laws, Medallia Experience Cloud has you covered with enterprise-grade controls.
| Compliance with CCPA | Compliance with GDPR | |
|---|---|---|
| Data deletion tools and processes | ✓ | ✓ |
| Data export tools and processes | ✓ | ✓ |
| Data modification tools and processes | ✓ | ✓ |
| Data security | ✓ | ✓ |
Our commitment to our customers
Medallia does not sell your personal information or your end users’ personal information.
See Medallia’s Privacy Policy for more.
RESOURCE
California Consumer Privacy Act FAQ
Learn about the CCPA and how your use of Medallia fits within the law.
RESOURCE
Medallia Experience Cloud End-to-End Data Protection
Learn how the Medallia Experience Cloud controls data access and security, and ensures compliance with information security requirements.
Personal data privacy
All personal data or personally identifiable information (PII) in Medallia Experience Cloud can be cataloged and masked so that is only viewable through specified access rights. With this feature, customers can be assured that personal data or PII data can be viewed only by those staff or markets who have a need to know. This allows customers to retain data in Medallia Experience Cloud over time so that they can realize the power of Medallia’s reporting platform.
Full service data management
Medallia Experience Cloud automates GDPR and CCPA compliant deletion of customer or employee data for customers who receive requests from individual customers. Medallia’s reporting application also provides flexible options for data export and modification that comply with GDPR, CCPA, and other applicable laws.
Compliance reporting
Medallia provides reports to substantiate data deletion compliance. Our aim is to automate and ease the burden of GDPR and CCPA compliance verification, assuring our clients’ legal and compliance departments that we’re a safe place to store data.
Data retention
Medallia purges personal data from internal processing systems to minimize the data we retain per GDPR Article 5. Our reporting system retains customer data until our clients delete it or end their relationship with Medallia Experience Cloud.
Certified security
Medallia has implemented extensive security programs for protecting our clients’ data, including ISO 27001, SOC 2 security certifications and FedRAMP Ready.
Data protection
Medallia Experience Cloud supports industry standards such as OAuth 2.0 for authentication to APIs. Information exchanged over the wire is encrypted with TLS for all services (HTTPS, SFTP).
Data access controls
Medallia supports Single Sign-On (SSO) integration with customer's identity systems using industry standards. Medallia also supports two-factor authentication, using Time-based One-Time Password (TOTP) as the second authentication factor.
DPA
Medallia offers a data processing agreement (DPA) that includes the European Commission's model clauses, with updates to specifically address GDPR requirements. To obtain a copy, go to https://go.medallia.com/DPA-Request-Form.html
Privacy Shield
Medallia is certified under the Privacy Shield with respect to the data it receives of European and Swiss individuals in its SaaS platforms. Our certification can be viewed here.
Opt-Out
Medallia provides opt-out links in its email survey invitations, and we honor SMS requests to stop communications. These prevent additional survey requests to our clients’ customers who do not want further communications.