Trust and Security at Medallia

Get comprehensive data protection capabilities from a solution with security built into its core with Medallia.

Enterprise Grade Compliance, Platform and Application Security

The experience you provide your customers never stops, and neither do we. As the market leader in Customer and Employee Experience Management, we are trusted by the world’s most revered companies to handle their data. We know how critical data security is to our customers—many of whom operate in highly regulated industries like finance, healthcare, and telecom—and we maintain industry-leading practices to protect that data. 

Get Peace of Mind with Expert Security and Data Protection 

You can be rest assured knowing that the confidentiality, integrity, and availability of your data is protected according to rigorous industry standards. We possess SOC 2 Type II platform compliance, GDPR/SCCs, CCPA, and HIPAA in addition to HITRUST, ISO 27001, 27017, 27018, and 27701. We are also certified for CBPR and PRP.

Medallia maintains up-to-date processes and controls with regular audits by internal and external parties, including clients and independent assessors.

Start with the Right Foundation for Secure Applications

Your data is protected with Medallia’s secure software development process for applications, including design reviews, threat modeling, risk assessment, and security touchpoints at every phase of development.

Our Engineering and Product Security teams conduct extensive development and post-development testing to be certain our applications are secure so you can focus on making experiences great.

Give Data Access to the Right People

Medallia Experience Cloud provides you with complete control over your data. Keep Personal Identifiable Information (PII) secure with configurable PII settings, including granular role-based access, data masking, Bring Your Own Key (BYOK) field level data encryption, and IP allowlisting.

Leverage Infrastructure that Keeps Your Data Safe

Medallia Experience Cloud operates as a private cloud where we own and maintain our own hardware in Tier III colocation facilities, including all network devices and systems. 

Medallia Experience Cloud uses modern cloud native technology such as containerization and microservices that provide clients with a single tenant architecture. This ensures segregation of customer data, preventing commingling of data, configuration flexibility, and eliminates the risk of performance impact from a multi-tenant architecture. Plus, benefit from seamlessly rolled out upgrades, new releases, and security patches that don’t disrupt your unique configurations.

To report an incident, concern, or for general security questions, please email