Data Security

Data protection is a top priority for Medallia . We build our platform using the following core principles:

  1. We treat all customer data as private and sensitive.

  2. We do not share customer data with third parties without approval of the customer.

  3. Our customers are in control of their data. We have standard, industry compliant policies for deletion and retention of data that our customers can use, but they can opt for stronger requirements. Our customers are the Data Controller and Medallia is the Data Processor.

  4. We have architected our platform from the ground up with security and compliance in mind. Internally, we call this “security and privacy by default.”

  5. Customer data is labeled as “Confidential” by Medallia.
    Note: Please contact us at trust@medallia.com for any concerns around data classification and labeling.

Our platform offers a rich set of capabilities and features focused on data protection.

Transmission Security

Client data is exchanged with other platforms in a number of ways, many of which are enabled by our Auto-Importer, namely a suite of record handling and ETL tools that automate data transfer and manipulation. This offers clients greater flexibility and eliminates manual errors in data transmission processes. Medallia utilizes TLS 1.2 for secure data transmission between the web client and the web server. Access to the Medallia application is only open over HTTPS, which leverages TLS 1.2, to ensure all data, including personally identifiable information, is encrypted in transit. This protects transmissions between the client and Medallia’s Experience Management solution on all channels including mobile devices.

Medallia supports and strongly recommends the use of SFTP protocol for all file exports and imports. SFTP protocol is a platform-independent protocol that provides encrypted communication channels to transfer files between systems. Unlike standard FTP, SFTP encrypts both commands and data, preventing passwords and sensitive information from being transmitted in the clear over a network. For additional data security, Medallia also supports and recommends encrypting data files containing PII using PGP before transmitting them over SFTP. PGP encryption provides security of data at rest, and SFTP provides security of data in transit.

Data at Rest

Medallia has multiple layers of controls for securing stored client data. Client data is stored on AES-256 encrypted hard drives. Feed files containing client data can also be encrypted with PGP. Calls to Medallia databases are made using secure Java Database Connectivity (JDBC). Database servers with client data have been hardened based on industry best practices: we turn off unnecessary services, ensure the security packages are updated, and restrict access to the servers to authorized users and services only. Medallia also offers field level encryption for client data fields containing PII with the option of Bring Your Own Key (BYOK). The key must be stored in Medallia’s Secrets vault.

Medallia uses encryption at three levels within the program instance for customers. Program instances for customers are hosted on Linux containers running Postgres as its database.

  • Level 1: Encryption at the Compute O/S layer BEFORE sending to the storage server. There is a unique encryption key for each program instance. This protects against unauthorized access to the Storage infrastructure. So for example, if anyone were to gain unauthorized access at the compute O/S layer itself, then they would still not have any access to unencrypted data on storage.

  • Level 2: Encryption at the Storage O/S layer BEFORE sending to media.

  • Level 3: Encryption at the Media level. This protects against hardware loss or theft.

In addition to encrypting the OS, Storage, and Media layers, Medallia has implemented additional controls, including code hygiene, periodic penetration tests, customer data segregation into separate database instances, and the use of an ORM layer, that we believe significantly lower the risk of data within the database itself.

Data Retention

Client data is retained for the duration of the contract, unless the client specifically requests data be purged, in which case it will be securely erased. Client data is not stored on removable media. Any media containing client data will be sanitized or physically destroyed, in accordance with NIST SP 800-88 rev 1 Guidelines for Media Sanitization, before the media is reused or disposed.

Upon termination of contract, Medallia will make the client’s data available for secure download by the client in a standard flat file format for at least thirty days. Within 60 days of the end of this data transfer period, Medallia will remove the customer data from the program instance. All data will be either securely erased according to industry best practices, including backups, or the hard drives will be physically destroyed.

Medallia Experience Cloud automates deletion of customer or employee data so that customers can maintain compliance with various data protection laws like GDPR or CCPA. Medallia’s reporting application also provides flexible options for data export and modification that comply with applicable data protection laws like GDPR and CCPA.

Field Level Encryption

Although the disk where the database resides is natively encrypted, Medallia provides an additional layer of security where fields flagged as personal data or personally identifiable information (PII) can be encrypted at the database field level with the option of Bring Your Own Key (BYOK). The BYOK must be stored in Medallia’s Secrets vault where it will only be accessed by the application for decryption. This feature ensures that PII data is not accessible, even by authorized database administrators.

Data Masking

Medallia has the capability to mask specified data fields from the view of users without authorized access rights, safeguarding end customers’ privacy by obscuring those fields from users who don’t need access to it. The platform provides predefined roles, which can be assigned to a user, automatically masking personal or other sensitive data. This capability enables compliance with regulations that require that data access is provided on a need-to-know basis, such as the General Data Protection Regulation in the EU and HIPAA in the US (for more on how Medallia supports these and other regulations, go to the Regulatory Compliance section of this document).