Our local and no-code approach to automation helps us maintain the highest levels of security and privacy for you and your team.
Magical is now SOC 2 Type II compliant. Get a copy of the report.
Data Protection
Your customer data is your business. We know that and protect that trust by securely processing data.
When you use Magical, your keystrokes on websites never leave your computer. Inserting a template occurs locally. You can test this by using templates even while your computer is offline. Only the content of the templates you explicitly save in your Magical workspace are saved by Magical to help you use our automation.
All data is encrypted during transfer to Magical’s platform using HTTPS/TLS 1.2.
All data is encrypted at rest using AES-256.
Additionally, templates saved in Magical have an additional layer of encryption. Helping us keep your templates safe and the data you process, even safer.
Your templates in Magical are backed up daily
Your message templates are stored on our secure servers to provide durable backups. We store templates in real-time and complete general and regional backups daily, with backups retained for 7 days.
____________________________________________________________________________
Access Control
Control access on your own terms. Ensure the right people have access to templates and team content.
Magical offers role-based access controls for teams and team content, so users can collaborate securely. Team administrators can control which users join their team, access their content, and they can control the content in the team workspace.
Learn more.
The Enterprise plan includes single sign-on (SSO), so workspace admins can enable secure logins via SAML 2.0. This plan also includes SCIM provisioning to control access for users.
Manage AI Features and Access
Workspace admins have control over access to Magical AI features. Turn on or off Magical’s AI offering across your workspace with our Enterprise plan’s AI access control.
____________________________________________________________________________
Security Approach
To safeguard your work, Magical has put additional security measures in place.
Magical adheres to a Software Development Lifecycle (SDLC) policy that ensures testing is conducted on all code and feature launches. Additionally, Magical performs vulnerability scanning of key infrastructure and systems on a set cadence. As part of Magical’s investment in SOC 2 Type II compliance, Magical undergoes annual penetration tests conducted by third-party vendors.
Magical employs a variety of measures to ensure system availability and performance, including redundant systems, data backups, and regular system maintenance. No dusty servers here—we host our services on secure cloud platforms (AWS). Additionally, Magical reviews third-party vendors prior to onboarding and on an ongoing cadence.
Magical has implemented access control measures to ensure that only authorized users can access customer data. This includes multi-factor authentication, role-based access control, and audit logs. Magical adheres to the principle of Least Privilege for access, where access is reviewed on a set cadence to ensure only required access is granted. Magical additionally has in place password security policies and management for employee access.
Magical leverages third-party software for detection of and protection from malware, intrusions, and malicious activities on endpoints. Additionally, employee laptops and devices have disk encryption enabled and are managed by members of the security and operations team through a Mobile Device Management (MDM) software.
Please note: Magical is not intended to store private or identifying data like credit card numbers, passwords, social security information, or other similar information as templates.
____________________________________________________________________________
Frequently Asked Questions
Does Magical store any passwords?
We do not store or maintain any passwords for logging into Magical. We use a third-party magic.link for password-less email authentication. We also rely on the well-utilized OAuth mechanism for logging in with companies such as Google, Facebook/Meta, and Microsoft.
Can I turn off Magical AI features?
Yes, you can by emailing us at trust@getmagical.com. Workspace admins on Magical’s Enterprise plan can control access to Magical AI features for the workspace. Request more information about our Enterprise plan here.
Is Magical HIPAA compliant?
HIPAA compliance is an important part of providing healthcare products and services. To ensure that the Magical Chrome extension meets all applicable HIPAA requirements and provides the highest level of privacy and security for your customers, please do not store PHI (Protected Health Information) in Magical.
Is Magical SOC2 compliant?
Yes! Magical is SOC 2 Type II compliant. Get a copy of our SOC 2 Type II report here.
More Questions?
If you have any further questions or to report any security information, please contact security@getmagical.com.