Our local and no-code approach to automation helps us maintain the highest levels of security and privacy for you and your team.
Magical is now SOC 2 Type II compliant. Get a copy of the report.
Your customer data is your business. We know that and protect that trust by securely processing data.
When you use Magical, your keystrokes on websites never leave your computer. Inserting a template occurs locally. You can test this by using templates even while your computer is offline. Only the content of the templates you explicitly save in your Magical workspace are saved by Magical to help you use our automation.
All data is encrypted during transfer to Magical’s platform using HTTPS/TLS 1.2. All data is encrypted at rest using AES-256. Additionally, templates saved in Magical have an additional layer of encryption. Helping us keep your templates safe and the data you process, even safer.
Your message templates are stored on our secure servers to provide durable backups. We store templates in real-time and complete general and regional backups daily, with backups retained for 7 days.
Control access on your own terms. Ensure the right people have access to templates and team content.
Magical offers role-based access controls for teams and team content, so users can collaborate securely. Team administrators can control which users join their team, access their content, and they can control the content in the team workspace. Learn more.
Workspace admins have control over access to Magical AI features. Turn on or off Magical’s AI offering across your workspace with our Enterprise plan’s AI access control.
To safeguard your work, Magical has put additional security measures in place.
Magical adheres to a Software Development Lifecycle (SDLC) policy that ensures testing is conducted on all code and feature launches. Additionally, Magical performs vulnerability scanning of key infrastructure and systems on a set cadence. As part of Magical’s investment in SOC 2 Type II compliance, Magical undergoes annual penetration tests conducted by third-party vendors.
Magical employs a variety of measures to ensure system availability and performance, including redundant systems, data backups, and regular system maintenance. No dusty servers here—we host our services on secure cloud platforms (AWS). Additionally, Magical reviews third-party vendors prior to onboarding and on an ongoing cadence.
Magical has implemented access control measures to ensure that only authorized users can access customer data. This includes multi-factor authentication, role-based access control, and audit logs. Magical adheres to the principle of Least Privilege for access, where access is reviewed on a set cadence to ensure only required access is granted. Magical additionally has in place password security policies and management for employee access.
Magical leverages third-party software for detection of and protection from malware, intrusions, and malicious activities on endpoints. Additionally, employee laptops and devices have disk encryption enabled and are managed by members of the security and operations team through a Mobile Device Management (MDM) software.
Please note: Magical is not intended to store private or identifying data like credit card numbers, passwords, social security information, or other similar information as templates.
We do not store or maintain any passwords for logging into Magical. We use a third-party magic.link for password-less email authentication. We also rely on the well-utilized OAuth mechanism for logging in with companies such as Google, Facebook/Meta, and Microsoft.
Yes you can by email us at firstname.lastname@example.org. Workspace admins on Magical’s Enterprise plan can control access to Magical AI features for the workspace. Request more information about our Enterprise plan here.
HIPAA compliance is an important part of providing healthcare products and services. To ensure that the Magical Chrome extension meets all applicable HIPAA requirements and provides the highest level of privacy and security for your customers, please do not store PHI (Protected Health Information) in Magical.
Yes! Magical is SOC 2 Type II compliant. Get a copy of our SOC 2 Type II report here.
If you have any further questions or to report any security information, please contact email@example.com.