Compliance

Committed to Compliance

Meeting the highest standards of data protection and regulatory compliance.

Our Certifications

Industry-leading compliance frameworks we adhere to.

Certified

SOC 2 Type II

Independently audited controls for security, availability, and confidentiality of customer data.

Compliant

GDPR

Full compliance with EU General Data Protection Regulation, including data processing agreements.

Compliant

CCPA

California Consumer Privacy Act compliance with transparent data practices and consumer rights.

Regulatory Framework

How we meet and exceed compliance requirements across jurisdictions.

We provide comprehensive Data Processing Agreements (DPAs) for all customers who require them. Our DPAs cover data processing scope, sub-processor lists, security obligations, and breach notification procedures. Enterprise customers receive customized DPAs upon request.

Magellan CRM ensures lawful international data transfers through Standard Contractual Clauses (SCCs) approved by the European Commission. We maintain data residency options for EU customers and perform regular Transfer Impact Assessments to verify adequate protection levels.

We support the full range of data subject rights under GDPR and CCPA, including the right to access, rectify, erase, and port personal data. Our dedicated privacy team processes all requests within the legally required timeframes, typically responding within 15 business days.

In the unlikely event of a data breach, Magellan CRM commits to notifying affected customers within 24 hours of confirmed discovery. Our incident response plan includes immediate containment, forensic investigation, regulatory notification, and transparent communication throughout the process.

Audit Practices

Our ongoing commitment to security verification and continuous improvement.

  • Annual SOC 2 Type II audits conducted by independent third-party firms
  • Quarterly penetration testing by certified security professionals
  • Continuous automated vulnerability scanning and monitoring
  • Annual employee security awareness training and phishing simulations
  • Regular review and update of security policies and procedures
  • Bug bounty program for responsible vulnerability disclosure

Need Compliance Documentation? Let's Talk

Request our SOC 2 report, DPA, or security whitepaper