An ABM solution you can trust
Madison Logic takes a proactive approach to customer data security and privacy and ensures customer trust through industry compliance and best practices.
Our cybersecurity program is structured around Service Organization Control 2 (SOC 2), National Institute of Standards & Technology (NIST), Center for Internet Security (CIS), and International Standards Organization (ISO).
Madison Logic has integrated privacy-compliant principles into our B2B digital advertising and content syndication workflows and has implemented the appropriate controls to meet global legislation requirements.
The confidentiality of our clients’ data is paramount at Madison Logic. Our industry-standard controls are employed to ensure that all confidential data remains secure and is never shared with third parties without client consent.
Every Madison Logic lead goes through a data-driven, multi-touch validation process to ensure that ABM campaigns are processed with the highest degree of integrity, leading our clients to increased deal velocity and accelerated growth.
Madison Logic annually executes and completes an SOC 2 for Service Organizations. The independent CPA firm, A-Lign has issued the SOC 2 Report and included a clean opinion on the design of Madison Logic’s controls relative to the Security, Privacy, Confidentiality, Processing Integrity, and Availability Trust Service Principles and Criteria.
On July 16th, 2020, the CJEU determined that the Privacy Shield did not afford EU individuals the protections equivalent to those afforded by EU law, including the General Data Protection Regulation, also known as the Schrems II decision. The CJEU said companies can use standard contractual clauses (SCCs) as a primary means of safeguarding data transfer but only if data controllers can ensure appropriate measures are in place to protect EU data from U.S. government surveillance.
Madison Logic takes commercially reasonable and appropriate technical, organizational, and contractual supplemental measures, (Standard Contractual Clauses) to ensure data is afforded an essentially equivalent level of protection as provided under the GDPR.
Contractually, Madison Logic ensures that it meets the data protection obligations under GDPR for data transfers to the United States. Role-based access controls are employed such that segregation of duties, two-factor authentication, and end-to-end audit trails exist. Customer data is segregated for access by tenant (customer) and key Madison Logic personnel via SAML SSO that employs a strong password policy. AES 256-bit encryption protects data at rest, while TLS 1.2 encryption protects data in transit.
All data is stored in the United States at data centers that are accredited under ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley (SOX). Strict breach protection policies, processes, and systems safeguard data from corruption, compromise, or loss.
The California Consumer Protection Act (CCPA) went into effect on January 1, 2020. This piece of legislation aims to protect the personal data of Californians. More importantly, it seeks to give Californians more control over that data. In some ways, it’s the American version of Europe’s General Data Protection Regulation (GDPR). Madison Logic maintains the necessary controls to comply with CCPA and is registered with the California Data Broker Registry.
CASL is Canada’s Anti-Spam Legislation, which took effect July 1, 2014. The legislation includes an opt-in model with limited exceptions that applies to B2B email messaging, meaning generally that recipients must proactively agree to receive email from businesses, commonly known as an ‘express consent’ model.
As a result, Madison Logic no longer sends emails to Canada on their owned and operated sites. We require our platform and off-platform partners to be anti-spam compliant and we take the steps to ensure that they make the proper adjustments prior to program commencement. We are an ad serving and form serving technology and we do not email clients from the platform or off-platform partners (3rd parties).