Security at the Core. Privacy by Design.
Our local and no-code approach to automation helps us maintain the highest levels of security and privacy for you and your team.
HIPAA compliant
Your patients’ PHI stays protected.
We don’t track your keystrokes
When you use Magical, your keystrokes on websites never leave your computer. Inserting a template occurs locally. You can test this by using templates even while your computer is offline. Only the content of the templates you explicitly save in your Magical workspace are saved by Magical to help you use our automation.
Data is encrypted for extra protection
All data is encrypted during transfer to Magical’s platform using HTTPS/TLS 1.2. All data is encrypted at rest using AES-256.
Additionally, templates saved in Magical have an additional layer of encryption. Helping us keep your templates safe and the data you process, even safer.
Your templates in Magical are backed up daily
Your message templates are stored on our secure servers to provide durable backups. We store templates in real-time and complete general and regional backups daily, with backups retained for 7 days.
Manage and control team membership and team content
Magical offers role-based access controls for teams and team content, so users can collaborate securely. Team administrators can control which users join their team, access their content, and they can control the content in the team workspace.
Manage users and enable access with SSO
The Enterprise plan includes single sign-on (SSO), so workspace admins can enable secure logins via SAML 2.0. This plan also includes SCIM provisioning to control access for users.
Manage AI Features and Access
Workspace admins have control over access to Magical AI features. Turn on or off Magical’s AI offering across your workspace with our Enterprise plan’s AI access control.
Application security and vulnerability management
Magical adheres to a Software Development Lifecycle (SDLC) policy that ensures testing is conducted on all code and feature launches. Additionally, Magical performs vulnerability scanning of key infrastructure and systems on a set cadence. As part of Magical’s investment in SOC 2 Type II compliance, Magical undergoes annual penetration tests conducted by third-party vendors.
Proactive system maintenance
Magical employs a variety of measures to ensure system availability and performance, including redundant systems, data backups, and regular system maintenance. No dusty servers here—we host our services on secure cloud platforms (AWS). Additionally, Magical reviews third-party vendors prior to onboarding and on an ongoing cadence.
Restricted employee access controls
Magical has implemented access control measures to ensure that only authorized users can access customer data. This includes multi-factor authentication, role-based access control, and audit logs. Magical adheres to the principle of Least Privilege for access, where access is reviewed on a set cadence to ensure only required access is granted. Magical additionally has in place password security policies and management for employee access.
Threat detections and securing endpoints
Magical leverages third-party software for detection of and protection from malware, intrusions, and malicious activities on endpoints. Additionally, employee laptops and devices have disk encryption enabled and are managed by members of the security and operations team through a Mobile Device Management (MDM) software.
Please note: Magical is not intended to store private or identifying data like credit card numbers, passwords, social security information, or other similar information as templates.
Frequently asked questions
Does Magical store any passwords?
We do not store or maintain any passwords for logging into Magical. We use a third-party, WorkOS, for password-less email authentication. We also rely on the well-utilized OAuth mechanism for logging in with companies such as Google and Microsoft.
Is Magical SOC2 compliant?
Yes! Magical is SOC 2 Type II compliant. Get a copy of our SOC 2 Type II report.
Can I turn off Magical AI features?
Yes, you can by emailing us at trust@getmagical.com. Workspace admins on Magical’s Enterprise plan can control access to Magical AI features for the workspace. Request more information about our Enterprise plan.
More Questions?
If you have any further questions or to report any security information, please contact trust@getmagical.com.
Is Magical HIPAA compliant?
Yes, Magical is HIPAA compliant. HIPAA compliance is essential for handling sensitive healthcare data. To ensure our AI agentic automations meet HIPAA requirements and uphold the highest standards of privacy and security, we’ve implemented safeguards to protect PHI (Protected Health Information) throughout every interaction.