All Collections
Information & Security
Stella Connect and CCPA
Stella Connect and CCPA
Updated over a week ago

Stella Connect and CCPA

In January 2020, the California Consumer Privacy Act (CCPA) will take effect. The CCPA is the United State’s first version of GDPR, the European privacy law.

In this document, we detail our approach and philosophy around CCPA compliance and lay out the reasons why you can be 100% confident partnering with Stella Connect in this new era of consumer privacy.


Why We Welcome the Introduction of CCPA

At Stella Connect, privacy has always been one of our core principles.

We are not an analytics or advertising company and we have never have been in the business of selling consumer data. We take privacy and security into account during every step of our development process and we have had to make no technical changes to our platform to become CCPA compliant. We have introduced the required policies and procedures to help our clients remain in compliance while using our platform.

Why You Can Feel 100% Confident Partnering with Stella Connect

  • Stella Connect offers a Data Processing Addendum (DPA) giving you the legal assurances that are required under CCPA. All data you share with us is protected through this DPA.

  • Stella Connect certifies that it understands the security and privacy requirements of CCPA.

  • Because Stella Connect is purely a “service provider” under the CCPA, no changes need to be made regarding messaging, disclaimers, consents, or data integrations.

  • We hire outside firms who use cutting edge technologies to conduct regular penetration testing of our platform. These audits provide third-party validation of the security of your data.

  • We use advanced encryption in our databases, making it impossible for third parties to access consumer data even in the event of a breach.

  • We have processes in place for answering all data subject access requests that can arise under CCPA. We do this within a 20-day SLA that gives our clients extra time to respond to these requests.

  • We also provide an expunging service for personally identifiable information (PII). This service deletes end customer PII on a rolling basis. When this is in effect, companies do not need to worry about data subject access requests regarding Stella Connect data.

The policies and practices we have in place around CCPA have been stress-tested by many of the world’s largest and most privacy-conscious companies. Without exception, we have passed these rigorous InfoSec audits, underlining our foundational commitment to privacy and data protection.

For further information on Stella Connect’s compliance with CCPA, contact privacy@medallia.com.

Did this answer your question?