Our Commitment to Compliance
At Mindtickle, we adhere to global standards and regulatory frameworks to ensure the highest levels of security, privacy, and compliance.
As the global leader in sales readiness, Mindtickle delivers a cloud platform that leading enterprises across the globe trust for business-critical services.
Security
ISO 27001:2022
- ISO 27001 is a globally recognized standard for Information Security Management System (ISMS), which ensures data protection through effective risk management and comprehensive controls encompassing technical, organizational, people, and physical security measures.
- We have completed an external audit of our platform and organizational practices aligned with established ISO 27001 requirements and have been certified, with our internal controls and policies successfully meeting the standard. You can access our ISO 27001:2022 certificate here.
SOC 2
- Mindtickle has audited its platform against the Trust Service Principles and Criteria prescribed by The American Institute of Certified Public Accountants (AICPA) and obtained a Service Organization Control 2 (SOC2) Type 2 report.
- This third-party assurance audit is performed on a semi-annual basis to obtain an independent opinion on the suitability of the design and operating effectiveness of the implemented controls. Our SOC2 Type 2 report can be shared on request with customers and prospects.
SOC 3
- Mindtickle’s SOC 3 is a general-use executive summary of the SOC 2 Type 2 Report and the auditor’s opinion on the design and operational effectiveness of our implemented controls.
- This report provides a concise summary of our adherence to the Trust Service Principles, control effectiveness, and management’s assertion for broader distribution.
- Mindtickle undergoes the SOC 3 audit on an annual basis, and you can access this publicly available report here.
VAPT
- Vulnerability Assessment and Penetration Testing (VAPT) is Mindtickle’s proactive security strategy for identifying, assessing, and mitigating potential security weaknesses across our infrastructure, applications, and services.
- Mindtickle undergoes semi-annual independent third-party VAPT for its network, web, API, mobile applications, integrations and AI systems. These assessments cover OWASP Top 10 vulnerabilities and include testing for XSS, SQL injection, parameter manipulation, and other risks relevant to the application profile. A summary report is available upon request.
Privacy
ISO 27701:2019
- ISO 27701 is the standard providing a framework for establishing and improving a Privacy Information Management System (PIMS), helping organizations manage privacy risks, ensure compliance with data protection laws, and implement controls to protect personally identifiable information (PII) throughout its lifecycle.
- Mindtickle is aligned with the standard, demonstrated robust privacy practices during the external audit, and has achieved the certification. You can access our ISO 27701:2019 certificate here.
GDPR
- Mindtickle is fully compliant with General Data Protection Regulation (GDPR), a European Union (EU) law on data protection and privacy for all individuals within the EU and the European Economic Area (EEA) and their personal data exported outside the EU and EEA.
- We offer GDPR-compliant Data Processing Addendum (DPA) to provide our customers privacy protection assurance and to comply with our obligations as a Data Processor and help our customers meet their obligations as the Data Controllers. More details on our GDPR compliance can be accessed here.
CCPA
- Mindtickle is fully compliant with applicable provisions of California Consumer Privacy Act (CCPA), a state-wide statute intended for enhancing the data privacy and consumer protection rights for residents of California, United States (CA-US).
- We offer CCPA-compliant Data Processing Addendum (DPA) to provide our customers privacy protection assurance and to comply with our obligations as a Service Provider and help our customers meet their obligations as the business entities. More details on our CCPA compliance can be accessed here.
UK DPA
- Mindtickle is fully compliant with applicable provisions of the UK Data Protection Act (UK DPA) 2018, the United Kingdom’s national law, that complements the European Union’s General Data Protection Regulation (GDPR) replaces the Data Protection Act 1998.
- We offer UK DPA-compliant Data Processing Addendum (DPA) to provide our customers with privacy protection assurance and comply with our obligations as a Data Processor and help our customers meet their obligations as the Data Controller.
UK GDPR
- The UK General Data Protection Regulation (UK-GDPR), working with the Data Protection Act 2018, retains the core principles of the EU GDPR but is adapted for the UK’s independent legal framework and enforced by the Information Commissioner’s Office (ICO). It places a strong emphasis on accountability, requiring comprehensive documentation through Records of Processing Activities (ROPA) and Data Protection Impact Assessments (DPIAs).
- Mindtickle provides customers with a UK-specific Data Processing Addendum and supports data transfers using the UK’s International Data Transfer Agreement (IDTA). Mindtickle has performed Transfer Impact Assessment (TIA), assisting customers in complying with recommendations from the UK ICO regarding cross-border data transfers.
ePrivacy Directive
- Mindtickle complies with the EU ePrivacy Directive (often called the “Cookie Directive”), which is a European Union law that complements the GDPR for regulating electronic communications. The directive focuses on the confidentiality of communications, the use of cookies, and the regulation of unsolicited direct marketing. It specifically addresses the protection of data transmitted over public electronic communications networks.
- Mindtickle’s platform is designed for authorized users from customer organizations and limits cookies to those strictly necessary for service functionality, security, and performance, helping customers avoid any non-essential tracking without consent.
Cross-Border Data Protection
Data Privacy Framework (DPF)
- Mindtickle is certified for compliance with EU-U.S. and Swiss-U.S. Data Privacy Framework (DPF), along with its UK Extension, which were developed by U.S. Department of Commerce and the European Commission, UK Government, and Swiss Federal Administration.
- Data Privacy Framework provides us with a reliable mechanism for personal data transfers to the United States from the European Union, United Kingdom, and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law.
- Our Data Privacy Framework compliance certification along with participation status, the purpose of data collection, and dispute resolution mechanism can be accessed here.
EU Standard Contractual Clauses
- The Commission Implementing Decision (EU) 2021/914 of 4 June 2021 to transfer personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and the Council published New Standard Contractual Clauses (SCCs, also known as Model Contractual Clauses) to help safeguard European personal data.
- Mindtickle has incorporated the new SCCs into our Data Processing Addendum to help protect our customers’ data and meet the requirements of European privacy legislation.
- We offer GDPR-compliant Data Processing Addendum (DPA) to provide our customers privacy protection assurance and to comply with our obligations as a Data Processor and help our customers meet their obligations as the Data Controllers. More details on our GDPR compliance can be accessed here.
UK International Data Transfer Addendum
- Mindtickle is fully compliant with the provisions of Article 46 of the UK GDPR and offers an International Data Transfer Addendum (IDTA) issued by the Information Commissioner’s Office (ICO) under Section 119A of the Data Protection Act 2018.
- The IDTA acts as a transfer tool that allows organizations to transfer personal data outside of the UK. The addendum is part of Mindtickle’s pre-signed Data Processing Addendum (DPA) offered to its customers.
- This third-party assurance audit is performed on an annual basis to obtain an independent opinion on the suitability of the design and operating effectiveness of the implemented controls. Our SOC2 Type 2 report can be shared on request with customers and prospects.
APEC PRP Compliance Program
- The Asia-Pacific Economic Cooperation (APEC) has designed the APEC Privacy Framework to provide an accountable approach to managing data privacy protection and the flow of personal information across borders.
- Mindtickle, as a data processor, can demonstrate its adherence to APEC Privacy Framework and assist personal information controllers in complying with relevant privacy obligations by providing assurance around baseline requirements through completed standard intake questionnaire required for Privacy Recognition for Processors (PRP) compliance. You can access Mindtickle’s APEC PRP self assessment form here.
Business Continuity
ISO 22301:2019
- ISO 22301 is the international standard for Business Continuity Management Systems (BCMS), providing a framework to continually enhance resilience and ensure a systematic response to crises.
- To strengthen the security and resilience of the Mindtickle platform, we have aligned our practices and implemented controls in accordance with the standard’s requirements, achieving certification through an external audit. You can access our ISO 22301:2019 certificate here.
Disater Recovery
- Disaster Recovery (DR) test validates the resilience and recoverability of Mindtickle’s critical systems and services in the event of a disruptive incident.
- Mindtickle conducts semi-annual DR tests to simulate realistic scenarios such as database failures and infrastructure component loss to ensure business continuity and compliance with recovery time objectives (RTO) and recovery point objectives (RPO) defined in our Business Continuity and Disaster Recovery (BCDR) plan. A summary of our most recent DR test and its outcomes can be shared upon request with customers and prospects.
Cloud Security
ISO 27017:2015
- ISO 27017 provides guidelines for information security controls specific to cloud services. The standard addresses key security concerns such as data protection, access management, and shared responsibilities between cloud service providers and customers to ensure robust security practices in cloud-based services.
- Mindtickle has identified and mitigated the unique security risks associated with providing cloud services and has undergone an external audit to achieve this certification. You can access our ISO 27017:2015 certificate here.
ISO 27018:2019
- ISO 27018 specifies guidelines taking into consideration the regulatory requirements for the protection of personally identifiable information (PII) within the context of the information security risk environment of public cloud service providers. It establishes commonly accepted control objectives for implementing privacy principles.
- Mindtickle successfully demonstrated its stringent privacy controls for protecting PII in the public cloud environments, aligning with applicable data protection laws and privacy risk assessments. Following the audit, Mindtickle was awarded the certification for this standard. You can access our ISO 27018:2019 certificate here.
CSA STAR
- Mindtickle is compliant and certified as Level 1 with Security, Trust and Assurance Registry (STAR), an Open Certification Framework developed by Cloud Security Alliance (CSA) to promote best practice in the security assurance within Cloud Computing.
- Mindtickle has completed the CSA Consensus Assessments Initiative Questionnaire (CAIQ), which provides visibility into Mindtickle’s processes and practices followed to ensure security, confidentiality, and integrity of customer information. You can access Mindtickle’s registry entry here.
AI Compliance
ISO 42001:2023
- ISO 42001 is the first international, certifiable standard for Artificial Intelligence Management Systems (AIMS), providing requirements and guidance to establish, implement, maintain, and continually improve governance, risk assessment, ethical safeguards, and transparency across the entire AI lifecycle.
- We have successfully aligned our AI governance processes and controls with ISO 42001 requirements and have undergone an independent third-party audit to validate our implementation and adherence to the standard. Our ISO 42001:2023 compliance report can be shared on request with customers and prospects.
EU AI Act
- The EU Artificial Intelligence Act is a comprehensive, risk-based regulation for AI, classifying systems by risk level and imposing mandatory governance, transparency, safety, and human-oversight requirements for high-risk applications to ensure ethical and trustworthy AI deployment.
- Mindtickle has fully aligned its AI governance framework with the EU AI Act by implementing risk assessments, technical documentation, human-in-the-loop measures, and semi-annual penetration tests with a focus on its AI features. Our EU AI Act compliance report can be shared on request with customers and prospects.
Industry Specific Compliance
HIPAA
- Mindtickle is compliant with U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) and undergoes an annual third-party HIPAA assessment to review our controls around privacy of individually identifiable health information as defined in the Privacy Rule and security of Electronic Protected Health Information as defined in the Security Rule.
- Our HIPAA compliance report can be shared upon request with customers and prospects. We also offer HIPAA-compliant Business Associate Agreement (BAA) to our customers who are subject to HIPAA.
FINRA
- U.S. Securities and Exchange Commission (SEC) Rule 17a-4 outlines the requirements for broker-dealers that fall under the Financial Industry Regulatory Authority (FINRA) jurisdiction to create, preserve and furnish a comprehensive record of each securities transaction.
- Mindtickle helps customers in the financial services industry to meet the applicable FINRA compliance requirements. We have implemented technical and organizational measures to comply with the SEC Rule 17a-4 clause around data retention, indexing, accessibility, and format.
21 CFR Part 11
- Mindtickle is compliant with GxP regulation enforced by the US Food and Drug Administration (FDA) and defined in Title 21 of the Code of Federal Regulations (21 CFR) Part 11. We have implemented controls for computer systems that create, modify, maintain, archive, retrieve, or distribute electronic records under GxP-regulated activities.
- The third-party independent assessment is performed on an annual basis to ensure our ongoing compliance with 21 CFR Part 11. Our 21 CFR Part 11 compliance report can be shared on request with customers and prospects.
Standadized Vendor Compliace
SIG
- The Standardized Information Gathering (SIG) questionnaire, developed by Shared Assessments, offers a comprehensive set of questions to evaluate service providers’ risk controls. Organizations widely use SIG to manage their Third-Party Risk Management (TPRM) programs.
- Mindtickle has assisted multiple customers in their TPRM compliance journey by providing information as necessary for the SIG questionnaire and associated documentation. Our SOC2 controls are aligned to meet the compliance obligations set forth by the SIG questionnaire.
Vendor Security Alliance (VSA)
- The Vendor Security Alliance (VSA) is an industry-recognized security assessment created to help organizations evaluate their vendors’ security practices. This assessment covers domains such as data protection, risk management, access control, incident response, system monitoring, secure SDLC, and compliance audit practices.
- We have thoroughly documented our responses to the VSA full questionnaire to provide visibility into our security, privacy, and compliance practices. This VSA assessment report, along with the supporting evidence, can be shared with customers and prospects upon request.
HECVAT
- Higher Education Cloud Vendor Assessment Tool (HECVAT) is a framework designed for higher education institutions to assess vendor risk, ensuring security and privacy policies and controls protect sensitive institutional data and constituents’ PII.
- We have completed HECVAT toolkit that offers clarity into our security, privacy, and compliance measures. This toolkit is listed in Higher Education Information Security Council’s Community Broker Index and you can request HECVAT assessment for performing security evaluation.
Accessibility VPAT
- Voluntary Product Accessibility Template (VPAT) is used to evaluate how accessible a product is to people with disabilities. Organizations use VPAT to assess whether a product meets requirements for regulations like the Americans with Disabilities Act (ADA), Web Content Accessibility Guidelines (WCAG), Section 508 and European accessibility standards for ICT products and services (EN 301 549).
- Mindtickle has evaluated its media and content player against the applicable criteria in WCAG 2.2 and has comprehensively documented its conformance against level AA in a VPAT version 2.5 document, which can be made available on request. You can also view the accessibility features provided by Mindtickle here.
Country Specific Privacy Law Compliance
China
- Mindtickle supports customer compliance with the Personal Information Protection Law of the People’s Republic of China (PIPL), which governs the collection, use, storage, and cross-border transfers of personal information, with strong emphasis on consent and organizational safeguards.
- As a processor, Mindtickle helps customers comply with PIPL by implementing data security measures and maintaining transparent data handling, as per contractual commitments. Mindtickle can assist customers with Data Export Security Assessments (DESA) by providing data flow records, security documentation, and evidence for the Cybersecurity Administration of China (CAC) submissions, and support Security Certification (SC) efforts by aligning with certification criteria and supplying audit support, under customer instruction.
Brazil
- Mindtickle is compliant with Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD), which establishes the rights of data subjects and the obligations for controllers and processors handling the personal data of individuals in Brazil.
- As a data processor (‘operador’), Mindtickle supports customers’ LGPD compliance through detailed data processing agreements outlining lawful basis for processing activities, categories of personal data, sub-processor disclosures, data retention, and breach notification. We aid customers, under their instruction, by maintaining records of processing, assisting with data subject rights requests (access, correction, deletion, portability), and ensuring secure handling of personal data. Mindtickle has appointed a Data Protection Officer (DPO) and allows customers to display their own privacy notices at login. For international transfers, Mindtickle adheres to Standard Contractual Clauses, helping customers meet LGPD requirements.
Australia
- Mindtickle complies with the Australian Privacy Act 1988, which is guided by the 13 Australian Privacy Principles (APPs) for the responsible handling of personal information throughout its lifecycle.
- Mindtickle collects only the personal information necessary for its services and pseudonymizes data wherever possible, rendering it anonymous upon user deletion. Mindtickle maintains transparency through its privacy policy and transparency report, which disclose any requests received from government agencies, including the Office of the Australian Information Commissioner (OAIC), where legally permitted. Any subprocessors are used solely to deliver core platform services and are governed through DPAs and sub-processor contracts, in line with OAIC guidance on cross-border transfers.
Switzerland
- Mindtickle is compliant with Switzerland’s New Federal Act on Data Protection (nFADP), which aligns Swiss law with the GDPR and focuses on transparency of processing purposes.
- Mindtickle supports enterprise customers in complying with Switzerland’s nFADP by providing detailed processing records and system architecture information necessary to complete Data Protection Impact Assessments (DPIAs). The platform does not perform automated decision-making or profiling. We comply with Swiss adequacy standards, EU-U.S. and Swiss-U.S. Data Privacy Framework (DPF), and contractual safeguards for cross-border transfers.
Canada
- Mindtickle complies with Canada’s federal and provincial privacy laws, including Personal Information Protection and Electronic Documents Act (PIPEDA), and Alberta and British Columbia’s Personal Information Protection Acts (PIPA). We also adhere to Quebec’s Act respecting the protection of personal information in the private sector (as amended by Law 25), ensuring comprehensive compliance across Canada.
- As a processor, we consider contracts with customers as a legal basis of processing and help customers comply with these laws by limiting the collection, use, and disclosure of personal information and safeguarding it through technical and organizational measures. We also provide processing details to support customers with Privacy Impact Assessments (PIAs) and have appointed a privacy officer to ensure accountability and support regulatory compliance.
Dubai
- Mindtickle complies with the Dubai International Financial Center’s (DIFC) Data Protection Law No. 5 of 2020, a framework closely aligned with the GDPR that emphasizes lawfulness, fairness, transparency, data minimization, and accountability.
- Mindtickle maintains records of processing activities and assists customers operating within the DIFC with Data Protection Impact Assessments (DPIAs), enabling our customers to conduct proactive risk assessments and demonstrate compliance to the DIFC Commissioner. As per the contract, Mindtickle will only process personal data based on the documented, lawful instructions of the controller, and the same secure obligations apply to subprocessors. Cross-border transfers comply with adequacy standards, contractual safeguards, technical and organizational measures protect data, and a designated Data Protection Officer oversees compliance, supporting customers in meeting DIFC-specific regulatory requirements.
India
- Mindtickle complies with India’s Digital Personal Data Protection Act, 2023 (DPDPA), which regulates the processing of digital personal data of individuals in India or outside India if related to goods/services offerings to data principals in India. As a Data Processor, we provide clear, itemized notice for each processing purpose and assist our customers in their role as Data Fiduciaries by processing personal data strictly under their instructions with purpose limitation and security safeguards.
- Mindtickle also complies with India’s Information Technology Act and the IT Sensitive Data Rules, which define sensitive personal data and require its secure, fair, and consent-based processing. While Mindtickle does not process sensitive personal data, our platform implements technical and organizational safeguards to protect all personal information and supports customers in meeting their obligations for secure and compliant data handling under these laws.
Israel
- Mindtickle complies with Israel’s Privacy Protection Law, distinguished by its highly prescriptive Privacy Protection Regulations (Data Security). These regulations mandate specific technical and organizational security controls based on a database’s defined sensitivity level (‘Basic’, ‘Medium’, or ‘High’) and have explicit legal roles of ‘Database Owner’ (controller) and ‘Holder’ (processor).
- Mindtickle operates as a ‘Holder’ under Israel’s Protection of Privacy Law and supports the ‘High’ security level requirements, even for non-sensitive employee data, incorporating measures like encryption, granular access control, logging, and regular audits. This directly enables our ‘Database Owner’ customers to comply with their legal obligation to use a Holder that meets these stringent, government-defined security standards.
Japan
- Mindtickle complies with Japan’s Act on the Protection of Personal Information (APPI), which governs ‘Personal Information Handling Business Operators’ and has detailed rules for entrusting data to third parties.
- As a Data Processor, Mindtickle acts strictly under customer instructions, with implicit consent, and processes any opt-out requests according to customer guidance. For cross-border transfers, Mindtickle and its subprocessors operate under contractual safeguards to comply with APPI regulations. We aid customers with any PII breach reporting to the central regulator, the Personal Information Protection Commission (PPC), and also notifying the affected individuals.
Mexico
- Mexico’s Federal Law on the Protection of Personal Data held by Private Parties (LFPDPPP) is built on a foundation of user consent and grants individuals strong “ARCO” rights (Access, Rectification, Cancellation, and Opposition). The law distinguishes between the ‘Responsable’ (controller), who determines the purposes of processing, and the ‘Encargado’ (processor), who processes personal data on behalf of the Responsable.
- As an Encargado, Mindtickle supports its customers (Responsables) in managing and responding to ARCO rights requests within the timelines set by the LFPDPPP. Mindtickle provides an audit trail of each request, from receipt to resolution, helping Responsables demonstrate accountability as required by the law.
South Africa
- South Africa’s Protection of Personal Information Act (POPIA) establishes eight conditions for the lawful processing of personal information. The Act requires every organization to appoint an ‘Information Officer’ and places direct accountability on the ‘Responsible Party’ (controller) for ensuring that its ‘Operators’ (processors) comply with POPIA’s security and confidentiality requirements.
- In our role as an ‘Operator’ under POPIA, Mindtickle provides our customers’ appointed ‘Information Officers’ with the necessary administrative controls and reports to oversee data processing activities. Our platform’s security measures are specifically designed to help the ‘Responsible Party’ meet its obligations, including protecting data against loss, damage, or unauthorized access.
US State Specific Privacy Law Compliance
Virginia
- Mindtickle is compliant with the Virginia Consumer Data Protection Act (VCDPA), which grants Virginia residents enhanced rights over their personal data, including access, correction, deletion, and portability.
- We support customers in meeting their controller obligations regarding consumer rights requests within statutory timelines and ensure data is processed only for disclosed and lawful purposes. Our privacy policy clearly lists the categories of personal data collected and the purposes of processing.
Colorado
- Mindtickle is compliant with the Colorado Privacy Act (CPA), which establishes consumer rights over personal data, including the right to access, correct, delete, and opt out of targeted advertising, data sales, and certain profiling activities. The law requires controllers to provide transparency and conduct risk assessments for higher-risk processing.
- Mindtickle maintains documented processing activities, enforces security measures, and ensures timely notification of incidents to comply with our role as a processor. Data sharing is limited to valid subprocessors, and personal information is never sold. We provide the necessary assistance and information to enable our customers, as controllers, to honor consumer rights requests and to complete required data protection assessments.
Connecticut
- Mindtickle is compliant with the Connecticut Personal Data Privacy and Online Monitoring Act (CTDPA), which grants Connecticut residents rights over their personal data, including access, correction, deletion, and portability. The CTDPA requires businesses to provide transparent disclosures, limit processing to lawful purposes, and honor opt-out rights for targeted advertising, the sale of personal data, and certain profiling.
- Mindtickle helps customers meet their CTDPA obligations by offering granular controls within the platform to manage admin access to data. We also support the execution of consumer rights requests for access, correction, and deletion, ensuring compliance within the 45-day response period mandated by Connecticut law.
Utah
- Mindtickle is compliant with the Utah Consumer Privacy Act (UCPA), which grants Utah residents rights regarding access, deletion, and portability of their personal data. The UCPA requires transparency around categories of personal data collected and their purposes, as well as honoring opt-outs for targeted advertising and sale of personal data.
- Mindtickle processes personal information only for legitimate purposes under the customer contract, and our privacy policy lists the categories of personal information processed and their purposes. We support customers in complying with their controller obligations by processing data subject requests within required timelines.
Texas
- Mindtickle is compliant with the Texas Data Privacy and Security Act (TDPSA), which grants Texas residents rights, including access, correction, deletion, and portability of their personal data. The TDPSA mandates clear disclosures, limits data processing to lawful purposes, and requires businesses to honor consumer opt-out rights for targeted advertising, sales of personal data, and profiling.
- Mindtickle applies robust technical and organizational safeguards to protect personal data and assists our customers in addressing consumer rights requests under the TDPSA. We do not sell customer data and process personal information according to contractual commitments with the customer.
Montana
- Mindtickle is compliant with the Montana Consumer Data Privacy Act (MCDPA), which provides Montana residents the right to access, correct, delete, and obtain copies of their personal data. The Act requires transparency, data minimization, and respect for consumer opt-out requests related to targeted advertising, the sale of data, and profiling.
- As a processor, Mindtickle protects the confidentiality and security of customer data and processes data only as per authorization by the customer. We also support our customers in addressing consumer rights requests under the MCDPA.
Nevada
- Mindtickle is compliant with the Nevada Privacy of Information Collected on the Internet from Consumers Act (NPICICA), which provides Nevada residents the right to opt out of the sale of personal information collected online.
- Mindtickle does not sell personal data. We support our customers in implementing and honoring consumer opt-out rights under NPICICA and fulfill our role as a processor in line with contractual obligations with the customer.
Iowa
- Mindtickle is compliant with the Iowa Consumer Data Protection Act (ICDPA), which grants Iowa residents rights, including access, deletion, and portability of their personal data.
- Mindtickle provides transparency about the collection, use, and sharing of personal data. We are committed to protecting customer data, do not sell it, and honor any opt-out requests for targeted advertising. We enable customers to fulfill controller obligations, ensuring lawful processing and timely responses to consumer requests.
Oregon
- Mindtickle is compliant with the Oregon Consumer Privacy Act (OCPA), which provides Oregon residents the right to access, correct, delete, and obtain a copy of their personal data. The OCPA requires clear notices, lawful purposes for processing, and respect for consumer opt-out rights related to targeted advertising, sales, and profiling.
- Mindtickle does not sell data or provide targeted ads to users on the platform. We process limited personal data according to contractual commitments with customers and maintain secure standards to safeguard it. We also provide assistance to help controllers meet their consumer rights obligations under Oregon law.
Nebraska
- Mindtickle is compliant with the Nebraska Data Privacy Act (NDPA), which grants Nebraska residents rights, including access, correction, deletion, and portability of their personal data.
- Mindtickle upholds its obligations as a processor by maintaining security and confidentiality and assisting controllers with consumer rights compliance. We support our customers in reviewing and resolving any concerns promptly, ensuring they’re addressed within the 30-day cure period.
New Jersey
- Mindtickle is compliant with New Jersey Senate Bill 332 (NJ SB332), which establishes rights for New Jersey residents to access, correct, delete, and obtain copies of their personal data.
- Mindtickle fulfills its contractual obligations by processing personal data strictly according to customer instructions, implementing technical and organizational safeguards, and supporting customers with consumer rights compliance. Mindtickle does not exchange customer data for monetary consideration; our processing activities do not constitute a “sale” under the Act’s definition, simplifying customer compliance.
New Hampshire
- Mindtickle is compliant with New Hampshire Senate Bill 255 (NH SB255), which provides New Hampshire residents the right to access, correct, delete, and port their personal data.
- Mindtickle supports customers in fulfilling consumer rights requests within the 45-day timeline stipulated by the Act. Our platform enables the export of an individual user’s data in a structured, commonly used, and machine-readable format to exercise the right to data portability.
Delaware
- Mindtickle is compliant with the Delaware Personal Data Privacy Act (DPDPA), which grants Delaware residents rights over their personal data, including access, correction, deletion, and portability.
- Mindtickle provides customers with the necessary processing information to support data privacy assessments as part of the controller’s obligation under DPDPA. Mindtickle processes personal data only as per contract with customers, protects data confidentiality, and supports customers with consumer rights compliance.
Tennessee
- Mindtickle is compliant with the Tennessee Information Protection Act (TIPA), which provides Tennessee residents with rights to access, correct, delete, and obtain copies of their personal data.
- Mindtickle processes personal information according to contractual commitments with customers. As a sales readiness and revenue enablement platform, Mindtickle processes low risk, employee data, and does not require access to information classified as “sensitive” under the Act. Our security framework is aligned with NIST, and we safeguard the personal data we process, maintain confidentiality, and assist customers in fulfilling their consumer rights obligations under TIPA.
Minnesota
- Mindtickle is compliant with the Minnesota Consumer Data Privacy Act (MNCDPA), which grants Minnesota residents rights over their personal data, including access, correction, deletion, and portability.
- Mindtickle ensures that personal data is processed only to deliver platform services to customers.Mindtickle does not transfer any personal data for monetary or other valuable consideration. We maintain security safeguards and the confidentiality of personal data and support customers in fulfilling their data subject rights requests.
Maryland
- Mindtickle is compliant with the Maryland Online Data Privacy Act (MODPA), which establishes a stringent data minimization principle, mandating that the collection of personal data be “reasonably necessary” and sensitive data be “strictly necessary” for the service provided.
- Mindtickle adheres to data minimization principles as a processor under Maryland law, processing only the data essential for delivering our platform services to the customer. Mindtickle provides clear and accessible privacy notices outlining the collection, use, and sharing practices. We also support customers in displaying their specific privacy notice on the platform login page.
Indiana
- Mindtickle is compliant with the Indiana Consumer Data Protection Act (ICDPA), which grants Indiana residents rights, including access, correction, deletion, and portability of their personal data.
- As a processor, Mindtickle operates under contractual agreements with customers, ensuring confidentiality, security, and proper handling of personal data. We assist our customers in complying with ICDPA, making it easy for them to handle consumer requests for data return or deletion.