Privacy and Security Center

Global commitment to data protection and privacy with enterprise-grade security and compliance

Our Commitment to Data Protection, Privacy, Security, and Compliance

Machintel is dedicated to maintaining the highest standards of data protection, privacy, and information security. We take comprehensive measures to ensure the confidentiality, integrity, and availability of sensitive information entrusted to us by our valued customers, partners, and employees. Our approach includes rigorous adherence to privacy laws, meeting stakeholder expectations, and continuously enhancing our protective measures. Machintel is committed to fostering a secure environment where our stakeholders' data is safeguarded with utmost diligence.

Global Privacy and Security at Machintel

Machintel’s pledge to uphold the highest standards of data protection and information security laws spans across continents, adapting to and embracing the nuances of each region to protect the data and trust of our clients worldwide.

United States & Canada

Legislative requirements of the US and Canada for which our comprehensive policies and practices are designed to ensure alignment and compliance.

  • CCPA and CPRA
  • US States with Privacy Laws
  • CAN-SPAM Act and others
  • GDPR for EU citizens’ data in the US
  • CASL, PIPEDA, PIPA and Quebec’s Act

Europe & UK

European Union and United Kingdom regulations governing data protection, privacy, and information security for which we’re implemented stringent policies and procedures.

  • GDPR for comprehensive data protection and privacy
  • ePrivacy and NIS Directives for security of information systems
  • UK GDPR and Data Protection Act
  • Privacy and Electronic Communications Regulations (PECR)

Rest of the World

Machintel extends its commitment to data protection, privacy, and information security globally by tailoring our practices to meet the specific legal requirements of each country where we operate.

See the comprehensive list of Data Protection Authorities (DPAs) across all countries (where they exist):

  • Americas
  • EMEA, and 
  • APAC

International Organization for Standardization (ISO)

Machintel’s commitment to developing, maintaining and placing security and privacy, and including artificial intelligence, management systems at the center of its way of doing business is reflected in these certifications.

ISO 27001

Information Security Management Systems

The ISO/IEC 27001 standard provides guidance for establishing, implementing, maintaining and continually improving an information security management system.

Conformity with ISO/IEC 27001 means that an organization or business has put in place a system to manage risks related to the security of data owned or handled by the company, and that this system respects all the best practices and principles enshrined in this International Standard.

ISO 27701

Privacy Information Management System

ISO/IEC 27701 serves as an extension to ISO/IEC 27001, focusing on privacy information management. It offers a framework for establishing, implementing, maintaining, and continually enhancing a Privacy Information Management System (PIMS).

Adherence to ISO/IEC 27701 signifies that an organization has developed a comprehensive approach to privacy management, extending beyond information security to address the proper handling of personal data.

ISO 9001

Quality Management Systems(QMS)

ISO 9001 provides a structured framework for companies to ensure their products and services consistently meet customer and regulatory requirements.

Conformity with ISO 9001 indicates that an organization has implemented a quality management system that prioritizes efficiency, service excellence, and customer satisfaction, demonstrating the organization's commitment to maintaining high-quality standards in its operations and deliverables. 

ISO 42001

Artificial Intelligence Management System

ISO/IEC 42001 is an international standard that specifies requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS) within organizations. It is designed for entities providing or utilizing AI-based products or services, ensuring responsible development and use of AI systems and sets out a structured way to manage risks and opportunities associated with AI, balancing innovation with governance.

In progress

General Data Protection Regulation (GDPR)

Machintel is dedicated to facilitating GDPR compliance for both our customers and partners. We have established partnerships with legal experts in Europe and the US to ensure that our products and contracts adhere to GDPR regulations. Continuously monitoring industry best practices, we diligently update our policies and commitments around GDPR.

Residents of the European Union (EU) have rights related to the use of their data. Machintel applies these rights to all customers. 

EU residents’ rights include:

  • The right to access – You have the right to request copies of your personal data.
  • The right to rectification – You have the right to request that we correct any information you believe is inaccurate or incomplete. If you have an account with Netlify, you can make some of these corrections directly by logging in to your account.
  • The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
  • The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
  • The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

UK residents’ rights include:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling. 

For more information, see the Data Privacy Framework (DPF) in the Machintel privacy policy.


Machintel has developed and implemented comprehensive privacy and information security programs for:

  • Compliance with  relevant privacy legislation and regulatory standards pertinent to our business services
  • Fulfillment of customer and stakeholder expectations, along with contractual obligations
  • Deployment, upkeep, surveillance, and progressive enhancement of our security and data protection measures
  • Use of best practices in protection, privacy, security and compliance in all programs and their protocols

Data Protection and Privacy

Machintel maintains a robust privacy and data protection governance framework designed to oversee privacy compliance and mitigate data protection risks effectively. This framework is anchored by a comprehensive policy that delineates the overarching structure of our privacy program, pinpointing critical control domains, methodologies, and organizational tactics for ensuring data protection and adherence to privacy mandates. Additionally, the framework encompasses precise policies and procedural guidelines aimed at conforming to specific requirements of prevailing privacy legislations.

The foundational elements of Machintel's Privacy Program include:

    • Unwavering support and dedication from executive leadership
    • Designation of specialized privacy and security staff
    • A solid foundation of policies, procedures, standards, and guidelines
    • Extensive privacy and security training and awareness initiatives
    • Integration of Privacy by Design principles
    • Implementation of security measures for safeguarding sensitive and confidential data
    • Efficient management of privacy incidents
    • Prompt data breach notification procedures
    • Thorough handling of privacy inquiries and investigations
    • Rigorous audits of privacy and associated security controls
    • Ongoing updates and enhancements to the Privacy Program

Information Security

Machintel's Information Security Program is designed to establish, enforce, and oversee the comprehensive security measures encompassing policies, procedures, standards, guidelines, and controls tailored to protect all sensitive personal and confidential information in our care. This initiative aligns with the requirements of pertinent legal and regulatory frameworks, as well as our contractual obligations.

Key pillars of Machintel's Information Security Program include:

    • Strong support and commitment at the executive level
    • Designation of specialized security personnel
    • Comprehensive security policies, procedures, standards, and guidelines
    • Ongoing information security training and awareness initiatives
    • Rigorous risk assessments for critical systems
    • Prompt identification and response to security incidents
    • Mechanisms for secure incident reporting by the workforce
    • Proactive information security breach notifications
    • Robust security processes and controls for safeguarding sensitive and confidential data
    • Regular audits and evaluations of security controls
    • Continuous updates and maintenance of the Information Security Program

The framework of our program draws on best practices from industry-leading standards and frameworks, including the National Institute of Standards and Technology (NIST), relevant SOC 2 criteria, and the International Organization for Standardization (ISO).

Global Data Protection Agencies (DPAs)

Machintel's comprehensive directory is an invaluable resource for effortlessly locating the data protection agency in your country, ensuring you have immediate access to authoritative privacy guidance and support.


The Americas are divided into North America (NA or NORAM) and Latin America (LATAM)or alternatively as North, Central and South America.

  • US FTC and related agencies
  • All 50 US States’ DPAs
  • Canadian OPC and DPAs for provinces and territories
  • LATAM Countries


The EMEA region, with 114 countries, is divided into Europe, the Middle East, and Africa. The DPA in some countries has not yet been designated by their governments.

  • Europe: 44 countries
  • Middle East: 16 countries
  • Africa: 54 countries


The APAC region is divided into East Asia, Southeast Asia, South Asia, Oceania, and Central Asia.

  • East Asia: 3 countries
  • Southeast Asia: 9 countries
  • South Asia: 5 countries 
  • Oceania: 2 countries
  • Central Asia: 2 countries

Administrative Framework and Privacy Policies

Machintel has established an extensive array of policies, procedures, and controls to address and mitigate privacy and security risks effectively. This framework includes, but is not limited to:

    • Information Security Risk Management Policy
    • Access Control, Authentication, and Authorization Policy
    • Acceptable Use Policy
    • System Development Lifecycle Policy
    • Password Management Policy
    • Data Classification and Handling Policy
    • Business Continuity and Disaster Recovery Policies
    • Privacy and Security Incident Management Policies
    • Record Retention and Destruction Policy alongside Retention Schedules
    • Third-Party Assessment Policy with assessment tools
    • GDPR and CCPA Compliance Policies and Procedures

Comprehensive Privacy and Security Training and Awareness Programs

Machintel ensures a culture of privacy and security through extensive training and awareness programs for employees and relevant stakeholders, focusing on understanding the organization’s privacy and security protocols and responsibilities.

Human Resource Controls

Machintel is committed to attracting and nurturing a diverse pool of exceptional talent, recognizing the critical role our employees play in data protection. We conduct thorough background checks in line with local laws and require all new hires to acknowledge our privacy and security policies. Continuous training, performance reviews, and a culture of diversity, equity, and inclusion are pillars of our HR strategy.

Incident and Third-party Management

Machintel has instituted a robust incident management program with a cross-functional team ready to address and mitigate any privacy or security incidents, minimizing impact and operational disruption. Our third-party assessment program rigorously evaluates the compliance and security postures of our partners, especially those linked to critical systems.

Technical and Physical Security Measures

Machintel employs a suite of IT security controls and practices, including:

  • Access and Authorization Controls
  • Advanced Authentication and Password Management
  • Network Security Enhancements like Firewalls, IDS/IPS, and SIEM systems
  • Regular Vulnerability Scanning and Penetration Testing
  • Secure Wireless Networking and Server/Workstation Management
  • Encryption for Data in Transit, Backups, and at Rest
  • Physical Security Measures and Disaster Recovery Protocols

Machintel partners with SOC 2 compliant data centers and cloud providers to ensure the highest security standards in service delivery and internal operations.

Data Privacy Operations

Machintel’s evolving privacy program is designed to comply with international privacy laws like GDPR and CCPA, aligning with best practices and stakeholder expectations. Our operations include:

    • Processing Records Maintenance
    • Legitimate Interest Management
    • Privacy/Data Protection Impact Assessments
    • Personal Information Management and Individual Rights Fulfillment
    • External Privacy Communications and Third-Party Assessments
    • Regular Audits to Uphold Regulatory and Customer Commitments

Data Collection and Transparency

As a B2B data provider, Machintel responsibly collects business contact information through transparent and voluntary interactions, adhering strictly to our privacy policies. We emphasize transparency and clarity in our data practices, providing comprehensive privacy notices and various avenues for data subjects to exercise their rights.

Machintel is dedicated to lawful, necessary, and secure data processing, specializing in the collection and utilization of business contact information through a consent-based engagement process. Prospective members willingly share their details to access our exclusive content and receive targeted communications that align with their professional interests. The scope of data we collect is strictly confined to essential, non-sensitive information such as names, titles, and contact details, all handled in strict adherence to our comprehensive online privacy guidelines.

Our commitment to transparency in the management, utilization, and safeguarding of data, especially personal information, forms the cornerstone of our privacy ethos. As a dedicated B2B entity, we recognize the importance of clear, transparent communication with our members and clients regarding our data handling practices. To this end, we maintain easily accessible privacy policies and notices, prominently displayed across our digital platforms, registration interfaces, and within our email correspondences. Our framework includes a range of member agreements that delineate the terms of service use, alongside offering numerous avenues for members and clients to exercise their rights concerning their data.

Included within our privacy framework are:

Specific policies and agreements tailored to our services and platforms

Our data collection practices are meticulously designed to be relevant, necessary, and in full compliance with our service provision, as explicitly outlined in our privacy documentation. We ensure a transparent and straightforward process for our members to assert their data rights, including requests for access, correction, deletion, portability, or to dissent against the sale or sharing of their personal data:

For requests under EU or UK GDPR, click here.

For requests in compliance with the California CCPA, click here.

For all other privacy inquiries, click here.

Machintel's approach to data handling assures our clientele of a secure, lawful, and ethical engagement, reflecting our unwavering dedication to privacy and data protection standards.