Security & Privacy FAQ's
🗳️ Data Management
- What integrations are available in Mathison?
- We offer HRIS and ATS integrations which are both in beta at this time.
- In the future, we may offer additional integrations and will update this page and our security documentation accordingly.
Can I see a list of employee & org data that is shared with Mathison via Integrations and their intended use?Does Mathison collect any personally identifiable information (PII)?
- ✅ Yes, please refer to the spreadsheet above for details about what Mathison requests access to, data availability by HRIS, PII, and intended use of data.
- ℹ️ Note that because HRIS data architecture is highly varied, we also request access to custom fields, also known as remote data, from certain data objects so that we can provide the best, most inclusive analytics experience possible.
- How does Mathison use employee & org data in its platform?
- See the https://docs.google.com/spreadsheets/d/1ZWqA34m0DTNJr58_JZY9WgDumPZcrFq12o1EMy-sEl4/edit?usp=drive_link document for details
- We use employee & org data to generate data visualizations that help HR, DEI, and People Leaders understand their DEI metrics like age, gender, and ethnicity by department.
- In the future, we may combine this data with other information like Inclusion & Belonging scores, Salary Information, Hiring Funnels, and other employee data to help People Leaders drive inclusive decisions and actions with data.
- Can I choose what data my org shares with Mathison via Integrations?
- 🟡 This will depend on your HRIS.
- 🟢 When setting up your integration with Mathison, most HRIS’s require you to select exactly what data to share before granting Mathison access to it.
How do I update what employee data my org shares with Mathison via Integrations?
You may update what data is shared with Mathison at any time. The exact method will depend on your HRIS, so please refer to the methods below.
Option 1: In Mathison
- Log in to Mathison as a Super Manager
- Click on your avatar at the top right, then
Org Settings - Click
Setup Integration - Follow the prompts to update your integration
- Option 2: In your HRIS (generic directions)
- Log into your HRIS as an admin
- Go to the settings page where integrations or external data sharing settings are managed such as
Integrations,API Keys,Advanced → Manage Integrations,Manage Apps,Manage external data sharing, etc. Open the Mathison App integration settings and add/remove data access
Example from HiBob
Can I customize my data or pull a custom report?Something looks wrong with my data.
- We got you. Contact your Customer Impact Manager or email support@mathison.io with details about your request or issue and a member of our product team will follow up with you.
Feel free to send redacted report examples you’d like to see in Mathison and we’ll see what we can do. Schedule a feedback session with the product team directly at the link below.
🥸 Privacy
- Is Mathison’s Dashboard & HRIS integration CCPA, CCPRA compliant or SOC2 certified?
- ✅ Our entire platform is CCPA, CCPRA compliant
- ✅ Our entire platform is SOC2, Type I certified and independently tested/reviewed
- Is Mathison’s Dashboard & HRIS integration GDPR compliant?
- 🟡 Our products are not fully GDPR-compliant at this time and not available for use outside of the US
- Who has access to employee data? Does Mathison sell employee data?
🔐 Limited Mathison Employees
We operate on the
least privileged accessprinciple, meaning Mathison employees are evaluated on a case-by-case basis and only granted the least amount of access to production employee data needed by IT admins. For example, a developer may be granted access temporarily to troubleshoot a critical issue for the duration of their task, after which their access will be revoked. Additionally, feature development is performed on sandbox data that is not derived from customer employee data, unless consent is explicitly requested and granted such as in an Early Access or Beta Program.🔐 Employer Partners (EPs), Customers
Similar to Equity Index or Action Plan data, EP Admins (or Super Managers) can control who in their org has access to aggregated & anonymized HRIS employee data that is displayed in Mathison Dashboards and can further protect this access by configuring Single Sign On (SSO) via Microsoft or Google. EP Admins may contact Mathison to request more granular access controls or SAML sign on at this time.
- Only EP Admins/Super Managers:
- have access to HRIS data displayed in the Dashboard (at this time),
- permission to setup the HRIS integration with Mathison,
- can grant other users EP Admin access.
- Only EP Admins/Super Managers:
- 🚫 External Access
- Mathison does not sell or share employee data with external partners or affiliates.
- We will anonymize and remove all individual and organizational identifying information from specific analyses or aggregated data.
- Any update or exception to these policies, such as a case study, will be shared to customers in writing and we will request consent prior to application or usage.
- Does Mathison share personally identifiable information (PII) or employee data with their employers?
- 🚫 Mathison does not share any employee PII with EPs, such as (but not limited to) email, first/last name, date of birth.
- 🚫 In the case of non-PII employee data, we commit to never sharing individual responses with employers or any other entity.
- 🚫 We take steps to ensure that non-PII data cannot be linked together in such a way that personally identifies any individual or organization.
- Does Mathison share or sell employee data to external partners or affiliates??
- Mathison does not sell or share employee data with external partners or affiliates.
- We will anonymize and remove all individual and organizational identifying information from specific analyses or aggregated data.
- Any update or exception to these policies, such as a case study, will be shared to customers in writing and we will request consent prior to application or usage.
- How does Mathison protect employee privacy?
- We take employee privacy very seriously. Mathison employs several methods to protect employee privacy including using role-based access authorization to restrict access internally to only certain vetted Mathison employees. Access is further password-protected and multi-factor authentication is required.
- Before showing employee data to employers, we take several steps to anonymize and aggregate data such that any single individual employee cannot be identified.
- Our aggregation threshold is at minimum 5 employees.
- For example, if less than 5 employees identified themselves as part of the Black community in the Sales department, we may aggregate the Black community with another community in the same department with under 5 respondents, say 2 people in the Asian community.
- This new aggregated “community” may be displayed as
Aggregated: 6 Employees from Black and/or Asian communities or Prefer Not to Answer in Salesor2% Sales Employees aggregated from Black and/or Asian communities
- We do not collect data that we do not have an explicit near or long-term need for, such as Social Security Number, Street Address, or Payroll History.
- Is there a process to request deletion of employee or organizational data?
- 🚮 Yes, please refer to our Data Deletion & Retention Policy
- Contact support@mathison.io to start this process.
- Does Mathison use employee data to train AI models?
- 🚫 No
- Any update or exception to these policies will be shared to customers in writing and consent requested prior to application.
🔐 Security
- Where is employee data stored?
- ☁️ We use Amazon Web Services as our cloud provider and host
- 🗄️ Domo is our data warehouse
- 🇺🇸 All our servers and databases are currently located in the US
- What extra steps does Mathison take to ensure data security?
- 🔏 Mathison employs several methods to protect data security including using enterprise-grade encryption, requiring multi-factor authentication and VPN to access production data, as well as regular vulnerability scanning of our databases and infrastructure.
- 📑 Please see our data security & privacy documents above or contact support@mathison.io for more information.
I have more questions. Can I speak with a technical team member?
Yes, absolutely. Contact sales@mathison.io or support@mathison.io.