Data Compliance and Privacy

We want to help you stay in compliance with GDPR and other regulations. And, if you’re a premium customer, we can also help you maintain HIPAA compliance.

Here’s a brief run-down of active privacy controls and GDPR suppression in Customer.io.

GDPR and regulatory compliance

GDPR is the EU’s General Data Protection Regulation, and provides rules for handling customer data within the EU. But, even if you don’t have customers in the EU, you may want to abide by these rules—more or less—to prepare for data privacy rules in other locations and to respect your audience’s privacy.

To help you maintain GDPR compliance, we:

  1. Store and transfer data securely. Information in our North America data center does not leave North America unless you send it to a destination outside the US.
  2. Provide a way to suppress and remove customer information from Data Pipelines. Per GDPR and other regulations, your audience has a right to be forgotten. Should they revoke consent to data collection, you can suppress and remove users entirely.
  3. Provide schemas and a record of your data, helping you understand exactly what data you’re collecting from sources and what you send on to each destination.

But, beyond that, you must obtain and manage consent to collect data from users of your websites and services. For example, Data Pipelines JavaScript source manages user information in cookies and local storage. You should obtain consent before invoking calls from our JavaScript snippet that could identify your audience.

HIPAA compliance

Data Pipelines are HIPAA-ready, meeting the privacy and security requirements for the healthcare industry. If you’re on a premium or enterprise plan with Customer.io, should talk to your customer success representative about HIPAA compliance.

Regardless of HIPAA compliance, you should not store sensitive, plain-text information in Customer.io.

Suppressions: respecting your audience’s right to be forgotten

When people unsubscribe, they might request that you stop collecting data and delete all the data about them. When this happens, you can suppress a person’s userId to comply with your their wishes. Suppressing a userId:

  • Prevents sources from collecting data for the userId or triggering destination Actions.
  • Prevents source calls referencing the userId from appearing in the Data In log.
  • Prevents us from replaying data to new destinations for the userId.

If a user opts into data collection later, you can unsuppress their userId, resuming data collection for that person.

 Wait to collect data until you have unambiguous consent

The ability to suppress users is not a substitute for user consent to collect data. You should not identify your users or collect un-anonymized data until your audience opts into data collection. This isn’t just a way to abide by various regulations; it’s a way to maintain your audience’s trust.

Suppress a person

When a person invokes their right to object or right to erasure under GDPR or CCPA respectively, you can suppress their userId. It may take a few minutes for us to process the request.

  1. In the Data Pipelines tab, go to Privacy.
  2. Click Suppress new userId and enter the userId you want to suppress.
  3. Click Suppress user.
    enter the ID of the person you want to suppress
    enter the ID of the person you want to suppress

 This doesn’t suppress people in Customer.io Journeys!

If you suppress people in Data Pipelines, they may still have data available in Customer.io Journeys. If you send people messages, you’ll need to suppress people in Journeys to fully comply with your audience’s data privacy requests.

Unsuppress a person

If a person opts back into data collection after being previously suppressed, you can unsuppress their userId and resume data collection.

  1. In the Data Pipelines tab, go to Privacy.
  2. Find the user you want to unsuppress and click to remove their entry in the suppression list.
Copied to clipboard!
  Contents
Is this page helpful?