Respecting your users' privacy
UpdatedYou want to maintain a healthy relationship with your customers, and that means both respecting their privacy and responsibly using the data you collect.
Cookies (when using our JavaScript libraries)
Our two client-side JavaScript libraries both use cookies that make it easier to recognize your audience and use them across calls to Customer.io.
Journeys JavaScript SDK
The Journeys Web SDK sets cookies to determine whether someone is anonymous or identified. These cookies do not contain any personally identifiable information (PII).
_cioanonid: contains an anonymous ID that the tracking snippet sets automatically on a person who has not been identified yet. When you identify a person, we associate their anonymous activity (like page views) with the identified person._cioid: contains the id used when you call_cio.identifywith the tracking snippet. Once set, these cookies persist for up to 365 days or after a user clears their cache, for instance.
Data Pipelines JavaScript Source
Our Data Pipelines JavaScript client-side source can set up to five cookies depending on the methods you use and the settings you invoke when you initialize the client.
These cookies do potentially store personally identifiable info (PII) if you pass it to us—but our JavaScript snippet contains ways to set and clear cookie values so that you can sanitize client-side information. See our JavaScript Source to learn more about the cookies we set and settings determining how these cookies work.
| Cookie | Contains |
|---|---|
ajs_anonymous_id | A user’s anonymous ID, set automatically when someone visits your site. This value is used to track anonymous activity and associate anonymous activity with an identified person. |
ajs_user_id | The ID of the user, set when you identify a person. |
ajs_group_id | The ID of a group, set when you associate a person with a group. |
ajs_user_traits | Contains user traitsInformation that you know about a person, captured from identify events in Data Pipelines. Traits are analogous to attributes in Customer.io Journeys.—values associated with a person—that you set when you identify a person. |
ajs_group_traits | Contains group traits—values associated with a group—that you set when you associate a person with a group. |
Personally Identifiable Information (PII)
While Customer.io doesn’t automatically collect or store personally identifiable information (PII) on its own, you can pass this information to us—things like a person’s name, address, phone number, etc.
This information may be reasonable for your use case and the messages you send your audience, but you should limit the data you store in Customer.io to only what you’ll need to send relevant messages. This both limits your data footprint and protects your audience against potential breaches.
Limiting PII viewers in Journeys
When you add new Viewer and Author team members to your account in Customer.io, you can limit their access to personally identifiable information (PII) with the Prevent this person from viewing profile and event attributes setting.
This toggle redacts PII fields, so authors and viewers can only access the data that they need to create messages, segments, and campaigns. See Prevent team members from viewing profile and event data for more information.
Respect your users’ inboxes
Make sure that you send your audience relevant messages that they want and expect. This isn’t simply about liability: it’s better for your business if you send messages that engages your audience. In some cases, quality is better than quantity!
To this end, you can:
- Take advantage of message limits so that you don’t over-message your audience
- Make sure that your messages have clear calls to action
- Message users in the medium(s) they want to use
Unsubscribes and the right to be forgotten
When people unsubscribe from messages, they aren’t removed from your workspace. Rather, we set their attributes to indicate that they’re unsubscribed.
We have a global unsubscribe attribute, and maintain a list of unsubscribed channels as a part of our Subscription Center feature. You can override these preferences to send important messages, but, in almost every case, you should respect your audience’s subscription preferences.
If a person requests that they be forgotten, you can delete their profile from your workspace. This removes all of their data from your workspace, including their email address, and prevents you from sending them messages.
In extreme cases, when a person indicates that they never want to be messaged again, you can suppress their identifiers. This prevents you from using their identifiers in your workspace again—so even if they make themselves known to you, they won’t be added to your workspace or be eligible to receive messages.
