50

Data Compliance and Privacy

We want to help you stay in compliance with GDPR and other regulations. And, if you’re a premium customer, we can also help you maintain HIPAA compliance.

GDPR and regulatory compliance

GDPR is the EU’s General Data Protection Regulation, and provides rules for handling customer data within the EU. But, even if you don’t have customers in the EU, you may want to abide by these rules—more or less—to prepare for data privacy rules in other locations and to respect your audience’s privacy.

To help you maintain GDPR compliance, we:

1. Store and transfer data securely. Information in our North America data center does not leave North America unless you send it to a service outside the US.
2. Provide a way to suppress and remove customer information. Per GDPR and other regulations, your audience has a right to be forgotten. Should they revoke consent to data collection, you can permanently delete people and prevent the system from collecting data about them in the future.
3. Provide schemas and a record of your data, helping you understand exactly what data you’re collecting from data-in integrations and what you send on to each of your data-out integrations.

But, beyond that, you must obtain and manage consent to collect data from users of your websites and services. For example, our JavaScript client library manages user information in cookies and local storage. You should obtain consent before invoking calls from our JavaScript snippet that could identify your audience.

HIPAA compliance

Customer.io integrations are HIPAA-ready, meeting the privacy and security requirements of both the healthcare industry and your valued customers.

Contact your Customer.io representative if you’d like more information about Customer.io’s HIPAA compliance or want to sign a Business Associate Agreement (BAA) with us.

Suppressions: respecting your audience’s right to be forgotten

When people unsubscribe, they might request that you stop collecting data and delete all the data about them. When this happens, you can suppress a person’s userId to comply with their wishes. Suppressing a person:

• Ensures that you cannot send the person messages.
• Prevents integrations from collecting data for the userId or triggering integration Actions.
• Prevents integrations referencing the userId from appearing in the Data In log.
• Prevents us from replaying data to new integrations for the userId.

If a user opts into data collection later, you can unsuppress their userId, resuming data collection for that person.

Suppress a person

When a person invokes their right to object or right to erasure under GDPR or CCPA respectively, you can suppress their profile through our API or on the People page.

It may take a few minutes for us to process a suppression request.

1. Go to the People page.
2. Select the people you want to suppress.
3. Click Delete forever and toggle the option to Delete and Suppress.

   

   
4. Confirm the operation.

Unsuppress a person

If a person opts back into data collection after being previously suppressed, you can unsuppress their userId and resume data collection by sending a track event called Unsuppress Person.

For example, with our JavaScript client library, you’d send this call to unsuppress a person:

analytics.track("Unsuppress Person", {
  userId: "person-i-want-to-unsuppress"
});

Suppressions don’t affect Web integrations

Web integrations send traffic directly to a website or service from the client. Because the data doesn’t pass through Customer.io, you can still send suppressed information to Web integrations.

For example, if you suppress a person in Customer.io, you could still inadvertently send data downstream to your Meta (Facebook) Pixel integration, because the data you send to Meta doesn’t pass through Customer.io’s servers. It goes directly from your JavaScript client to Meta.

This means that you may need to implement suppressions or a blocklist in any services you connect to using a Web integration.