Profiles and GDPR
All Segment GDPR features apply to Profiles.
Segment never shares or sells user data. Profiles inherits Segment’s holistic approach to security and privacy, using 256-bit AES standard encryption to safeguard data stores both at rest and in transit.
End-user privacy and the GDPR principles informed the design of Profiles, a product powered by first-party data. Profiles integrates Segment’s existing end-user privacy features with several user rights:
- Right to Erasure
- Right to Object
- Right to Rectification
- Rights to Access and Portability
Below, learn how each of these rights protects the integrity of users and their data.
Right to Erasure
Using Segment’s platform, you can manage user deletion across all Segment products and supported Destinations. User deletion requests remove user data from all internal Segment archives and environments, including Engage audiences, within 30 days.
Right to Object
With one-click suppression, you can block data collection for specific users. Segment discontinues profile building around suppressed users and prevents them from joining future audiences.
Right to Rectification
When Segment receives new information, the platform updates user profiles and traits in both Segment and its downstream tools. Use the Profile API to confirm that an update has been processed.
Rights to Access and Portability
Identity Resolution connects information you’ve gathered about a customer into a single profile. Using the Profile API, you can provide end users with this data. You can also enable raw data integrations and warehouses to share a user’s data in a structured format.
This page was last modified: 27 Sep 2022
Questions? Problems? Need more info? Contact Segment Support for assistance!