Secure and private by default

We take the responsibility of helping you manage your customer data seriously. That’s why security and privacy are key focus areas for our organization and product development.

Internal Security

Data encryption

Your data is encrypted at rest and protected by TLS in transit. Your Segment password is hashed using bcrypt, and we manage our production secrets with AWS tools.

Rigorous product design

Our projects pass thorough security-design reviews, threat models, and regular pen tests using trusted security vendors. We also employ a public bug bounty for continuous assessment.

Company training

All employees are required to complete security and privacy training. In addition, engineers must complete specialized security training.

For more details on security at Segment, download our Security Overview

Product Security

Manage access to your account

Centrally manage your policies for access with Single Sign-On (SSO) on the Business plan.

Control visibility with user access levels

Control access to your Sources and Workspaces with fine-grained permissions to manage how your users interact with your data.

Password guidance

When choosing a new password, we provide visual guidance to help customers pick strong passwords that have not been exposed in security breaches on other websites.

Multi-factor authentication (MFA)

MFA provides an additional layer of security beyond your username and password. When logging into Segment, you’ll also enter a code from your mobile phone.


Since August of 2017, Segment has run a bug bounty program on the Bugcrowd platform. This program has provided tremendous value, and has improved security for both Segment and our customers. We consider our bug bounty program one of the best investments for finding and fixing existing vulnerabilities in our applications and internet-facing assets. We’ve also built productive relationships with security researchers and see some as an extension of our team. If you’ve found a vulnerability, please read the rules of our bounty brief and submit here.

Happy Hunting!

Certifications

Segment’s privacy and security framework are based on and aligned with the ISO 27000 series. We are ISO/IEC 27001:2013 certified, and we meet the requirements of ISO 27017 and ISO 27018.

Segment's commitment to data privacy

As a data processor, adhering to local regulations is only one component of our commitment to privacy. Our higher order mission is to treat you and your customers with the respect you deserve.

Data Processing Agreement

Our Data Processing Agreement (DPA) reflects the requirements of the GDPR.

Data Transfer Practices

We are certified under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks for user data transfer and storage.

Privacy by Design

Your data is yours to own. Segment never shares or sells your user data.

Privacy Policy

Our Privacy Policy honors the GDPR, EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.

Data Protection Officer

Segment has appointed a Data Protection Officer to oversee our ongoing compliance efforts.

Blogs

Hacking with a Heads Up Display

David Scrobonia on Dec 4, 2018

How We Approach Security

Coleen Coolidge, Head of Security at Segment

Any experienced security practitioner can tell you that technology and processes are just two key components of an effective security program. People are the third component. At Segment, security is everyone’s responsibility.

Coleen Coolidge

Head of Security