Log in
Sign Up See how it works
See how it works Log in Sign Up

Segment’s Stance on Security

Secure and private by default

We take the responsibility of helping you manage your customer data seriously. That’s why security and privacy are key focus areas for our organization and product development.

Data Inventory
Data Inventory
Internal Security
Internal Security

Internal Security

Data encryption

Your data is encrypted at rest and protected by TLS in transit. Your Segment password is hashed using bcrypt, and we manage our production secrets with AWS tools.

Rigorous product design and security testing

Our projects pass thorough security-design reviews, threat models, and regular pen tests using trusted security vendors. We also employ a public bug bounty for continuous assessment.

Time-bound access

We systematically limit internal access to critical tools and resources using time-based access.

For more details on security at Segment, download our Security Overview.

Security at Segment An icon of a right chevron

Product Security

Manage access to your account

Centrally manage your policies for access with Single Sign-On (SSO) on the Business plan.

Control visibility with user access levels

Control access to your Sources and Workspaces with fine-grained permissions to manage how your users interact with your data.

System for Cross-domain Identity Management (SCIM)

SCIM allows your Identity Provider (IdP) to manage users and group membership within the Segment application.

Password guidance

When choosing a new password, we provide visual guidance to help customers pick strong passwords that have not been exposed in security breaches on other websites.

Multi-factor authentication (MFA)

MFA provides an additional layer of security beyond your username and password. When logging into Segment, you’ll also enter a code from your mobile phone.

Vulnerability Disclosure Program

Ensuring the security and integrity of the Segment platform is critical to the service we provide our customers. We are committed to delivering a secure product and greatly appreciate help from the community in responsibly identifying ways for us to improve. Our Vulnerability Disclosure Program is open to everyone—whether you're a customer, professional security researcher that does not meet the Bug Bounty Program requirements, or just someone who has discovered a potential issue. By responsibly reporting vulnerabilities in our applications or online services, you enable us to address them promptly and protect our community. While this program doesn't offer monetary rewards, your contribution is invaluable to us. If you find a vulnerability, please follow our submission guidelines to let us know.

Submit a vulnerability disclosure

Bug bounty program

 

For those interested in earning rewards for their security expertise, we offer a Bug Bounty Program through the Bugcrowd platform. This program invites experienced security researchers to identify and report vulnerabilities in our applications and internet-facing assets. Eligible findings may qualify for monetary bounties based on their severity and impact. By participating, you not only help us strengthen our security but also receive recognition and compensation for your valuable contributions. If you've discovered a vulnerability and wish to join our Bug Bounty Program, please read our bounty brief and submit your report here.

Submit a bug bounty

 

Bugcrowd
Bugcrowd

Certifications and attestations

Segment’s security and privacy program is based on and aligned with industry-standard frameworks, and we maintain a comprehensive suite of certifications and attestations to further demonstrate our commitment to security and privacy.

View documentation An icon of a outbound link arrow
ISO 27001
ISO 27001
ISO 27017
ISO 27017
ISO 27018
ISO 27018
SOC 2 Type 2
SOC 2 Type 2
HIPAA Compliant
HIPAA Compliant

Segment’s commitment to data privacy

We take the responsibility of respecting privacy seriously. Here are a few initiatives Segment is committed to:

Data Processing Agreement

Our Data Processing Agreement (DPA) reflects the requirements of the GDPR.

Data Transfer Practices

We offer Standard Contractual Clauses for compliant user data transfer and storage outside of the EU.

Privacy by Design

Your data is yours to own. Segment does not sell our customers' user data.

Privacy Policy

Our Privacy Policy honors CCPA, the GDPR, the Privacy Shield Framework.

Data Protection Officer

Segment has appointed a Data Protection Officer to oversee our ongoing compliance efforts.