diff --git a/src/_data/privacy.yml b/src/_data/privacy.yml index e03789d66c..be80df6fd2 100644 --- a/src/_data/privacy.yml +++ b/src/_data/privacy.yml @@ -3,22 +3,48 @@ sections: section_col: 6 section: - name: Detect and classify customer data - description: "The Privacy Portal helps automate preparing for new privacy regulations." + description: "The Privacy Portal helps streamline your response to new privacy regulations." path: /privacy/portal/ icon: media/classify.svg - name: Control what data you collect - description: "Take control over whether specific data is allowed to enter Segment" + description: "Take control of the data that enters your workspace." path: /privacy/data-controls/ icon: media/control.svg -- section_title: Prepare for GDPR & CCPA +- section_title: Respect your end user's consent preferences + section_col: 4 + section: + - name: Consent in Segment Connections + description: "Manage end user consent in your downstream tools with Consent Management." + path: /privacy/consent-management/consent-in-segment-connections/ + - name: Consent in Reverse ETL + description: "Enforce consent preferences stored in your data warehouse." + path: /privacy/consent-management/consent-in-retl/ + - name: Consent stored on the Profile + description: "Create Audiences of users based on consent status." + path: /docs/privacy/consent-management/consent-in-unify/ + +- section_title: Delete user and workspace data + section_col: 4 + section: + - name: Delete and suppress data about end users + description: "Comply with GDPR and CCPA by deleting information from Segment about your company's end users." + path: /privacy/user-deletion-and-suppression/ + - name: Delete data from sources, a Unify space, or your entire workspace + description: "Remove all data from a source, a Unify space, or a workspace." + path: /privacy/account-deletion/ + - name: Data Deletion and Retention Policy + description: "Manage your data accurately, efficiently, and securely within clearly defined retention periods." + path: /privacy/data-retention-policy/ + +- section_title: Tools to comply with privacy regulations section_col: 6 section: - - name: Understand and Comply with regulations - description: "Segment is committed to making it easier for you to comply with the GDPR." - path: /privacy/complying-with-the-gdpr/ + - name: HIPAA-Eligible Segment + icon: media/database-star.svg + description: "Segment is a HIPAA eligible platform, and meets the data privacy and security requirements of healthcare customers and their stakeholders." + path: /privacy/hipaa-eligible-segment/ + - name: Complying with the GDPR icon: media/comply.svg - - name: Delete and suppress data about end-users - description: "Easily remove your company's end-users from Segment and supported connections." - path: /privacy/user-deletion-and-suppression/ - icon: media/delete.svg + description: "Learn more about the tools and strategies you can use to maintain GDPR compliance." + path: /privacy/hipaa-eligible-segment/ \ No newline at end of file diff --git a/src/_data/sidenav/main.yml b/src/_data/sidenav/main.yml index 43d04ab97e..4151888a64 100644 --- a/src/_data/sidenav/main.yml +++ b/src/_data/sidenav/main.yml @@ -587,23 +587,13 @@ sections: title: Privacy Overview - section_title: Privacy Portal slug: protocols/portal - expanded: true section: - path: /privacy/portal title: Detect PII - path: /privacy/data-controls title: Data Controls and Alerts - - section_title: GDPR - slug: protocols/complying-with-the-gdpr - expanded: true - section: - - path: /privacy/complying-with-the-gdpr - title: Complying With GDPR - - path: /privacy/user-deletion-and-suppression - title: User Deletion and Suppression - section_title: Consent Management slug: privacy/consent-management - expanded: true section: - path: /privacy/consent-management title: Consent Management Overview @@ -617,10 +607,17 @@ sections: title: Consent in Reverse ETL - path: /privacy/consent-management/consent-faq title: Consent FAQs + - section_title: Deletion and Suppression + slug: privacy/user-deletion-and-suppression + section: + - path: /privacy/user-deletion-and-suppression + title: User Deletion and Suppression + - path: /privacy/account-deletion + title: Account & Data Deletion - path: /privacy/data-retention-policy title: Data Retention and Deletion Policy - - path: /privacy/account-deletion - title: Account & Data Deletion + - path: /privacy/complying-with-the-gdpr + title: Complying With GDPR - path: /privacy/hipaa-eligible-segment title: HIPAA Eligible Segment - path: /privacy/faq diff --git a/src/privacy/user-deletion-and-suppression.md b/src/privacy/user-deletion-and-suppression.md index 9ca47c665a..6f056051c0 100644 --- a/src/privacy/user-deletion-and-suppression.md +++ b/src/privacy/user-deletion-and-suppression.md @@ -14,22 +14,32 @@ All deletion and suppression actions in Segment are asynchronous and categorized - Your Segment Workspace (Settings > End User Privacy) - [Segment's Public API](https://docs.segmentapis.com/tag/Deletion-and-Suppression){:target="_blank"}. You can delete up to 5000 `userId`s per call using the Public API. -With Regulations, you can issue a single request to delete and suppress data about a user by `userId`. Segment scopes Regulations to all sources in your workspace. +With Regulations, you can issue a single request to delete and suppress data about a user by `userId`. Segment scopes Regulations to all sources in your workspace. > warning "Data sent to device-mode destinations cannot be suppressed" -> Destinations set up in device mode are sent directly to destinations and bypass the point in the pipeline where Segment suppresses events. +> Destinations set up in device mode are sent directly to destinations and bypass the point in the pipeline where Segment suppresses events. -The following regulation types are available: +Segment has 2 types of Regulations: +- **Segment-only Regulations**: These Regulations *only* delete or suppress data about your user from internal Segment systems. +- **Segment & Destination Regulations**: These Regulations delete user data from internal Segment systems and then forward a deletion request to any connected destinations that support programmatic deletion. For a list of destination that support programmatic deletion, see [Which destinations can I send deletion requests to?](/docs/privacy/faq/#which-destinations-can-i-send-deletion-requests-to). + +While both Regulation types are limited to 110,000 users every calendar month, you can temporarily increase your rate limit for Segment-only Regulations. To send more than 110,000 Segment-only Regulations over a 30 day period, [contact Segment Support](https://segment.com/help/contact/){:target="_blank"}. + +### Segment-only Regulations +The following Segment-only Regulation types are available: - **SUPPRESS_WITH_DELETE_INTERNAL*:** Suppress new data and delete from Segment internal systems only - **DELETE_INTERNAL*:** Delete data from Segment internal systems only - **SUPPRESS_ONLY***: Suppress new data without deleting existing data - **UNSUPPRESS*:** Stop an ongoing suppression + +### Segment & Destination Regulations + +The following Segment & Destination Regulations are available: + - **SUPPRESS_WITH_DELETE:** Suppress new data and delete existing data - **DELETE_ONLY:** Delete existing data without suppressing any new data -> info "All regulations are rate limited to 110,000 users within a 30-day period" -> To send more than 110,000 `SUPPRESS_ONLY`, `UNSUPRESS`, `DELETE_INTERNAL` and/or `SUPPRESS_WITH_DELETE_INTERNAL` Regulations over a 30 day period, [contact Segment Support](https://segment.com/help/contact/){:target="_blank"}. ## Deletion Support @@ -47,13 +57,23 @@ Warehouse deletions occur using a DML run against your cluster or instance. Segm -#### Deletion requests tab +### Deletion requests tab + +The deletion requests tab shows a 30-day overview of your deletions pipeline, including a Regulations usage tracker and a deletion requests status table. + +To navigate to the deletion requests tab, open the Segment app and navigate to **Privacy > Deletion and Suppression > Deletion**. + +#### Regulations usage tracker + +The usage tracker on the deletion requests tab shows you how many Segment & destination Regulations and how many Segment-only Regulations you have remaining for the calendar month. + +#### Deletion requests status -The deletion requests tab shows a log of all regulations and their status. +The deletion requests status table allows you to see the status of each of the Regulations that you've submitted, including if the Regulation was forwarded to your destinations, the deletion type, the date the Regulation was received, and the date the Regulation was completed. -In the Segment App (Settings > End User Privacy > Deletion Requests), you can click a `userId` to view its status in Segment internal systems and in the connected destinations. +If you need to verify if information about a specific user was deleted or suppressed, you can search for a `userId` to view its status in Segment internal systems and in the connected destinations. -The deletion request can have one of the following statuses: +A deletion request can have one of the following statuses: 1. `INITIALIZED` 2. `INVALID` @@ -65,9 +85,9 @@ The deletion request can have one of the following statuses: When checking the status of deletion requests using Segment's API, the deletion will report an overall status of all of the deletion processes. As a result, Segment returns a `FAILED` status because of a failure on an unsupported destination, even if the deletion from the Segment Internal Systems and supported destinations were completed successfully. -#### Deletion request SLA +### Deletion request SLA -Segment has a 30-day SLA for completing deletion requests in Segment's internal stores for deletion requests of fewer than 110,000 users made over 30 days. Your requests will be rate limited if you submit more than 110,000 deletion requests within 30 days. +Segment has a 30-day SLA for completing deletion requests in Segment's internal stores for deletion requests of fewer than 110,000 users made over a calendar month. Your requests will be rate limited if you submit more than 110,000 deletion requests in a calendar month. > warning "This 30-day SLA is limited to only Segment's internal stores" > Segment cannot guarantee that deletions in your Amazon S3 instance, your connected data warehouse, or other third-party destinations will be completed during that 30-day period.