Platform Retargeting Suppression Onboarding Integrations Pricing Blog Sign in Request Access
Security

Behavioral event data handled with precision and accountability

Segmentloom processes the behavioral event stream of your users — exactly the kind of data that carries compliance obligations. Here's specifically how we handle it.

Data handling

Encryption, retention, and deletion

Segmentloom collects only the event properties you send. We do not enrich profiles with third-party data. Here's what we do with what you give us.

Encrypted in transit (TLS 1.2+)

All data transmitted between your systems and Segmentloom uses TLS 1.2 or higher. No plain-text event ingestion.

Encrypted at rest (AES-256)

Event data, profile records, and audience configurations are stored encrypted at rest using AES-256.

Retention controls

Set per-event retention periods. When retention expires, data is deleted — not archived indefinitely. You can trigger deletion on-demand via the Deletion API.

Deletion API

Respond to data deletion requests from your users by calling our Deletion API. Profile data and associated event history are removed within 48 hours.

Compliance context

Compliance context: what we support and what we don't claim

Segmentloom is built for growth teams that may operate under US state privacy laws or GDPR-adjacent obligations. We design our architecture to support these requirements. We do not claim formal certifications we haven't completed.

Data minimization

Segmentloom processes only the event properties you explicitly send. We do not enrich or augment profiles with third-party data sources. What comes in is what we store — nothing added.

Colorado CPA support

Data subject rights requests (access, deletion, correction, portability) are supported through our API and via direct contact at [email protected].

CCPA consent signal pass-through

CCPA consent signals from your frontend are passed through to downstream ad platform syncs where technically supported by the destination API.

Important: Segmentloom is designed with Colorado CPA data minimization requirements and GDPR-adjacent obligations in mind. We do not claim GDPR or SOC 2 certification. If your compliance requirements need specific certifications, please contact us to discuss your use case.
Access controls

Access controls and audit trail

SSO-ready

SAML 2.0 single sign-on supported as an add-on on the Growth plan. Tie Segmentloom access to your existing identity provider.

Role-based access

Owner, Editor, and Viewer roles. Editors can build and sync audiences. Viewers can see audience configs and match counts without syncing.

Audience change audit log

Every audience creation, modification, and sync is timestamped and attributed to a user. Reviewable by account owners.

API key management

Rotate API keys without downtime. Keys scoped to specific permissions (write events, read profiles, trigger syncs).

Security contact

Found a vulnerability?

Please disclose responsibly. Email us at [email protected] with the subject line "Security Disclosure." We respond to all disclosures within 48 hours.

[email protected]