Knowledge Base

BlueConic Data Security and Privacy Overview

Built with a privacy-by-design philosophy, the BlueConic CDP offers robust data security and privacy features to ensure the utmost protection of your customer data. This article outlines everything you need to know about these features, as well as the specific measures we provide to help you adhere to privacy legislation around the world.

Note: The information below does not serve as legal advice for your own data security, privacy, or consent purposes.

Security and privacy solutions in BlueConic

All data stored in the BlueConic CDP belongs to the customer. (BlueConic processes that data on behalf of the customer.) To ensure that each BlueConic customer manages and collects data in the most responsible, beneficial way possible, we have built various security and privacy solutions right into the platform. These solutions are described in detail below, with examples throughout for better understanding.

Privacy and consent management for multiple legislation zones

BlueConic supports privacy legislation worldwide to help you better understand and comply with the regulations specific to regions around the world (i.e., legislation zones). For instance, the GDPR in Europe has extensive guidelines requiring that companies clearly explain the specific data they’ll be processing for individuals and what that data will be used for.

With BlueConic, you can manage privacy and consent for one or multiple legislation zones in your system, as shown below:

  • Argentina (PDPL)
  • Australia (Privacy Act)
  • Brazil (LGPD)
  • Canada (PIPEDA)
  • Europe (GDPR)
  • Israel (PPL)
  • Japan (APPI)
  • New Zealand (Privacy Act 2020)
  • People's Republic of China (PIPL)
  • Peru (PDPL)
  • Switzerland (DPA)
  • United Kingdom (UK GDPR)
  • US - California (CCPA/CCRA)
  • US - Colorado (SB190)
  • US - Nevada (SB220)
  • US - New York (NYPA)
  • US - Virginia (SB1392)
  • Rest of the World (labeled Whole World when no other zones are selected)

Privacy settings for legislation zones

On the Privacy settings page in BlueConic (BlueConic Settings > Privacy), you can specify any of the legislation zones above that you need to support, or select the "Rest of the World" (or "Whole World") option to set up one approach for the entire world. Any zones you enable here will be available for selection whenever you create or edit consent management objectives in BlueConic, as discussed in the next section.

security_privacy_legislation_zones.jpg

For instance, if your customers are covered by the Europe, United Kingdom, and California legislative zones, and you enable those zones on the Privacy settings page, “Europe (GDPR),” “United Kingdom (UK GDPR),” and “US - California (CCPA)” will be listed as selectable options next to “Require consent” on all individual objective pages.

Consent objectives

BlueConic uses consent objectives to manage consent for BlueConic features that help you build unified profiles, such as connections for integrating your data sources and listeners that gather customer data. This ensures that the connection or listener, for example, only applies to customers who have consented to its use. Objectives are configurable and can hold one or more objects (e.g., connections, lifecycles, AI notebooks, and so on).

When creating or editing an objective, you can specify the legislation zones that govern it. And when you select one or more zones for an objective, all consumers from those zones will be asked to provide consent for that objective.

security_privacy_objective_zones.jpg

As outlined in the section above, only legislation zones enabled from the Privacy settings page appear as selectable options for individual objectives.

Note: All consent management functions in BlueConic are also accessible using the server-side API.

Opt-in and opt-out legislation zones

When you enable a legislation zone from the Privacy settings page, you can designate that zone as either opt-in or opt-out when that zone is selected for an objective. The consent provided by each visitor within that zone determines whether that objective is met:

  • Opt-in: For visitors within an opt-in zone, an objective will be executed ONLY if the visitor consents to that objective (not if they refuse consent or do not make a selection).
  • Opt-out: For visitors within an opt-out zone, an objective will be executed UNLESS the visitor explicitly refuses consent to that objective.

security_privacy_opt_in.jpg

Notes:

  • When you designate a zone as either opt-in or opt-out from the Privacy settings page, that designation is attached to that zone on ALL objectives. You cannot add a zone to one objective as opt-in and another objective as opt-out.
  • You can only configure this designation from the Privacy settings page, not from individual objective pages.

Consumer data rights

BlueConic helps you manage your customers’ and visitors’ data privacy rights and control over the personal data that you collect about them. This includes:

  • Data portability: BlueConic provides a data portability module that allows you to display all profile data contained within an individual’s profile to that specific person. (Note: GDPR requires that companies make it possible for individuals to request a copy of their profile; the company must then provide all contained data and information in a portable format.)
  • Right to rectification: With BlueConic, you can create forms on your website where consumers can request that certain pieces of their profile and associated pieces of data be corrected or changed. In the backend, BlueConic also provides a profile viewer so marketers and other authorized employees can go into an individual’s profile and easily make those requested changes.
  • Right to erasure: If a consumer wants all data collected on them to be deleted, BlueConic allows you to easily delete their profile and the associated cookie on the front end.

Data storage and hosting

Data in your platform is stored in an Amazon Web Services geographic location of your choosing (e.g., Dublin, Ireland - Europe; Virginia - United States; Singapore or Australia - Asia-Pacific). All data hosted in your selected location stays within that region. For example, data hosted in the Ireland service center does not leave Europe.

Further reading on privacy and consent management

PII data sensitivity and control

BlueConic provides various data visibility settings for customer data stored in unified profiles in BlueConic. When you set up profile properties, groups, and Timeline events in the platform, you can specify which ones are unique identifiers and whether those items contain PII (personally identifiable information) or non-PII data.

For instance, when adding a new profile property (via More… > Properties > Profiles), checking the “Is unique identifier” box makes this property a unique identifier with automatic PII data sensitivity.

security_privacy_unique_id_checked.jpg

When the “Is unique identifier” box is unchecked, you can set the property's data sensitivity to either PII or Non-PII.

security_privacy_unique_id_unchecked.jpg

Notes:

  • You can always change the data sensitivity of a profile property from Non-PII to PII. You only can change it from PII to Non-PII if there is no value yet for that property on any profile.
  • The "Create new profile when identifier changes" setting, which opens when the property is designated as a unique identifier, is used to prevent potential profile hijacking, as discussed below.

Role-based access control

Access to customer data and PII within the platform is controlled by each user’s specific role in BlueConic, such as Content Manager, Data Scientist, Online Marketer, and so on. (A user can be assigned to one or more roles, and you can create custom user roles for your BlueConic implementation.) As such, you can determine which roles have access to PII within BlueConic, and you can quickly enable or disable PII per user role via the Roles page (BlueConic Settings > Roles).

security_privacy_PII_content_manager_role.jpg

Tip: Add a custom user role in your system for your Data Protection Officer (DPO). This role would have powerful privacy capabilities, including the ability to view individual profiles and their PII. For more information, reach out to your BlueConic Customer Success Manager.

Note: BlueConic also offers domain-based permissions (i.e., edit rights for individual users for specific domains in your system), which is outlined in more detail below.

Further reading on PII data sensitivity and control

Profile data privacy and protection

As mentioned above, BlueConic offers role-based permissions and access to customer data within the platform, and this includes unified profiles. On each unified profile in BlueConic, users with the appropriate permissions can view the privacy settings in place for that individual through the Profile privacy management tab. This tab includes the person’s:

  • Legislation zone
  • Permission level (i.e., the level of online privacy for that profile, either Level 0 [do not track], Level 1 [anonymous], or Level 2 [personal])
  • Objectives they have consented to
  • Objectives they have refused
  • Privacy event logs (i.e., the dates/times of all privacy-related events for this profile, such as Consented Objective: Optimize website experience, 6/12/2018, 3:31 p.m.)

Only users in a role with appropriate profile-editing permission can make edits to this Profile privacy tab, such as changing the person’s legislation zone and manually adding consented-to and refused objectives.

Note: Permission level is a deprecated feature. BlueConic advises customers to leave this setting at Level 2 for all profiles, whereby the system will store personal data and preferences, and to use Objectives to regulate their consent.

Tip: Following the principle of least privilege, always err on the side of caution and try to remove users, roles, channels, and other permissions as much as possible.

Precautions for profile cleanup and merging

BlueConic also protects your profile data by providing safeguards when purging and merging profiles. Profile cleanup (i.e., purging) and profile merging, both available through the BlueConic Settings menu, can help you eliminate duplicate or less relevant profiles and keep your database organized; they can also help you comply with data retention requirements in different privacy laws.

However, since these tools are activated through defined rules that are irreversible (and apply to both current and future profiles), precautions are in place to avoid mistakes and unintended profile data loss, such as:

  • For profile cleanup rules:
    • Only users with access to the General page (BlueConic Settings > General) can view, edit, or create these rules.
    • A checkbox is included for each cleanup rule to prevent that rule from purging identifiable profiles (i.e., profiles containing a value for a property marked as a unique identifier).
    • If the number of customer profiles affected by the rule is more than 1 percent of the total number of profiles, both the number of affected profiles and percentage of total profiles that display on the right will turn red. This warns you that the rule will affect a significant number of profiles.
  • For all profile merges, BlueConic imposes:
    • A limit of 24 lookups to check if a profile must merge with another existing profile.
    • A limit of 1,000 merges for a single profile.
    • A four-character minimum for any profile property value used in a merge rule.
    • A maximum of 20 matching profiles for a merge to take place.

Timeline event priority and retention

BlueConic also provides settings for Timeline events to ensure clean event data on profiles and avoid unintended data loss. Each Timeline event type in BlueConic has a priority level (low or high) that is used when events need to be purged; high-priority events are less likely to be purged than low-priority events. In addition, you can set custom retention periods for a Timeline event type to specify how long events of this type should be stored on the profile timeline.

Profile hijacking prevention

When adding or editing a profile property, if you check the “Is unique identifier” box, another checkbox—“Create new profile when identifier changes"—opens underneath to prevent potential profile hijacking (i.e., when attackers gain unauthorized access to an individual's profile). Checking this box ensures that whenever a new value is set for this property, the visitor will switch to a new profile.

Further reading on profile data privacy and protection

Platform access and security

Since BlueConic manages data on behalf of our customers, we have several policies in place to protect that information. For example, if a customer requests that its tenant be removed, BlueConic will remove all data within one month and, if needed, send that customer a copy of everything.

Note: Data can be removed earlier by request.

BlueConic also has security measures to prevent unauthorized access to any customer platform. For instance, you can restrict access to the BlueConic management UI and API to a certain range of IP addresses (e.g., your company network) through the General page (BlueConic Settings > General).

Single sign-on (SSO)

In terms of login access to your tenant, BlueConic offers single sign-on (SSO) capabilities so you can control access to your BlueConic environment through your own site. (SSO identity providers such as OKTA and OneLogin let end users log in once and gain access to multiple applications.) Once you enable SSO for BlueConic, all your BlueConic users must log in via your SSO provider to access your tenant.

Two-step authentication

If you do not use an SSO provider, BlueConic ensures that logging in through our native login page is secure using a two-step process to authenticate users and grant them access to the platform. The first step of the authentication process requires a valid username and password; the second step requires a unique verification code.

Domain-based access control

Unlike role-based permissions, which define what parts of BlueConic a user is allowed to access, domain-based permissions in BlueConic determine which items in the platform an individual user has write access to. The domain-based permission can be different for each individual user (whereas in role-based permissions, all users assigned to the same role have access to the same parts of BlueConic).

The items in BlueConic that are protected by domain-based edit rights include segments, dialogues, dialogue variants or optimizers, and channels.

SIEM integration

To monitor and detect security events, you can connect BlueConic to a security information and event management (SIEM) system. Using the Audit Event API, a SIEM system can query BlueConic events. 

Further reading on platform access and security

Next steps to learn more

The BlueConic Knowledge Base (KB) includes an entire section on Security and Privacy featuring many in-depth articles covering the topics above, as well as additional areas of importance. As a next step, visit this page to examine all our security and privacy content, or simply focus on articles pertaining to a particular topic of interest. A small sample of articles in the Security and Privacy section of the KB is listed below.

Administering BlueConic

Privacy

Security

Troubleshooting and Maintenance

Note: Articles related to objectives, profiles, and other objects in BlueConic are accessible in the How To’s section of the KB.