Legal

U.S. State Data Privacy Laws 

Revised October 2023

* Please note, the title of this document has been revised from "CCPA" to "U.S. State Data Privacy Laws"

State Data Privacy Basics

Certain states have passed data protection statutes that are designed to enhance consumer data privacy protections. Where applicable, these state data privacy statutes apply to residents of the applicable state. Certain state laws will go into effect in 2024 or 2025.

  • California Consumer Privacy Act (as amended by the California Privacy Rights Act)
  • Colorado Privacy Act
  • Connecticut Personal Data Privacy and Online Monitoring Act
  • Delaware Personal Data Privacy Act
  • Indiana Consumer Protection Act
  • Iowa Data Protection Act
  • Montana Consumer Data Privacy Act
  • Oregon Consumer Privacy Act
  • Virginia Consumer Data Protection Act
  • Tennessee Information Protection Act
  • Texas Data Privacy and Security Act

How does Customer.io comply with US State Data Privacy Laws?

We understand that state data privacy laws continue to evolve. Each year, new states pass data protection laws or add or amend regulations applicable to current data protection laws. At Customer.io, we review our data collection and processing practices regularly. In addition, we:

  • Make our data protection addendum a part of every customer’s contract with Customer.io
  • We have a comprehensive written information security policy and program
  • We do not sell customer data
  • We share customer data with subprocessors, and ensure that our subprocessors contractually agree to comply with applicable data protection law
  • We undergo an annual SOC2 Type 2 audit of our controls related to confidentiality, security, availability and integrity
  • We have internal processes in place that allow us to respond to data subject requests

Data Processing Addendum

[@portabletext/react] Unknown block type "block", specify a component for it in the `components.types` prop

How can you exercise your rights under state data privacy laws?

Each state may provide different data protection rights to residents of their state.

[@portabletext/react] Unknown block type "block", specify a component for it in the `components.types` prop
[@portabletext/react] Unknown block type "block", specify a component for it in the `components.types` prop

We aim to help companies create better customer experiences with relevant communication and that requires the fair and secure use of personal data that was given with full consent and transparency.

[@portabletext/react] Unknown block type "block", specify a component for it in the `components.types` prop