Adding BCR Compliance page to the Privacy docs [DOC-460] #2570
Conversation
|
✔️ Deploy Preview for segment-docs ready! 🔨 Explore the source changes: 9d9c3a7 🔍 Inspect the deploy log: https://app.netlify.com/sites/segment-docs/deploys/623213a0b71a8c0008c58f5b 😎 Browse the preview: https://deploy-preview-2570--segment-docs.netlify.app/utils/env |
Co-authored-by: pwseg <86626706+pwseg@users.noreply.github.com>
src/privacy/bcr-compliance.md
Outdated
| --- | ||
|
|
||
| In response to the passage of the General Data Protection Regulation (GDPR) policy in the European Union, Twilio implemented a set of [Binding Corporate Rules (BCRs)](https://www.twilio.com/legal/binding-corporate-rules) that inform how Segment stores, processes, and deletes personal data. To align with Twilio's BCRs, Segment introduced a new data deletion process that allows customers to remove all of their workspace data within 30 days of deleting their workspace. | ||
|
|
There was a problem hiding this comment.
Can we change final sentence to be "To align with Twilio's BCRs, Segment introduced a new data deletion process that allows customers to remove all of their users' personal data associated with their workspace 30 days of workspace deletion or written request. "
src/privacy/bcr-compliance.md
Outdated
| ### What do Twilio's Binding Corporate Rules mean for my data? | ||
|
|
||
| Twilio's BCRs inform the way your user data must be stored, processed, and deleted. While the ways Segment stores and processes user data are already in compliance with Twilio's BCRs, [additional data deletion methods](#how-can-i-delete-data-from-my-workspace) were added to comply with the ["Storage limitation"](https://www.twilio.com/legal/bcr/processor#part-ii-our-obligations) section of the Processor policy. These data deletion methods now allow you to delete the data associated with [individual users](#delete-individual-user-data), [sources](#delete-data-from-a-source), and your [workspace](#delete-your-workspace-data). | ||
|
|
There was a problem hiding this comment.
Only the BCR deletion for bulk deletion is new. We may want to update this to mention we now support of the following (source and user deletions is legacy behavior)
src/privacy/bcr-compliance.md
Outdated
| To delete the data for an individual user from you workspace, follow the instructions on the [User Deletion and Suppression](/docs/privacy/user-deletion-and-suppression) page. | ||
|
|
||
| ### Delete data from a source | ||
| To delete the data for an entire source, email the Customer Success team [(friends@segment.com)](mailto:friends@segment.com) to create a support ticket. In your email to Customer Success, include your workplace slug, the source you'd like to delete data from, and the time frame for the data you'd like to delete. |
There was a problem hiding this comment.
This type of source level deletions only removes the data from our S3 archive buckets, we may want to call that out explicitly.
There was a problem hiding this comment.
One thing we will usually have to flag whenever a customer wants to do a source-level deletion is the following:
"Due to the way in which we store data internally, source-level deletions can only be scoped as small as one day in granularity. Requests for smaller timeframes are not supported."
There was a problem hiding this comment.
One thing we will usually have to flag whenever a customer wants to do a source-level deletion is the following:
"Due to the way in which we store data internally, source-level deletions can only be scoped as small as one day in granularity. Requests for smaller timeframes are not supported."
Good callout - I've updated the docs accordingly!
src/privacy/bcr-compliance.md
Outdated
|
|
||
| 1. Open the Segment app, and select **Settings.** | ||
| 2. On the General Settings page, click the **Delete Workspace** button. | ||
| 3. Follow the prompts on the pop-up to delete your workspace. |
There was a problem hiding this comment.
Should we add that only workspace Admins can do this?
src/privacy/bcr-compliance.md
Outdated
|
|
||
| After you delete your workspace, Segment removes all data associated with your workspace within 30 days in a process called a [complete data purge](#what-is-a-complete-data-purge). For a data purge status update, email the Customer Success team [(friends@segment.com)](mailto:friends@segment.com) to create a support ticket. | ||
|
|
||
| If you do not delete your workspace after you stop using Segment, **your data remains in Segment's internal servers until you submit a written deletion request**. |
There was a problem hiding this comment.
| If you do not delete your workspace after you stop using Segment, **your data remains in Segment's internal servers until you submit a written deletion request**. | |
| If you do not delete your workspace after you stop using Segment, **your data remains in Segment's internal servers until you delete your workspace or submit a written deletion request**. |
src/privacy/bcr-compliance.md
Outdated
|
|
||
| ### What is a complete data purge? | ||
|
|
||
| A complete data purge is the mechanism Segment uses to completely remove all workspace and customer data from internal Segment servers. To trigger a complete data purge, either [delete your workspace](#how-can-i-delete-data-from-my-workspace) or raise a support ticket with the Customer Success team [(friends@segment.com)](mailto:friends@segment.com) that contains either the slug or the ID of the workspace that you'd like to delete. |
There was a problem hiding this comment.
| A complete data purge is the mechanism Segment uses to completely remove all workspace and customer data from internal Segment servers. To trigger a complete data purge, either [delete your workspace](#how-can-i-delete-data-from-my-workspace) or raise a support ticket with the Customer Success team [(friends@segment.com)](mailto:friends@segment.com) that contains either the slug or the ID of the workspace that you'd like to delete. | |
| A complete data purge is the mechanism Segment uses to completely remove all workspace and customer data from internal Segment servers across all of our product areas. To trigger a complete data purge, either [delete your workspace](#how-can-i-delete-data-from-my-workspace) or raise a support ticket with the Customer Success team [(friends@segment.com)](mailto:friends@segment.com) that contains either the slug or the ID of the workspace that you'd like to delete. Data purge deletions will not be forwarded to your connected 3rd party destinations or raw data destinations. |
There was a problem hiding this comment.
One other thing we may want to message is we wait 5 days after a workspace is deleted to kick off data purge of user data. This is to safeguard against malicious attackers. If customers notice their workspace has been deleted maliciously they should contact friends@segment.com immediately for them to file a request with engineering to cancel the request. After this 5 day grace period the data purge deletion will be irreversible.
There was a problem hiding this comment.
@briemcnally Is the grace period five business days or five calendar days?
src/privacy/bcr-compliance.md
Outdated
|
|
||
| 1. Open the Segment app, and select **Settings.** | ||
| 2. On the General Settings page, click the **Delete Workspace** button. | ||
| 3. Follow the prompts on the pop-up to delete your workspace. |
There was a problem hiding this comment.
There is also an account deletion button that will delete all workspaces associated with an account which will trigger the data purge across all those workspaces. Once logged into Segment they navigate to https://app.segment.com/settings/user, scroll to the bottom and click delete account.
There was a problem hiding this comment.
This would delete data for all workspaces that someone was a workspace admin in, correct? Or all workspaces associated with a user? @briemcnally
There was a problem hiding this comment.
Correct all workspaces that someone was a workspace admin in
|
Thank you for your contribution! Your pull request is merged, but may take a day or two to appear on the site. |
Proposed changes
Added page explaining what Binding Corporate Rules (BCRs) are, including the new workspace deletion policy designed to bring Segment in line with Twilio's BCRs.
Merge timing
On/before March 31st, when the tiered rollout ends.
Related issues (optional)
DOC-460