Redpoint Best Practices Documentation
Redpoint Best Practices Documentation
Breadcrumbs

Privacy, compliance & trust

Introduction

Organizations must not only harness the power of customer data but also to do so in a way that prioritizes privacy, compliance, and trust. As regulatory requirements such as GDPR and CCPA evolve and consumer expectations for data transparency rise, businesses must adopt solutions that embed these principles at every level. This document outlines Redpoint’s comprehensive approach to supporting privacy, compliance, and trust within its Customer Data Readiness Hub. By integrating robust security measures, automated compliance workflows, and transparent consent management, Redpoint empowers organizations to deliver personalized and compliant customer experiences, ensuring data is always protected, governed, and ready for action.

Data protection: security by design

Redpoint’s platform is architected with a comprehensive array of robust security controls and recognized industry certifications, all aimed at ensuring that customer data is safeguarded at every conceivable stage of its lifecycle. This commitment to security is fundamental to our operations and reflects our dedication to maintaining the highest standards of data protection.

  • Encryption: All customer data is subject to encryption protocols both when it is at rest and while it is in transit. This encryption leverages a secure cloud infrastructure that includes reputable providers such as Azure, AWS, GCP, and Snowflake. These platforms are not only reliable but also certified for compliance with stringent standards such as ISO 27001, SOC 2 Type 2, and HIPAA. Furthermore, the processes surrounding data retention and processing are governed by strict contractual safeguards, including Data Processing Agreements (DPAs) with all subprocessors, ensuring that data handling practices are consistently monitored and regulated.

  • Access controls: To further enhance security, we implement role-based access controls and resource groups that effectively restrict data visibility exclusively to authorized users. This strategic approach minimizes the risk of unauthorized exposure, ensuring that sensitive information is only accessible to those who have been granted the appropriate permissions.

  • Auditability: Our platform includes comprehensive audit logs that track all instances of data access, modifications, and exports. This feature supports transparency and facilitates regulatory reporting, allowing us to demonstrate compliance with various legal and industry standards.

  • Infrastructure: Redpoint’s multi-cloud deployment options provide the flexibility to host data in either a single region or across international locations. This adaptability is crucial for meeting the diverse compliance needs of our global clientele, ensuring that we can accommodate various regulatory requirements while maintaining the integrity and security of customer data.

Compliance: operationalizing privacy regulations (GDPR, CCPA, etc.)

Redpoint’s solutions help organizations adhere to significant privacy frameworks, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), among others. These frameworks protect consumer privacy and ensure that organizations handle personal data responsibly.

  • Automated subject rights fulfillment: The platform’s automated workflows efficiently manage Data Subject Access Requests (DSARs). These requests encompass various rights that individuals have, including the right to access their data, the right to deletion—commonly referred to as the “right to be forgotten”—and the right to correction of their personal information. The workflows provided by Redpoint are not only configurable to meet the needs of each organization but are also fully auditable. This ensures that all requests are fulfilled in a timely and accurate manner, thereby enhancing compliance and trust.

  • Data masking & purging: In alignment with regulatory requirements and client preferences, Redpoint enables the masking or purging of personally identifiable information (PII). This capability preserves essential business data while simultaneously protecting individual privacy. Data retention and automated purging rules can be defined and implemented within the platform to support compliance requirements. By implementing these practices, organizations can mitigate the risk of data breaches and ensure that sensitive information is handled with the utmost care.

  • Consent & policy metadata: To support granular compliance and facilitate comprehensive reporting, every data element processed within the platform is precisely tagged with metadata. This metadata captures critical information regarding consent status, data lineage, and auditability. Such detailed tracking helps organizations demonstrate compliance with privacy regulations and maintain transparency with their customers.

  • Consent-aware identity resolution: The identity resolution processes employed by Redpoint are consent-aware. This means that customer preferences play a direct role in governing how data is matched, unified, and activated. By prioritizing consent in these processes, organizations can ensure that they respect individual choices regarding their personal information, thereby fostering a culture of privacy and trust.

Redpoint’s approach to consent management is both comprehensive and transparent, ensuring that organizations can effectively capture and manage customer permissions in a way that builds trust and complies with regulations across all points of engagement. Because consent extends beyond communication preferences and into the ways that organizations are permitted to use customer data for processes such as training AI, consent must be captured and maintained accurately and surfaced to all of the downstream systems that ultimately consume customer data.

  • Consent capture: At every customer interaction point, whether it be through web forms, mobile applications, or call centers, Redpoint diligently captures opt-in and opt-out permissions. This information is then securely stored as an integral part of the unified customer profile, allowing for a holistic view of customer consent across various channels.

  • Integration with Consent Management Systems (CMS): Redpoint supports integration with leading Consent Management Systems (CMS), such as OneTrust, PossibleNow and TrustArc. This integration is facilitated through real-time APIs as well as batch processes, ensuring that the most up-to-date consent status is always accessible and rigorously enforced across all platforms.

  • Preference management: The management of customers’ communication preferences, along with adherence to regional policy requirements, is handled centrally, ensuring that only data that has been explicitly permitted by the customer is used for engagement purposes, thereby respecting their choices and enhancing their experience.

  • Real-time updates: Through the use of APIs and event-driven workflows, Redpoint enables real-time updates to consent status. This means that any changes made by customers regarding their consent preferences are immediately reflected across all systems, ensuring that the organization is always operating with the most current information.

  • Audit trails: To maintain transparency and accountability, all changes to consent are logged. This logging provides a complete history of consent modifications, which is necessary for compliance audits and can also be invaluable for addressing customer inquiries regarding their data preferences.

Redpoint’s consent management framework facilitates the capture and management of opt-in and opt-out permissions and also reinforces a commitment to transparency and compliance, ultimately fostering a stronger relationship between organizations and their customers.

Leveraging permissions in engagement activities

Redpoint proactively ensures that all engagement activities are aligned with the permissions that have been captured from customers, maintaining trust and compliance.

  • Segmentation & personalization: The platform guarantees that only those customers who have explicitly provided their consent are included in targeted segments for personalized marketing campaigns and personalized operational customer journeys. This practice not only adheres to legal requirements but also enhances the relevance of communications, thereby improving customer engagement.

  • Activation controls: Redpoint implements robust activation controls that enforce frequency caps and respect channel preferences. This means that communications are compliant with regulatory requirements and honor the individual preferences of each customer, ensuring that they receive information in a manner that suits them best.

  • Data governance: The platform is equipped with governance-ready metadata and policy-driven workflows. These features ensure that all engagement activities are compliant by design, providing a strong framework for data management and protection.

  • Transparency: Redpoint prioritizes transparency by informing customers about how their data is used. This commitment to openness allows organizations to demonstrate compliance through detailed reporting and comprehensive audit logs, fostering a sense of security and trust among customers regarding their personal information.

Continuous data readiness and governance

Redpoint’s comprehensive methodology for ensuring customer data readiness is constructed upon six fundamental pillars: data must be accurate, complete, timely, actionable, trusted, and compliant with relevant regulations and standards. The result of this process enables organizations to operate with agility to create new data products in support of their business. Achieving this high standard of data readiness is accomplished through a series of strategic approaches and technologies:

  • Automated data quality: The processes of cleansing, standardization, and validation of data right at the point of ingestion. By automating these processes, Redpoint ensures that the data entering the system is of the highest quality, free from errors, and formatted consistently, which is necessary for reliable analysis and decision-making.

  • Advanced identity resolution: Redpoint’s identity matching is consent-aware, explainable, and governed. The identity resolution process respects user consent and provides transparency in how identities are matched, ensuring that the data used is both ethical and accountable.

  • Real-time data processing: The ability to process data in real-time allows for immediate updates and activation, delivering personalized experiences as they happen. This capability enables businesses to respond swiftly to customer interactions and preferences, enhancing engagement and satisfaction.

  • Metadata-driven governance: Each data element within the system is accompanied by comprehensive metadata that provides information about lineage, consent, and auditability. This metadata ensures that organizations can track the origin and usage of their data, maintain compliance with regulations, and uphold trust with their customers.

Conclusion

Through these structured approaches, Redpoint not only enhances the readiness of customer data but also reinforces the governance framework necessary for responsible data management.