This page is part of the Customer.io documentation. For the complete documentation index, see llms.txt.

38

How to manage suppressions

How it works

The Workspace suppressions page gives you a single place to review the people and email addresses that Customer.io won’t message. From here you see can which people are suppressed for GDPR compliance and remove a profile from the suppression list.

Go to > Workspace Settings > Workspace Suppressions to get started.

Email suppressions

Your email service provider (ESP) maintains a suppression list to protect your deliverability. Your ESP suppresses an email address in these circumstances:

• A message experiences a hard bounce, that is, the recipient address doesn’t exist or the recipient’s server blocked delivery.
• A person logs a spam complaint against one of your messages.
• You suppress the address through the ESP Suppression API.

Suppressions from a hard bounce or spam complaint apply to the sending domain, while suppressions made through the ESP Suppression API apply across every domain in your workspaces.

An ESP-suppressed email address only prevents the address from receiving emails; a suppressed person can still receive messages on other channels and enter campaigns.

For a full explanation, see Email suppression lists.

GDPR suppressions

When you delete and suppress a person, Customer.io suppresses all of that person’s identifiersThe attributes you use to add, modify, and target people. Each unique identifier value represents an individual person in your workspace. (such as their id and email). This is typically used to honor a “right to be forgotten” request for GDPR compliance.

When a profile’s identifiers are suppressed:

• You can’t re-add a person with the same identifiers. Any attempt to do so is ignored or returns an error.
• Activity attributed to the suppressed person is redacted. Activity logs show anonymous entries for the suppressed identifiers.

Export people suppressed for GDPR

You can export a list of the profiles you’ve suppressed for GDPR compliance. You might do this to verify that someone is on the list or to confirm a “right to be forgotten” request was honored.

1. Go to > Workspace Settings > Workspace Suppressions.
2. Export the list of suppressed people.

We provide the list as a CSV file. To protect the privacy of the people on the list, we hash suppressed ids and email addresses in the CSV using SHA-256.

To verify the hashed values against the original identifiers, you need to hash the original id or email to compare them. Alternatively, if you stored the cio_id, Customer.io’s unique identifier, elsewhere, you can directly compare this id against the one in the CSV; it’s not hashed.

Remove a profile from the GDPR suppression list

When you unsuppress a profile, its identifiers become available to use in your workspace again. If you re-add a person with the unsuppressed identifiers, Customer.io creates a new person without any of the history (messages, journeys, and so on) previously associated with those identifiers.

1. Go to > Workspace Settings > Suppressions.
2. Under GDPR suppression list removal, search by email or id.
3. Select the profile you want to remove.
4. Click Unsuppress.

You can also unsuppress identifiers programmatically with the Track API or using a semantic event through the Pipelines API.

Removing a profile from the GDPR suppression list is different from removing an email address from your ESP suppression list. When you unsuppress a profile, you free up its identifiers so you can re-add them to your workspace and send them messages; when you unsuppress an email address, the only change is that the address can receive emails again.