Best Practices

Keeping Data Private with the Composable CDP

Sean Lynch
Sean Lynch April 05, 2024

Sean is co-founder and Chief Product Officer (CPO) at Census. He loves enabling data-driven organizations, so he's energized by introducing the world to Data Activation. San Francisco, California, United States

One of the benefits of composing your Customer Data Platform on your data warehouse is enforcing and maintaining strong controls over how, where, and to whom your data is exposed.

Rather that creating a separate data silo for marketing purposes, the Composable CDP approach enables companies to keep their data within their perimeter and control access. The apps in the composable ecosystem take advantage of the privacy controls that data warehouses provide and complement it with their own. As an owner or manager of the data stack, it’s critical to understand the tools available to you to keep data where it’s meant to be.

So here’s a rule of thumb to start:

  • Data Warehouse controls what data to share
  • Census controls who can see the data, and/or activate it

Data Warehouse: Security Controls

Though cloud data warehouses have risen to prominence only within the last decade, they’re built on the fundamentals of relational databases that span all of modern computing. And with that comes an extremely rich set of security controls.

As anyone has ever connected to a database knows, you’ll need a username and password. Modern data warehouses build on this history by offering a rich set of controls for granting permissions to users and roles on entire databases, schemas, or even individual tables. They take care of the complexity of verifying those security controls through queries of any level of complexity.

Census is built to take advantage of the data warehouse's robust security, privacy, and governance capabilities. You can set up a user and role that grants Census exactly the level of access to a data warehouse that is necessary and no more. The user and role can be updated to add or remove resources at any point, and Census responds as necessary.

You can combine separate warehouse users with Census Workspaces and Access Controls to limit the datasets available to individual teams. For example, you might want to give Sales Ops teams detailed access to pipeline and account information in your CRM, without the ability to overwrite marketing leads.

You can even provide more fine-grained controls, removing certain columns or taking advantage of row-level security capabilities. This allows you to dynamically apply a filter to data based on the user querying a table. This powerful capability can make multitenancy use cases like Census Embedded safe and secure.

Warehouses give you alternative authentication mechanisms, audit logs, and many more features to control and monitor what data. But there’s also one less obvious benefit to mention: Data Locality. You control where your data lives; which cloud, which region, and how it’s accessed. If you ever decide to change the components out of your marketing stack, you can simply cut off access. The data stays where you keep it.

Census: Data Access Controls

As mentioned above, you can use multiple warehouse connections across workspaces, and combine that with user access controls to limit who can take which actions on the datasets shared with Census.

However, activation can put data teams in a difficult place. Activation almost always requires PII. Though many advertising destinations will accept hashed user identifiers for their matching mechanisms, building contact records in CRMs or creating audiences for email campaigns is almost always going to require an email address.

Don’t stress! Census enables activation of PII without exposing that PII to users. In addition to access controls, your data team can mark the sensitive columns of datasets as PII. This will hide the values in any place data is previewed within the Census but users can set up syncs to handle sensitive data without issue. Not far enough? Admins can disable all data previews in Census completely to ensure that no data points are ever visible through the UI.

Between Workspaces, Access Controls, and PII Masking, Census takes advantage of the data your warehouse exposes and makes it easy to control who can see or use it.

Wrapping Up

The benefit of the Composable CDP approach is that you can make strong commitments about how and who is using your data, without sacrificing the agility to use it. I hope this illustrates all of the different tools that are at your disposal, and not just through Census.

As the responsibility to keep user data safe weighs heavier on the minds of data (and the legal folks behind them), it’s critical to know all the tools at your disposal and when to use them. At Census, our mission is to make your data trustworthy and actionable, but we can only deliver on that by also making sure our customers can do that safely and securely. If we can give your business operations a hand by enabling this with your data, reach out! We’d love to help.

Start a free 14-day trial today, or schedule a call with our team.

Related articles

Transforming data Before Syncing with Census Datasets
Transforming data Before Syncing with Census Datasets

The Problem: Your good data is always one request away. Your data team built some great data models in your warehouse; it could be with dbt, or could be plain ol’ SQL — the typical Accounts, Contacts, and Teams golden models. Now you work with another vendor. Maybe a third-party enrichment provider writes open job listings and description data for your warehouse, like Or perhaps you have an enriched target accounts list generated in another marketing tool.

Product News
Census Datasets: The first step toward collaborative data transformation
Census Datasets: The first step toward collaborative data transformation

Late nights, long hours, and a constant string of tickets and feedback are the reality for most data and IT teams today. As every company’s appetite for data grows, technical teams are forced to scale up support to ensure that the right data lands in the right place. But it doesn’t stop there. Data teams are expected to provide actionable insights, comprehensive data governance, and compliant datasets for their entire organization while juggling new technologies, unclear expectations, and an ever-growing volume of data. Data teams are overwhelmed, business teams are confused and anxious, and everyone is spending more time discussing processes and procedures — and less time innovating.

Product News
Introducing Embedded Reverse ETL Syncs, the future of SaaS integrations
Introducing Embedded Reverse ETL Syncs, the future of SaaS integrations

Looking for a demo? Click here to jump to it on this page.