Data Privacy and Security Features

Important: Oracle Marketing Cloud is now known as Oracle CX Marketing. This change in name may not immediately reflect everywhere in the Oracle Responsys user interface.

Oracle Responsys has several mechanisms to help meet your organization's data privacy and security requirements. Learn about the Oracle Responsys privacy and security features and where to find information about implementing them.

Also review Data Processing Agreement for Oracle Cloud Services and Oracle Cloud Hosting and Delivery Policies. Learn more about Oracle CX Marketing and General Data Protection Regulation (GDPR). For more information about Oracle Responsys system security in general, see Oracle Responsys Security Overview.

This document covers the following sections:

Collecting data

Oracle CX Marketing enables your organization to capture personal data across many different channels. As part of these data capture processes, you have the ability to incorporate mechanisms that enable your customers to make informed decisions about the use of their personal data. Oracle Cloud provides controls that can be configured to meet specific business requirements.

Opt-in management

There are many considerations surrounding the management of consent. Consent requirements vary from region to region and is important to know and understand the regulations in the regions in which you operate.

Using Oracle Responsys you can build your opt-in subscriber database and ensure that you are only communicating with recipients that have given you permission to do so. You can also manage your opt-up or opt-down preferences.

Opt-in status can be managed in various ways:

You can also manage preference updates (opt-up or opt-down) using the following methods:

  • Updating the preference column in the Profile Extension Table (PET).
  • Updating the profile List using Connect, API, calls, or by manually updating the List

Targeting by organization

When Organizational Access Control is enabled for a Responsys account, assign subscribers to specific Organization Units and send messages using Targeting By Organization. Targeting by Organization provides the ability to target based on the recipient's organization assignment without changing filter definitions. For example, if your scheduled filter is set up for loyal customers, and you select the Bay Area organization through Targeting by Organization, only loyal customers in the Bay Area will be selected.

Targeting by Organization applies only for the Scheduled Filter and Get Audience activity in Program, and in email campaigns. Audience access is controlled by the Audience Scoping Code.

Express Campaign and Distributed Content Collaboration also leverage Targeting By Organization.

Learn more about Organizational Access and Targeting by Organization.


Oracle Responsys can host forms or you can use forms that are externally developed and hosted. Data captured in forms can then be merged into Lists, PETs, or Supplemental Tables. Learn more about forms in Oracle Responsys.

Managing data

As today’s businesses capture vast amounts of personal data, marketing teams require tools that enable them to manage data at scale. The Oracle Responsys provides a comprehensive portfolio of features that makes it easy for you and your organization to securely manage personal data.

Securely transfer data

Oracle Responsys facilitates data transfer and integration in a number of secure ways.


Using Oracle Responsys REST APIs, you can securely transfer personal data at scale. REST APIs use HTTPS end points. API users require Oracle Responsys functional roles and if Organizational Access Control is enabled, it will be enforced for API users as well. Oracle Responsys monitors and throttles the frequency of API requests that are submitted from each Oracle Responsys account. This is to ensure that the best possible level of service is offered to API clients in a shared environment.

Learn more about the REST API for Oracle Responsys Marketing Cloud Service.


Connect enables secure transfer of data to and from Oracle Responsys. Connect jobs can transfer data using the following options:

  • A Responsys Secure Copy Protocol (SCP) file server accessed by via an SSH/SCP client
  • External server by Secure File Transfer Protocol (SFTP). Connect only supports external SFTP servers with static IP addresses.

Connect supports file encryption with PGP/GPG. This allows you to leverage PGP/GPG encryption so that files remain encrypted on your file servers until they are needed for processing.

Using Connect you can export:

  • Contact Event Data (CED)
  • Profile tables
  • PET
  • Supplemental Data including SQL data sources
  • Filters and Audiences

When exporting data outside of Connect, Oracle Responsys enforces a download limit of 5000 records. The API does not have this restriction.

Learn more about Connect.

Data removal

Data protection or privacy regulations vary region to region. When it is necessary to delete customer personal data, it is important to know how Oracle Responsys manages deletions.

Profile List record removal

To delete profile records, you can use the following methods:

When List records are deleted, Oracle Responsys does the following:

  • Marks the record deleted. A system process permanently deletes the records at a set time daily.
  • Removes the data from any associated PET. A system process permanently deletes the PET records at a set time daily.
  • If applicable, removes the associated data from the App Channel List. A system process permanently deletes the records at a set time daily.
  • Permanently deletes associated App Channel List PET records. No system process is necessary.
  • If applicable, removes the associated data from the Web Push Channel List. A system process permanently deletes the records at a set time daily.
  • Permanently deletes associated Web Push Channel List PET records. No system process is necessary.

App Channel List record removal

When you delete an App Channel List record, Oracle Responsys does the following:

  • Marks the App Channel List record as deleted. A system process permanently deletes the records at a set time daily.
  • Removes the data from any associated App Channel List PET. No system process is necessary.

Learn more about removing App Channel List records.

When you delete App Channel List PET records they are permanently deleted, and no system process occurs to remove the data.

Web Push Channel List record removal

When you delete an Web Push Channel List record, Oracle Responsys does the following:

  • Marks the Web Push Channel List record as deleted. A system process permanently deletes the records at a set time daily.
  • Removes the data from any associated Web Push Channel List PET. No system process is necessary.

Learn more about removing Web Push Channel List records.

When you delete Web Push Channel List PET records they are permanently deleted, and no system process occurs to remove the data.

PET record removal

You can delete PET records without deleting the associated List record. You can use the API and delete based on RIID, or manually remove he record using the UI. You can also delete entire PET tables.

When you delete PET records, the record is permanently deleted. No system process is necessary. Learn more about removing PET records.

Supplemental Data record removal

Supplemental Data can be removed independently of profile data using the API or manually using the UI.

  • Using the Oracle Responsys UI, you can purge all records in a Supplemental Data Table or delete the entire tables. Learn more about managing Supplemental Data Tables.
  • Using Connect, you can remove supplemental data by removing all existing records on upload, or overwriting the data with NULL data. Learn more about importing Supplemental Data.

Supplemental data records can also be removed using the customer profile bulk deletion process by mapping supplement data table records to the customer profiles. Learn more about Supplemental Data Management.

Protecting data

Oracle Responsys provides capabilities to help protect data. Features like granular user access controls, encryption, data redaction, anonymization, and more help your organization protect personal data at the highest possible standard.

Oracle Responsys provides data security mechanisms and controls to help your organization securely manage access to Oracle Responsys and minimize access within Oracle Responsys.

IP allowlisting

An IP allowlist allows you to restrict access to Oracle Responsys based on an IP address. It prevents a user from logging in to Oracle Responsys from an untrusted IP address. You can allowlist one or more IP address ranges. These restrictions apply to API users as well.

To access the IP allowlist, select View login IP restrictions from the Account management page. Learn more.

User password requirements

Oracle Responsys offers you various protections to secure user access to Oracle Responsys and help prevent unauthorized access. Using Oracle Responsys security configuration you can:

  • Manage the password requirement
  • Manage login security such as idle session timeout, and a lockout policy.

Single sign-on

You can enable secure user access to Oracle Responsys by using your single sign-on (SSO) vendor. Enabling SSO allows your organization to take advantage of the security features you've already implemented with your SSO identity provider. Oracle Responsys supports SAML 2.0-compliant identity providers.

Learn more about single sign-on.

Functional access control

Functional access is controlled by a user's roles. Use functional access control to match a user's access with their job responsibilities. Learn more about the roles and access rights available within Oracle Responsys.

Organizational access control

Organizational access control gives you the ability to define the visibility of objects (such as lists, campaigns, folders, and programs) based on organization assignment of the object, the user's organization assignment, and the functional role assigned to the user.

Functional Access Control and Organizational Access Control work together. Organizational Access Control determines whether the user has access to a particular object, and Functional Access Control determines what operations the user can perform with that object. For example, a user may have access to the PET object but cannot add or update data in it.

Learn more about organizational access control.

Hashing and using oHashes

Oracle Responsys creates an oHash of email addresses using the SHA-256 and MD5 hash value of a normalized email addresses. The normalized email address is generated by trimming the raw clear text, converting it to lower case, and removing any aliases.

The oHashes are stored in the columns EMAIL_SHA256_HASH_ and EMAIL_MD5_HASH. If you want to use your own externally calculated hash for profile merges or personalization, populate your hash value in the CUSTOMER_ID_ column.

These oHashes can be leveraged with your integrated systems to map customer data across systems without sending the email address itself. For example, the oHashed email addresses are used in an Oracle DMP integration or an Adobe Analytics integration, and can be used with retargeting use cases.

With Connect, you can use these oHashes as a match key. oHashes cannot update the standard EMAIL_ADDRESS_ column.

Responsys Personalization Language (RPL) and Built-in Functions provide methods for one-way hashing of data during personalization. Learn more about RPL and Build-in Functions.

Data Redaction

Redaction is the process of censoring or obscuring part of a text for legal or security purposes. The Data Redaction feature redacts customer data in Responsys to obfuscate Consumers' Personally Identifiable Information (PII) from Responsys users. For example, Responsys accounts may want to redact customer data such as Email Addresses and Mobile Phone Numbers in the Profile List to ensure customer data is hidden from Responsys end users. Data Redaction ensures that Responsys accounts are compliant with data protection regulations to keep Consumers' PII or medical records (for HIPAA compliance) confidential.

Learn more about Data Redaction.

Encryption at Rest

Encryption at Rest is Oracle Responsys' solution to "data at rest encryption". Encryption at Rest provides security for data in files that are saved on disk (or at rest) by encrypting that data. Using Oracle Transparent Data Encryption (TDE) technology, Encryption at Rest encrypts Responsys data to prevent access from unauthorized users. For Responsys accounts with security mandates to protect their data at rest from unauthorized access, Encryption at Rest offers advanced data protection.

Learn more about Encryption at Rest.