This article covers the attribute property Restricted Data. This property is used to identify attributes that contain data that should be omitted from Customer Data Hub services that send data out of the system, such as 3rd party connectors or DataAccess.

In this article:

Table of Contents Placeholder

What is Restricted Data?

In general terms, restricted data refers to any attribute containing data that is:

  • ✔ private or personal
  • ✔ protected by privacy laws
  • ✔ subject to controlled access

By default, attributes are not restricted and may flow through to a variety of destinations. Attributes are made available to services such as EventDB, as well as third-party connectors. Attributes have a setting called Restricted Data that, when set, will prevent that attribute from being included in processes that send data out of the Customer Data Hub. Attribute enrichments are not affected.

Identifying Restricted Attributes

On the Attributes screen there is a filter named "Restricted Data" that will show all attributes that have been marked as restricted.


When editing attribute details you can see the Restricted Data field in the properties section.



For security purposes, attributes of type Visitor ID are always marked as restricted. This cannot be changed.

How Restricted Attributes Are Handled

The following services handle restricted attributes:

  • EventStore/EventDB

    By default, restricted attributes are omitted from event feeds. This behavior can be changed in the settings for each feed. (See Live Events and Feeds.)

  • Data Layer Enrichment

    By default, restricted attributes are omitted from the visitor attributes returned to the on-page data layer via data layer enrichment with AudienceStream. When the Tealium Collect Tag sends out a request for the latest visitor profile AudienceStream returns attributes that are not restricted. This behavior cannot be changed.

The following services do not handle restricted attributes:

  • AudienceStore/AudienceDB

    By default, restricted attributes are always included, whether they are sent to AudienceDB or exported using the AudienceStore connector. This behavior cannot be changed.

  • Connectors (including Webhook)

    By default, restricted attributes are always included, whether you are sending them to the vendor through mappings or as part of the visitor profile. This behavior cannot be changed.

    A warning message will appear if your connector request contains one or more restricted attributes.


  • Marking an attribute as Restricted protects it from being sent to select Tealium services.
  • EventStore, EventDB, and Data Layer Enrichment services honor restricted data.
  • AudienceStore, AudienceDB, and Connectors do not honor restricted data.
  • Restricted attributes are available to all enrichments.