Comparison: Customer Data Platforms

Best Customer Data Platforms Compared (2026): Architecture, Pricing, and Privacy

CDPs unify events and traits, then fan them out to analytics, ads, email, and support tools. That hub-and-spoke model is powerful for personalization and measurement, but it also centralizes compliance risk: one overshared event or one destination that ignores consent can propagate across your stack. This guide compares leading CDPs for technical buyers, then scores privacy dimensions that privacy teams must validate regardless of vendor marketing.

Audit your deployment See Privacy Edge

Quick summary

What to know before you choose

What it does

A CDP ingests first-party events and identifiers, builds profiles, and routes audiences and streams to many downstream systems.

What to look for

Evaluate consent filtering at ingestion, per-destination controls, EU or private hosting, subprocessors, and whether reverse ETL shifts responsibility back to your warehouse team.

Where Lokker fits

Lokker observes outbound Segment, mParticle, Tealium, and tag-delivered CDP calls at the network layer, validates that destinations respect consent states, and blocks disallowed destinations with Guardian when policies fail in the browser.

The tools

Tools included in this comparison

Eight leading tools covering free, mid-market, and enterprise tiers, cloud and self-hosted deployment, and a range of privacy and compliance postures.

Segment (Twilio)

Event pipeline and Connections catalog with broad SaaS and warehouse destinations.

From ~$200/moCloud + EU option

Visit site Privacy topics

RudderStack

Warehouse-first event pipeline with open-source core and private deployment options.

From ~$50/moCloud + on-premises

Visit site

mParticle

Enterprise CDP focused on mobile, CTV, and marketing quality data governance.

Enterprise pricingCloud + EU option

Visit site

Tealium Customer Data Hub

Tag management plus audience stream and vendor-neutral CDP capabilities.

Enterprise pricingCloud + EU option

Visit site Privacy topics

Hightouch

Reverse ETL and Customer Studio audiences sourced from the warehouse.

From ~$200/moCloud + EU option

Visit site

Lytics

Decisioning and first-party profiles with consent-aware personalization hooks.

From ~$200/moCloud (US)

Visit site

ActionIQ

Composable CDP that queries enterprise warehouses for audience and journey execution.

Enterprise pricingCloud + on-premises

Visit site

Salesforce Data Cloud

Real-time customer graph inside Salesforce Clouds with activation to Marketing Cloud.

Enterprise pricingCloud + EU option

Visit site

All product names and trademarks are property of their respective owners. Lokker is not affiliated with or endorsed by any of the companies listed. Pricing and feature information is based on publicly available data and may change; verify with each vendor before purchasing.

Feature comparison

Capability comparison matrix

How each tool compares across the dimensions that matter most for product, engineering, and privacy teams.

Focus the matrix

Showing 5 of 8 tools. Add vendors as needed, or show the full table when you want every column.

3 tools are hidden from the focused table. The full text matrix below keeps every capability visible in the page source.

Scroll sideways if you choose more columns than fit your screen. Sticky capability labels stay visible

Capability	Segment (Twilio)	RudderStack	mParticle	Tealium Customer Data Hub	Hightouch
Primary ingestion pattern	SDKs, cloud sources, and reverse ETL partners	SDKs, cloud extract, and warehouse actions	SDK-first mobile and web ingestion with quality rules	Tealium iQ tags plus server-side EventStream and AudienceStream	Warehouse models as the source of truth with sync engines
Identity resolution approach	Unified profiles with merge rules and ID graph tooling	Warehouse-centric identity stitching with transformations	Deterministic and probabilistic identity with governance layers	Visitor ID, cross-device stitching, and Tealium AudienceStream	SQL-defined segments and stable keys from the warehouse
Destination breadth	Largest SaaS catalog with hundreds of integrations	Growing catalog with open-source destination framework	Curated enterprise destinations with strong mobile coverage	Vendor-neutral connectors plus tag ecosystem	Hundreds of SaaS syncs from warehouse rows
Consent and policy propagation	Consent object in Protocols; per-destination filters	Transformations and middleware for consent-aware routing	Data planning, quality, and policy enforcement modules	Consent management integration with Tealium iQ and server-side	Audience-level controls; depends on warehouse governance
Deployment models	Twilio cloud with regional workspaces	Cloud, private cloud, and open-source self-hosted options	Hosted enterprise SaaS	Private cloud options for regulated customers	SaaS with VPC and EU options on higher tiers
Transformations and governance	Protocols transformations, tracking plans, and replay tooling	dbt-style transformations and user transformations	Data master, rules, and calculated attributes	DataAccess and server-side enrichments	dbt models and Git workflows for audience logic
Real-time vs batch emphasis	Real-time streams with optional replay	Streaming first with warehouse sync	Real-time pipelines with batch reconciliation	Low-latency streams for onsite personalization	Configurable sync intervals; near-real-time on supported connectors
Reverse ETL as first-class	Partners and native patterns; not warehouse-native by default	Warehouse Actions and reverse ETL patterns built-in	Audience exports and partner reverse ETL tools	Event and audience delivery with partner warehouse sync	Core product is reverse ETL and Customer Studio
Typical pricing motion	MTU-based pricing with enterprise minimums	Event volume tiers; generous open-source option	Enterprise contracts	Enterprise contracts with modular SKUs	Row-based sync pricing scaling with destinations
Open-source or portable core	Proprietary hosted core	Open-source server and destination SDKs	Proprietary	Proprietary	Proprietary sync engine

Full text matrix for all tools

Primary ingestion pattern

Segment (Twilio): SDKs, cloud sources, and reverse ETL partners
RudderStack: SDKs, cloud extract, and warehouse actions
mParticle: SDK-first mobile and web ingestion with quality rules
Tealium Customer Data Hub: Tealium iQ tags plus server-side EventStream and AudienceStream
Hightouch: Warehouse models as the source of truth with sync engines
Lytics: JavaScript, server APIs, and warehouse connectors
ActionIQ: Warehouse queries and federated access patterns
Salesforce Data Cloud: Ingestion APIs, connectors, and Salesforce object sync

Identity resolution approach

Segment (Twilio): Unified profiles with merge rules and ID graph tooling
RudderStack: Warehouse-centric identity stitching with transformations
mParticle: Deterministic and probabilistic identity with governance layers
Tealium Customer Data Hub: Visitor ID, cross-device stitching, and Tealium AudienceStream
Hightouch: SQL-defined segments and stable keys from the warehouse
Lytics: Lytics Content Affinity and behavioral profiles
ActionIQ: Enterprise identity in composable deployments
Salesforce Data Cloud: Salesforce Identity and unified individual graph objects

Destination breadth

Segment (Twilio): Largest SaaS catalog with hundreds of integrations
RudderStack: Growing catalog with open-source destination framework
mParticle: Curated enterprise destinations with strong mobile coverage
Tealium Customer Data Hub: Vendor-neutral connectors plus tag ecosystem
Hightouch: Hundreds of SaaS syncs from warehouse rows
Lytics: Core marketing and personalization destinations
ActionIQ: Enterprise marketing and service destinations
Salesforce Data Cloud: Native activation into Salesforce Clouds and partners

Consent and policy propagation

Segment (Twilio): Consent object in Protocols; per-destination filters
RudderStack: Transformations and middleware for consent-aware routing
mParticle: Data planning, quality, and policy enforcement modules
Tealium Customer Data Hub: Consent management integration with Tealium iQ and server-side
Hightouch: Audience-level controls; depends on warehouse governance
Lytics: Consent fields on profiles for downstream filtering
ActionIQ: Policy layers for audience access in enterprise deployments
Salesforce Data Cloud: Consent API patterns inside Salesforce platform

Deployment models

Segment (Twilio): Twilio cloud with regional workspaces
RudderStack: Cloud, private cloud, and open-source self-hosted options
mParticle: Hosted enterprise SaaS
Tealium Customer Data Hub: Private cloud options for regulated customers
Hightouch: SaaS with VPC and EU options on higher tiers
Lytics: Hosted SaaS
ActionIQ: Customer-managed or private deployments common
Salesforce Data Cloud: Salesforce Hyperforce regions and multi-cloud strategy

Transformations and governance

Segment (Twilio): Protocols transformations, tracking plans, and replay tooling
RudderStack: dbt-style transformations and user transformations
mParticle: Data master, rules, and calculated attributes
Tealium Customer Data Hub: DataAccess and server-side enrichments
Hightouch: dbt models and Git workflows for audience logic
Lytics: Conductor and marketer-friendly segment builders
ActionIQ: SQL governance with role-based access to audiences
Salesforce Data Cloud: Data harmonization and calculated insights in Data Cloud

Real-time vs batch emphasis

Segment (Twilio): Real-time streams with optional replay
RudderStack: Streaming first with warehouse sync
mParticle: Real-time pipelines with batch reconciliation
Tealium Customer Data Hub: Low-latency streams for onsite personalization
Hightouch: Configurable sync intervals; near-real-time on supported connectors
Lytics: Streaming profiles for onsite personalization
ActionIQ: Low-latency queries against governed warehouse views
Salesforce Data Cloud: Real-time CDP positioning with streaming ingestion

Reverse ETL as first-class

Segment (Twilio): Partners and native patterns; not warehouse-native by default
RudderStack: Warehouse Actions and reverse ETL patterns built-in
mParticle: Audience exports and partner reverse ETL tools
Tealium Customer Data Hub: Event and audience delivery with partner warehouse sync
Hightouch: Core product is reverse ETL and Customer Studio
Lytics: Warehouse connectors for enrichment
ActionIQ: Composable positioning with warehouse at center
Salesforce Data Cloud: Zero-copy patterns with partner warehouses

Typical pricing motion

Segment (Twilio): MTU-based pricing with enterprise minimums
RudderStack: Event volume tiers; generous open-source option
mParticle: Enterprise contracts
Tealium Customer Data Hub: Enterprise contracts with modular SKUs
Hightouch: Row-based sync pricing scaling with destinations
Lytics: Profile and event volume tiers
ActionIQ: Enterprise contracts
Salesforce Data Cloud: Salesforce-wide enterprise licensing

Open-source or portable core

Segment (Twilio): Proprietary hosted core
RudderStack: Open-source server and destination SDKs
mParticle: Proprietary
Tealium Customer Data Hub: Proprietary
Hightouch: Proprietary sync engine
Lytics: Proprietary
ActionIQ: Proprietary
Salesforce Data Cloud: Proprietary

Does your tool actually stop in reject and GPC states?

Lokker Consent Validator runs automated browser sessions across every consent state and confirms at the network layer whether tools in this category still send requests when they should not.

See Consent Validator Request a demo

Privacy and compliance

Privacy and compliance scorecard

The dimensions Lokker Privacy Edge evaluates when it detects customer data platforms (cdps) on your properties. Use this scorecard alongside the capability matrix when making your vendor decision.

Yes

Partial

Unknown

Privacy dimension	Segment (Twilio)	RudderStack	Tealium Customer Data Hub	Hightouch	Lytics
First-class consent filtering before fan-out	Consent objects exist, but destination catalogs still require per-destination review.			Governance depends on how segments are modeled in the warehouse.
HIPAA BAA or regulated deployment options		Self-hosted or private deployments shift responsibility to your team.
EU workspace or residency options					Confirm current region options on your contract; many stacks remain US-primary.
Published sub-processor transparency
Destination sprawl risk (ads, data brokers)	Large catalogs make it easy to enable high-risk destinations without DPIA review.
Controls for sensitive properties in events				SQL models can leak PHI if analysts merge clinical tables into marketing segments.
Deletion and suppression propagation to destinations		Downstream deletes depend on each destination connector behavior.
Audit trails for configuration changes					Confirm audit retention for your plan tier.
Native GPC handling for browser events			Tealium can integrate consent signals from Tealium iQ, but GPC still requires correct CMP mapping.

Scores reflect publicly available product documentation as of 2026. Vendor capabilities change; verify current behavior with each vendor and through independent testing. "Partial" indicates the capability exists but requires non-default configuration, an additional plan tier, or has meaningful limitations.

Buyer guidance

How to choose the right tool for your context

Choosing among these customer data platforms (cdps) depends on your industry, infrastructure, privacy posture, and budget. Use these decision guides to narrow your evaluation.

If your warehouse is the source of truth

RudderStack, Hightouch, and ActionIQ lean warehouse-native. Privacy risk shifts to SQL models, dbt tests, and who can publish a segment to Meta.

Lokker note: Add Privacy Edge monitoring on web properties that still emit client events into the CDP.

If you need the broadest SaaS catalog

Segment pioneered destination breadth. More destinations mean more subprocessors and more consent checks per activation.

Lokker note: Inventory enabled destinations quarterly; unused connectors still appear in DPIAs.

If mobile SDKs dominate your data

mParticle and Braze-class stacks often pair. SDK misconfigurations can leak ad IDs and location before server-side filtering.

Lokker note: Pair CDP rollout with Consent Validator runs on mobile web and embedded webviews.

If Tealium already governs your tags

Tealium CDH plus iQ can unify consent and routing, but the privacy outcome still depends on rule order and server-side streams.

Lokker note: Use Guardian as a safety net when server-side rules lag behind marketing requests.

Privacy context

The privacy reality of customer data platforms

CDPs are not passive databases. They actively forward events to ads, email, analytics, and support tools. A single mis-tagged property can replicate across dozens of destinations. Consent tools rarely understand per-destination legal bases, so privacy teams need network evidence, not only a catalog screenshot.

Fan-out amplifies mistakes

When one event contains a sensitive attribute, every subscribed destination may receive it unless transforms and filters catch the issue upstream.

Warehouse-first does not remove browser exposure

Reverse ETL reduces some client collection, but marketing sites still load pixels and tags that must respect consent before any server sync runs.

DPIAs must list enabled destinations, not vendor logos

Regulators ask what data leaves the organization and to whom. CDP catalogs change weekly as marketers enable new integrations.

Where Lokker fits

How Lokker helps alongside your CDP

Lokker does not replace Segment, RudderStack, mParticle, Tealium, Hightouch, Lytics, ActionIQ, or Salesforce Data Cloud. Lokker validates what your sites and apps still send to CDP endpoints and downstream tags in each consent state.

Privacy Edge: detect CDP and tag beacons across properties

Privacy Edge fingerprints Segment analytics.js, Tealium collect tags, mParticle SDK traffic, and related destinations inside your tracker inventory.

See Privacy Edge

Consent Validator: prove events respect reject and GPC

Consent Validator captures whether CDP collection endpoints still receive payloads when analytics or marketing consent is denied.

See Consent Validator

Guardian: block disallowed CDP calls

Guardian enforces trust rules so CDP endpoints cannot load when internal policy or CMP state says they should not.

See Guardian

Common questions

Customer Data Platforms (CDPs): frequently asked questions

The most common questions from privacy teams, legal counsel, and buyers evaluating customer data platforms (cdps).

More comparison guides

Compare other MarTech categories

Session Replay Tools8 tools

Web Analytics Tools8 tools

Marketing Automation Platforms8 tools

Chat and Messaging Widget Platforms8 tools

Consent Management Platforms8 tools

A/B Testing and Experimentation Platforms8 tools

Tag Management Systems7 tools

View all comparison guides

Next step

Validate your customer data platforms (cdps) deployment with Lokker

Lokker confirms that the tool you choose stops collecting data in reject and GPC states, surfaces any gaps in your CMP configuration, and enforces blocking at the network layer so a misconfigured consent banner cannot result in an unauthorized data collection event.

Request a demo See Privacy Edge