On this page:
Dynamic Segmented audience overview
Segmented audiences include groups of users who share similar traits. These audiences can be highly specific or more broad, depending on your campaign’s goals and your scale considerations. For example, you might include empty nesters who love hiking, or doctors specializing in pediatrics.
While standard, in-platform Segmented audience targeting is suitable for most campaigns, we recommend creating a dynamic Segmented audience when targeting highly specific user groups with an ongoing need for audience refreshes. This approach involves collaborating with IQM to onboard and target your own data.
A key benefit of dynamic Segmented audiences is the continuous synchronization between your external data source and the audience targeted within the IQM platform. The platform automatically refreshes the audience each time your source file changes, ensuring end-to-end harmony with little manual effort.
Refer to Segmented audience overview for more information about in-platform, standard Segmented audiences, or continue reading to learn more about onboarding your own dynamic Segmented audiences.
Data onboarding and targeting process overview
Onboarding data for dynamic Segmented audience targeting first takes places outside of the IQM platform, then moves into the platform once your data is processed.
Review the graphic below for more details, or refer to Upload and target a dynamic Segmented audience to get started.
Contact us at support@IQM.com, or reach out to your account representative, to notify us that you’d like to bring your own data for dynamic Segmented audience creation.
IQM creates a secure AWS S3 bucket and shares access with your organization.
Upload taxonomy and segment files to the shared bucket using the agreed-upon paths.
IQM ingests, validates, and processes the data taxonomy you provided, and transforms it into targetable audience segments.
IQM manages account permissions to grant you exclusive access to your audience segments.
Add your exclusive advertiser segments to a Segmented audience in the IQM platform.
Target the Segmented audience via new or existing campaigns in the IQM platform.
If desired, update the existing source-data file in S3 to dynamically refresh your Segmented audience.
Data privacy measures for dynamic Segmented audiences
Customer data privacy measures
When you create an audience with first-party data or enable other audience-targeting features, you agree to comply with applicable data laws and regulations including but not limited to GDPR, CCPA, and HIPAA. Your organization remains the controller of any personally identifiable information (PII) you send.
In addition to ensuring all sharing complies with applicable laws and your privacy policy, follow these guidelines to help ensure security and compliance when creating and targeting dynamic Segmented audiences:
Encryption at rest: Enable SSE-KMS (recommended for PII) or SSE-S3 encryption at the bucket level or object level. In the S3 ecosystem, a bucket represents the top-level container for storing objects, while an object represents the individual files you upload.
Encryption in transit: Use the secure HTTPS protocol when transferring data between your device and the S3 bucket. A Transport Layer Security (TLS) of 1.2 or later is required.
Note that, while all S3 objects are private by default, S3 supports file sharing through the use of pre-signed URLs. These links grant specific, temporary access to an S3 object without exposing your credentials. We recommend avoiding URL sharing whenever possible, or ensuring yours are pre-signed and set to expire quickly.
Least privilege: When you define permissions, you’ll apply permission settings that relate to AWS’s “Identity and Access Management” (IAM) policy. These IAM policies are used to grant users specific permissions such as the ability to list and read objects within a particular S3 bucket or folder.
Always grant the minimum necessary access to each party. This security measure includes blocking public access and activating the “Bucket Owner Enforced” setting in S3, which disables Access Control Lists (ACLs) and ensures the bucket owner can manage all of its objects’ permission settings, regardless of the uploader.
Auditability: Enable S3 server access logging or CloudTrail data events for the bucket. These settings allow you to review key details related to each time your bucket and its objects are delivered to another bucket.
Data minimization: Limiting the amount of sensitive information that’s passed between parties is a critical step in maintaining data security. Store and share only the minimum amount of PII or other data necessary to meet your specific Segmented audience use case and legal basis.
Retention: Agree on an object lifecycle (e.g., auto-expire raw segment files after a certain number of days) to minimize the storage of PII or other sensitive data.
IQM data privacy measures
IQM takes the following measures to provide a secure and compliant Segmented audience solution that not only benefits our customers but also respects the privacy rights of individuals:
HIPAA compliance: Healthcare advertisers can create Segmented audiences for precise outreach to healthcare professionals across a number of audience categories. These segments vary by data provider and include NPI-based targeting. Our foremost priority is aligning with the Health Insurance Portability and Accountability Act (HIPAA). This legislation mandates safeguarding individuals' healthcare information, a responsibility we discharge meticulously in our NPI matching process.
Robust data encryption: IQM stores files behind a firewall and encrypts them in the case of a data breach. The rigorous data encryption measures that we have implemented are intended to preserve the confidentiality and integrity of data. These techniques also ensure data remains shielded during transit and while at rest, mitigating the risk of unauthorized access.
Secure data storage: All data processed within IQM undergoes secure storage, complemented by stringent access controls and comprehensive audit trails. This not only bolsters data security but also establishes traceability, an essential facet for demonstrating compliance.
Routine compliance audits: IQM conducts ongoing compliance audits to ascertain the continued alignment of our NPI, Voter, and other sensitive-data processes with the latest data privacy regulations. This unwavering commitment to compliance provides our customers with the confidence to utilize our platform without encountering legal concerns.
Key terms and concepts
Validation check
IQM performs a standard validation check during the Test and validate portion of the data onboarding process. Common checks include the following items.
Validated element | Description |
Path and naming | The folder structure matches those outlined in S3 bucket structure and file paths. It includes a seat_id folder and a parseable timestamp. |
Encoding | The file uses UTF-8 character encoding with Unix newlines (\n). It doesn’t start with a Byte Order Mark (BOM). |
Size sanity | The file isn’t empty, and its size is within the mutually agreed-upon limit (typically <1GB and <1MM rows). |
Headers | For taxonomy files, the column headers match those outlined in File formats and schemas: id, name, description, CPM, reach.
For PII-based segment files, a header row is included. |
Delimiters | Taxonomy files and PII-based segment files use commas, and digital-ID-based segment files use a pipe (|). |
Types | No required fields were left blank, and all numeric fields (CPM, reach) parse. |
Referential integrity | Every segment in segment files must map to an existing taxonomy id for the same seat_id. |
Duplicates | Duplicate (segment, digital_id) rows found within a single file may be de-duplicated. |
Failure handling | Files affected by validation errors are skipped, and IQM will contact you with error details and next steps. Non-failing files will continue to be processed without interruption. |
New versus refreshed audiences
The way you add, update, and delete files to the shared S3 folder determines each Segmented audience’s behavior.
Desired behavior | Description |
Create a new audience | Add a new file to the shared S3 folder to create a new audience.
When you add multiple files to the S3 folder at once, each file still represents its own dynamic audience. |
Dynamically refresh an existing audience | Rather than updating an existing file directly, add a new file to the same S3 folder instead. This will trigger an automatic re-processing of the existing audience when you add a new description, CPM, or reach for those segments. |
Delete an existing audience | Deleting an existing file from the S3 folder will not automatically remove the corresponding audience from the IQM platform.
Instead, add an “Active” row to your file. Include “Active=False/0” to indicate that a particular segment should be removed from the existing audience. |
Refer to Upload and target a dynamic Segmented audience to complete the processes described in this table.
S3 bucket structure and file paths
Path formatting notice: When reviewing the required taxonomy path, note that seat_id=<seat_id> is a folder name, not a query string. Use the exact seat or account identifier provided to you by IQM.
For <timestamp> formatting, use zero-padding. We also recommend a YYYYMMDD_HHMMSS format in UTC (e.g., 20250115_230501). |
Requirements | Path or description |
Required taxonomy path | s3://<bucket>/taxonomy-uploads/seat_id=<seat_id>/taxonomy_<timestamp>.csv |
Required segment path* | s3://<bucket>/segment-data/list=<ipv4 | ifa | cookie | pii>/segments_<timestamp>.csv |
Required versioning | Enable S3 Versioning (external link) on the bucket to safely recover from accidental overwrites. |
Required retry info | Use a new <timestamp> any time you resend a file to differentiate between the existing file and the new one. |
Recommended bucket name | An iqm-<partner>-<digest> bucket name is recommended, where <digest> is typically an 8 to 16 character alpha-numeric code. |
*Required segment path: The segments_<timestamp>.csv file must contain two columns: segment and digital_id.
File formats and schemas
Taxonomy file
All files must be UTF‑8 encoded text with Unix newlines (\n). Include a header row unless otherwise stated.
Path: taxonomy-uploads/seat_id=<seat_id>/taxonomy_<timestamp>.csv
Schema (comma‑separated CSV):
Column | Type | Required | Example | Notes |
id | string | ✓ | sports_nfl_01 | Unique segment key you control. Stable across deliveries. |
name | string | ✓ | NFL Fans | Human‑readable label. |
CPM | number | ✓ | 7.50 | Use . as a decimal separator. |
description | string | X | US NFL enthusiasts | Optional free text. |
reach | integer | X | 1250000 | Optional estimated reach; default value is 0 when reach is not provided. |
Example
id,name,description,CPM,reach
sports_nfl_01,NFL Fans,US NFL enthusiasts,7.50,1250000
retail_lux_aa,Luxury Shoppers,High propensity for luxury retail,12.00,340000
Segment file
Segment file notice: Choose only one segment file format (digital-ID-based or PII-based). |
Digital-ID-based segment file (pipe-delimited, no header)
Path: segment-data/segments_<timestamp>.csv
Schema: segment|digital_id
s3://<bucket>/segment-data/list=<ipv4 | ifa | cookie | pii>/segments_<timestamp>.csv
Other guidelines: The digital_id should be the raw identifier your integration team has agreed to provide (e.g., mobile advertising ID, cookie ID, or IP address). Avoid hashing unless explicitly agreed upon with IQM.
Example
sports_nfl_01|AEBE1C24-09F3-4A86-AB35-0A1B5C2D3E4F
sports_nfl_01|2bcfa2f7-8f6b-4d8a-9c7f-1e28bdc3d7a1
retail_lux_aa|cookie_5f9c83f1b2
PII-based segment file (comma-separated CSV, with header)
Path: segment-data/segments_<timestamp>.csv
Accepted columns:
Eligible combinations of the following are accepted.
NPI_ID
L2_ID
NPI_ID, first_name, last_name, ZIP_code, state
L2_ID, first_name, last_name, ZIP_code, state
first_name, last_name, ZIP_code, state
Example
segment,first_name,last_name,address,zip,state,email
retail_lux_aa,Alex,Morgan,123 Market St,94103,CA,alex.morgan@example.com
sports_nfl_01,Jordan,Lee,88 River Rd,10027,NY
Templates
“Identity and Access Management” (IAM) templates
Template notice: The JSON samples below should be treated as templates that include placeholders. Replace these placeholders (<bucket>, <IQM_ACCOUNT_ID>, etc.) with your details
If you’re using server-side encryption (SSE) with AWS Key Management Service (KMS) to encrypt your S3 object data, allow kms:Decrypt and kms:Encrypt on the key. |
Cross‑account role (partner account) – trust IQM to assume
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "AWS": "arn:aws:iam::<IQM_ACCOUNT_ID>:role/<IQM_Role_Name>" },
"Action": "sts:AssumeRole"
}
]
}
Inline policy for the cross-account role – limited bucket access
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ListAndGet",
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::<bucket>"]
},
{
"Sid": "ObjectsRW",
"Effect": "Allow",
"Action": ["s3:GetObject","s3:PutObject","s3:DeleteObject","s3:GetObjectVersion"],
"Resource": ["arn:aws:s3:::<bucket>/*"]
}
]
}
Segment usage reports
For each seat_ID, we recommend maintaining monthly audience usage reports with respect to each dynamic Segmented audience that you upload. Analyze month-over-month details including metrics such as Impressions and Spend, broken out by audience and segment.
Use the following template to maintain the report with respect to uploaded audience segments:
Item | Path or description |
S3 path | s3://<client_bucket>/seat_id=<seat_id>/audience_usage_reports/<MM>-<YYYY>.csv |
Account | The Workspace ID and Organization ID. |
Month | The month you would like to report on. |
Audience | The Audience Name and/or Audience ID. |
Campaign | The Campaign ID. |
Segment | The Segment Name and/or Segment ID. |
Metrics | The Impressions, Clicks, and Video_Completions, for example. |
Once available, reports will be shared either via email or Google Drive.
Locate additional Segmented audience resources