What problem are leaders actually trying to solve?
Executives want a single, trusted view of the customer that activates across channels without adding risk. Teams often confuse two adjacent assets that serve this goal. An identity graph connects identifiers that represent the same person or household. A CDP profile aggregates attributes and events about that person for analysis and activation. The overlap creates buying friction, double counting, and governance headaches. Clear roles remove friction and improve time to value.¹ ²
What is an identity graph in plain language?
An identity graph is a linked data structure that stores relationships between identifiers such as email, mobile, device ID, cookie, CRM ID, and partner IDs. The graph uses match rules and probabilistic or deterministic logic to decide when two identifiers belong to the same real individual. The graph produces a durable person key that downstream systems can use. Enterprise identity providers describe this as first party identity resolution that continuously builds a private, compliant map of who is who.³ ⁴
What is a CDP profile and how is it different?
A CDP profile is a unified customer record that merges events and attributes into a single, queryable profile for segmentation and activation. A modern CDP supports real time updates, audience creation, and delivery to paid and owned channels. Leading CDPs define identity and profile as separate but connected services. Identity stitches records. Real time profile composes the latest attributes, behaviors, and consent states for use cases like journeys and suppression.⁵ ⁶
Why do organizations conflate these concepts?
Teams conflate concepts because many CDPs ship with built in identity resolution and many identity providers now expose activation connectors. This blurs the line between stitching and activation. Product marketing also feeds confusion by using similar terms such as “unified profile,” “graph,” and “ID spine.” The simplest way to separate them is this: identity graphs solve who-is-who across data sources. CDP profiles solve what-to-do-next for a known person using current data and governance controls.⁵ ⁷
How do the data flows actually work?
Data platforms typically ingest raw events and records into a lake or warehouse. An identity service evaluates those inputs against rules to produce a stable person key. The service writes linkages and a golden identifier back to the platform. A profile service then reads identity linkages and assembles traits such as recency, frequency, value, lifecycle stage, and consent status. Activation routes those profiles to destinations with the right keys and privacy flags. Vendors document these flows with separate identity and profile modules.⁶ ⁸
When should you emphasize an identity graph?
Leaders should emphasize an identity graph when they face heavy fragmentation of identifiers, complex partner data, or strict data residency requirements. A dedicated identity layer gives you transparent match rules, survivorship policies, and link audits. It also enables secure graph builds inside your own virtual private cloud. That pattern reduces data movement and strengthens compliance for regulated sectors. Identity graphs shine in adtech, cross device recognition, and data collaboration where stitching quality determines match rates and spend efficiency.³ ⁴ ⁹
When should you emphasize CDP profiles?
Leaders should emphasize CDP profiles when the goal is timely activation, audience management, and journey orchestration. A real time profile unlocks channel ready segments, decisioning, and measurement. CDPs provide interfaces for marketers and CX teams to create audiences, set governance labels, and push to destinations within minutes. They also expose profile APIs and UI for service operations. The CDP becomes the operational system of record for engagement while leaning on the identity layer for authority on person keys.⁵ ⁶
How do match rules and governance change outcomes?
Identity graphs depend on match rules that set thresholds for deterministic and probabilistic linking. Conservative rules protect precision. Aggressive rules expand reach. Good implementations separate identity accuracy from profile enrichment to make audits simpler. Governance frameworks must capture lawful basis, consent status, and opt out signals at the identifier and profile level. Regulators expect consent to be specific, granular, opt in, documented, and easy to withdraw. Robust CDPs and identity services provide features to enforce these requirements across collection, processing, and activation.¹⁰ ¹¹ ¹² ¹³
Which metrics prove the approach is working?
Teams should track identity precision and recall, link stability, and orphaned identifier rates to judge the graph. They should track audience build time, activation latency, segment eligibility accuracy, and suppression error rates to judge the profile service. Leaders also review data minimization, access logs, and consent propagation across destinations. Vendors document the controls and processing stages that influence these metrics.⁵ ⁶ ⁸
Where do warehouse native and composable patterns fit?
Warehouse native patterns keep raw data, identity edges, and profile materializations in your cloud data platform. Identity services can now build first party graphs inside customer VPCs with managed jobs. CDPs increasingly support composable deployments that read from and write to your lakehouse while still providing marketer friendly UI. This split keeps control with the enterprise while preserving usability for CX teams. The pattern reduces duplication and aligns privacy by design with modern data architectures.³ ⁹
What about advertising use cases vs owned channel use cases?
Advertising use cases depend on robust identity translation across walled gardens, publishers, and partners. Identity graphs provide the bridges between hashed emails, device IDs, and network specific IDs for reach and frequency. Owned channel use cases depend on accurate, up to the minute profiles for personalization, journeys, and service. CDP profiles excel here by computing traits and eligibility in real time and enforcing consent across message orchestration. Mature stacks run both in tandem with clear system boundaries.³ ⁵ ¹⁹
How do privacy laws shape design choices?
Privacy laws shape system boundaries, data retention, consent capture, and audit trails. UK GDPR and EU GDPR require clear lawful basis and valid consent characteristics. California’s CCPA and CPRA extend rights to correct, limit use of sensitive information, and opt out of sale or sharing. Identity graphs must record link provenance and handle unlink requests. CDP profiles must carry consent states to activation and honor user rights requests. Design choices should favor local processing, minimal data movement, and reversible linkages.¹⁰ ¹¹ ¹⁴ ¹⁵
What is a pragmatic reference architecture?
Teams can adopt a simple, layered blueprint.
First, place ingestion and storage in your lakehouse or data cloud. Second, implement an identity service that writes a person key, edges, and link metadata to governed tables. Third, implement a profile service that materializes channel ready traits and eligibility based on those keys. Fourth, route activation through governed connectors that include identity translation, consent enforcement, and suppression. Finally, expose observability for match quality, profile freshness, and destination delivery. This blueprint mirrors how leading platforms document their components.⁵ ⁶ ¹⁹
How do you choose vendors without getting boxed in?
Start with use case clarity. If your top priority is cross device advertising and data collaboration, weight identity graph strength, private graph builds, and partner ecosystem. If your priority is lifecycle personalization, weight real time profile performance, audience tooling, and consent enforcement. Prefer platforms that publish clear identity and profile documentation, support open schemas, and run inside your cloud. Ask for match rule transparency, explainable merging, and export of link graphs. These signals reduce lock in and speed audits.³ ⁵ ⁹
What are the risks if we collapse both into one tool?
Collapsing identity and profile into one monolith can hide match errors, limit governance, and slow innovation. Blurred boundaries make it hard to explain how a person key was created and how a trait entered a segment. Regulators and auditors need clarity on both. A split design does not require more vendors. It requires clear contracts between identity stitching and profile composition within or across products. Choose tools that respect those seams. Vendors that document identity service and profile service as distinct modules reduce this risk.⁵ ⁶ ¹⁹
How to get started in 90 days
Leaders can run a focused pilot. Define three activation use cases and two audit scenarios. Stand up identity resolution with conservative rules on a contained data domain such as loyalty plus ecommerce. Materialize a real time profile for those known customers. Push two owned channels and one paid channel. Measure match quality, profile freshness, and suppression accuracy weekly. Expand rules and coverage only after audit success. This crawl approach matches vendor guidance and reduces rework.⁵ ⁶ ¹²
What impact should executives expect?
Executives should expect more accurate reach, lower wasted spend, and fewer privacy risks. Teams will build audiences faster and troubleshoot issues with clearer logs. Service agents will see cleaner golden records and fewer duplicates. Marketing will see better suppression and eligibility accuracy. Legal and security will see stronger audit trails and simpler rights fulfillment. The combination of a strong identity graph and a strong CDP profile service creates a resilient, transparent foundation for customer experience.¹ ³ ⁵
FAQ
How do identity graphs and CDP profiles work together in Customer Science implementations?
Identity graphs assign a durable person key by linking identifiers. CDP profiles read that key to assemble traits and events for activation across channels. This separation improves auditability and time to value.³ ⁵
What should Customer Science clients prioritize when choosing a CDP for Australia and New Zealand?
Clients should prioritize clear identity documentation, real time profile performance, consent enforcement, and warehouse native deployment options that align with local governance needs. Vendors that separate identity and profile modules provide better control.⁵ ¹⁹
Why do privacy requirements change identity resolution rules?
Privacy laws such as UK GDPR and CCPA require specific, granular, and withdrawable consent and add rights to correct and limit sensitive data. Identity and profile services must record provenance, propagate consent, and honor requests across destinations.¹⁰ ¹¹ ¹⁵
Which vendors document identity and profile as distinct services?
Adobe Real Time CDP documents Identity Service and Real Time Customer Profile as separate components. Salesforce Data Cloud documents identity resolution and unified profiles with dedicated guidance.⁵ ⁶ ⁸
What metrics prove that identity graphs and CDP profiles are healthy?
Identity precision and recall, link stability, and orphaned identifier rates show graph health. Audience build time, activation latency, and suppression error rates show profile health. Vendors publish controls and processing stages that affect these metrics.⁵ ⁶ ⁸
How do warehouse native patterns reduce risk for Customer Science clients?
Warehouse native and private VPC builds keep identity edges and profile materializations inside your cloud, reduce data movement, and align with privacy by design. Leading identity platforms support secure graph builds in customer VPCs.³ ⁹
Who should own match rules and survivorship policies in the enterprise?
Data governance should own policies with input from marketing, CX, legal, and security. Operational teams implement rules in the identity service and enforce them in the CDP profile layer. Documentation and audit logs must remain accessible to both groups.⁶ ¹²
Sources
Gartner. “Definition of Customer Data Platform.” 2025. Gartner Glossary. https://www.gartner.com/en/marketing/glossary/customer-data-platform
IAB Tech Lab. “Identity Solutions Guidance.” 2024. IAB Tech Lab. https://iabtechlab.com/wp-content/uploads/2024/05/Identity-Solutions-Guidance-FINAL.pdf
LiveRamp. “Identity Engine.” 2025. LiveRamp Documentation. https://docs.liveramp.com/identity/en/identity-engine.html
Segment. “Identity Resolution Overview.” 2025. Segment Documentation. https://segment.com/docs/unify/identity-resolution/
Adobe. “Real Time CDP: Identities and Profiles.” 2024. Adobe Experience League. https://experienceleague.adobe.com/en/docs/experience-platform/rtcdp/identity/identities-overview
Salesforce. “Unify Source Profiles with Identity Resolution.” 2025. Salesforce Help. https://help.salesforce.com/s/articleView?id=data.c360_a_identity_resolution_unify_source_profiles.htm&type=5
Gartner Peer Insights. “Customer Data Platforms Category Overview.” 2025. Gartner. https://www.gartner.com/reviews/market/customer-data-platforms
Salesforce. “Data Modeling Requirements for Identity Resolution.” 2025. Salesforce Help. https://help.salesforce.com/s/articleView?id=sf.c360_a_identity_resolution_data_modeling_requirements.htm&type=5
LiveRamp. “Secure Identity Graph Builds in Remote VPCs.” 2025. LiveRamp Blog. https://liveramp.com/blog/secure-identity-graph-builds-in-remote-virtual-private-clouds/
ICO. “Consent requirements under UK GDPR.” 2025. Information Commissioner’s Office. https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/consent-requirements/
EDPB. “Guidelines 05/2020 on consent under Regulation 2016/679.” 2020. European Data Protection Board. https://www.edpb.europa.eu/sites/default/files/files/file1/edpb_guidelines_202005_consent_en.pdf
Adobe. “How to Use the Real Time CDP UI and Workflow.” 2025. Adobe Experience League Tutorials. https://experienceleague.adobe.com/en/docs/platform-learn/tutorials/rtcdp/understanding-the-real-time-customer-data-platform-user-interface
David Palencia. “Salesforce Data Cloud Identity Resolution.” 2025. davidpalencia.com. https://davidpalencia.com/salesforce-data-cloud-identity-resolution/
GOV.UK. “Data protection in the UK.” 2025. UK Government. https://www.gov.uk/data-protection
California Department of Justice. “California Consumer Privacy Act.” 2024. State of California. https://www.oag.ca.gov/privacy/ccpa