Jul 16, 2026 · 7 min read
Is Customer.io Tracking Your Email? How to Block It
Customer.io email tracking is on for every recipient unless a company turns it off, and most never do. Here is exactly what it logs and how to stop it in Gmail.
A welcome email lands in your inbox, you open it, and somewhere in a dashboard you never see, a workspace admin watches your name move from "sent" to "opened." That is Customer.io email tracking working exactly as designed. It is a messaging platform used by thousands of SaaS products, apps, and ecommerce brands to send onboarding sequences, receipts, and lifecycle campaigns, and by default it tracks whether you opened the email and whether you clicked anything inside it. Here is what Customer.io actually logs when you open one of its emails, what happens the moment you click a link, and how to shut both off inside Gmail.
Key Takeaways
- Customer.io's own documentation describes an "invisible pixel" embedded in messages that fires "when someone opens the email," and the workspace default setting is "Off," meaning open tracking runs for every recipient unless an admin manually changes it.
- Customer.io rewrites every link in a tracked email to route through its own domain, e.customeriomail.com, before forwarding the recipient to the real destination, and appends a
_cio_idparameter that can automatically identify an anonymous website visitor once they land. - Customer.io does offer a genuine consent framework, an opt in or opt out mode tied to a reserved attribute called
cio_email_tracking_consent, but that framework only governs the open pixel; the documentation states click tracking controls are separate and unaffected. - Reporting webhooks push email_opened and email_clicked events in real time, complete with delivery, campaign, and recipient identifiers, so a workspace can pipe your reading behavior straight into another system the moment it happens.
- Gblock blocks the Customer.io tracking pixel before it loads and strips known tracking parameters from links, working inside Gmail the same way it already blocks tracking from Intercom, Braze, and the other platforms covered in this series.
Does Customer.io Track Email Opens?
Yes, by default, for every recipient of a tracked message. Per Customer.io's own documentation on open tracking consent, the platform works by embedding "an invisible pixel" in outbound messages, and "when someone opens the email, the pixel loads, effectively telling us that someone opened the email." That is the standard mechanism behind every email open tracker: a 1x1 image your inbox fetches automatically the instant it renders the message, with no button to press and no dialog asking first.
Customer.io gives workspaces a real choice here, which is more than most platforms offer. The same documentation lays out three modes: "Off," which tracks everyone; "Opt in," which tracks only contacts whose cio_email_tracking_consent attribute is explicitly set to granted; and "Opt out," which tracks everyone except contacts explicitly marked denied. The catch is what the default actually is. Customer.io documents "Off" as the workspace setting name for the mode that tracks everyone, and a company has to actively configure opt in or opt out consent handling for that protection to apply to you. Absent that configuration, your opens get logged the same way they would on any platform without a consent framework at all.
How Does Customer.io Click Tracking Work?
Customer.io rewrites every clickable link in a tracked email so it routes through the company's own infrastructure first. Per Customer.io's help documentation on link tracking, a normal destination link gets converted into a long encoded URL on the domain e.customeriomail.com, something like e.customeriomail.com/e/c/ followed by a token unique to that recipient and that send. Click it, and Customer.io's server logs the click, updates the campaign's click count, and only then redirects your browser to the page you actually meant to visit.
There is a second layer worth knowing about. The same documentation confirms Customer.io automatically appends a _cio_id parameter to tracked links, which lets the destination page identify the specific person who clicked, even if that person has never logged into anything on that site before. That turns an anonymous email click into a resolved identity the moment the landing page loads. Workspaces can disable tracking per link with an untracked class, per message, or workspace wide, but none of those options are things a recipient controls. We cover this same rewrite and redirect pattern in more depth in our guide to email link wrapping and URL rewriting, which walks through why the redirect step matters as much as the pixel does.
What Data Does Customer.io Store About You?
Customer.io logs each open and click as an event tied to your specific recipient record, not as an anonymous aggregate number on a dashboard. Per Customer.io's reporting webhooks reference, an email_opened or email_clicked event fires in real time and carries a timestamp along with delivery, campaign, and recipient identifiers, letting a workspace pipe your activity directly into a CRM, a Slack channel, or a data warehouse the moment it happens rather than waiting on a dashboard refresh.
On the compliance side, Customer.io is more transparent than many vendors in this category. Per the Customer.io GDPR compliance statement, the platform supports data rectification, deletion, and a full audit trail, and it operates separate North America and EU data centers so a company can keep resident data in region. The company's own documentation is also blunt that Customer.io itself is not the one obtaining consent. That responsibility sits with whichever business is sending the email, meaning the open tracking consent framework only protects you if the sender actually turned it on.
Why Email Users Should Care
Customer.io is not spyware and it is not a security vulnerability. It is customer engagement software doing precisely what SaaS companies pay it to do, which is exactly why it slides past every spam filter and antivirus tool built to catch actual threats. Those tools look for malware and phishing kits. They have nothing to say about a lifecycle email platform logging your open timestamp so a product team can trigger the next message in a sequence.
That gap is why a dedicated tracker blocker matters more than a general security suite here. Any product you have signed up for recently, a free trial, a waitlist, a SaaS dashboard, a subscription box, could be sending through Customer.io without you ever seeing its name. Our guide to blocking email tracking in Gmail compares the options across the category if you want the full picture beyond this one platform.
How Do You Block Customer.io Email Tracking in Gmail?
A few approaches work, each with real tradeoffs.
Disable automatic image loading. In Gmail, open Settings, then General, then Images, and select "Ask before displaying external images." This stops most pixels from firing because nothing loads until you approve it. It also hides every legitimate embedded image in every email you get, which gets tedious once your inbox is busy.
Hover before you click. Hovering over a link before clicking reveals the e.customeriomail.com rewrite in your browser's status bar, confirming that click will be tracked. It does nothing about the open pixel itself.
Try a general purpose extension. Ugly Email and PixelBlock were among the first browser extensions built to flag tracked messages inside Gmail, and they remain functional today. Both rely on static, manually maintained domain lists, which is a real limitation against a platform like Customer.io that lets workspaces configure custom tracking subdomains beyond the shared e.customeriomail.com default.
Switch to a privacy focused inbox. Proton Mail and HEY both take more aggressive default stances on remote images and tracking pixels than Gmail does. That is a real option, but it means migrating your entire inbox rather than adding a layer on top of the Gmail account you already use.
Use a dedicated blocker built for Gmail. Gblock runs inside Gmail and intercepts tracking pixel requests before they load, including the infrastructure Customer.io relies on, without hiding legitimate images or requiring you to switch email providers. Its blocklist updates automatically rather than shipping as a fixed list a developer has to manually refresh, which matters against a platform that lets individual workspaces spin up their own tracking subdomains. Gblock also strips known tracking parameters from links, addressing the _cio_id style identification problem that pixel blocking alone does not solve. It is not a defense against phishing or malware, only against the tracking mechanisms themselves, so pair it with normal email hygiene rather than treating it as a full security suite.
The Bottom Line
Customer.io follows the same pixel and rewritten link pattern documented across this series, from Braze to Intercom to SendPulse, with one meaningful difference: it is the rare platform that actually documents a working consent framework instead of pretending the question does not exist. The catch is that framework does not turn itself on, and it does not touch link tracking at all. Until a workspace flips that switch, the mechanism behind your open and click data is identical to every other customer messaging platform in this series. Block the pixel and strip the tracked link, and it stops mattering whose dashboard was waiting to log it.